≡ Menu

Troubleshooting

Test and Troubleshoot Chrooted Apache Jail

This is 3rd and the final installment for Apache Chroot Jail for CentOS / RHEL series. Once Apache is configured with mod_chroot, you may need to test and debug problems. This article will provide a few troubleshooting tips.
[click to continue…]

Every IT shop has a mix of Windows and Linux system. Sometime you need to authenticate your Linux desktop system against Microsoft Active Directory service. You can save time, effort and IT infrastructure by sharing authentication server. This article explains how to setup the Linux desktop computers with Active Directory using Samba and winbind.

From the article:
Starting with Windows 2000, Microsoft moved from NTLM to Active Directory and its integrated Kerberos authentication services. Kerberos was considerably more secure than NTLM, and it scaled better, too. And Kerberos was an industry standard already used by Linux and UNIX systems, which opened the door to integrating those platforms with Windows.

Most Linux distributions come with several PAM authentication modules, including modules that support authentication to an LDAP directory and authentication using Kerberos. You can use these modules to authenticate to Active Directory, but there are some significant limitations, as I will discuss later in this article.

=> Authenticate Linux Clients with Active Directory

Nagios: System and Network Monitoring Book

Nagios is a popular open source computer system and network monitoring application software. You can easily monitor all your hosts, network equipment and services. It can send alert when things go wrong and again when they get better.

The convenience and reliability that monitoring programs offer system administrators is astounding. Whether at home, commuting, or on vacation, admins can continuously monitor their networks, learning of issues long before they become catastrophes.

Nagios, the most popular open source solution for system and network monitoring, is extremely robust, but it's also intensely complex. This eagerly anticipated revision of the highly acclaimed Nagios: System and Network Monitoring, has been updated to address Nagios 3.0 and will help readers take full advantage of the many powerful features of the new version. Ethan Galstad, the main developer of Nagios, called the first edition of Nagios "incredibly detailed." He went on to say, "I don't think I could have gone into that much detail if I wrote a book myself."

Nagios, which runs on Linux and most *nix variants, can be configured to continuously monitor network services such as SMTP, POP3, HTTP, NNTP, SSH, and FTP. It can also supervise host resources (processor load, disk and memory usage, running processes, log files, and so on) and environmental factors, such as temperature and humidity. Readers of Nagios learn how to:

  • Install and configure the Nagios core, all standard plugins, and selected third-party plugins
  • Configure the notification system
  • Program event handlers to take automatic action when trouble occurs
  • Write Perl plugins to customize Nagios for unique system needs
  • Quickly understand Nagios data using graphing and visualization tools
  • Monitor Windows servers, SAP systems, and databases

This dense, all-inclusive guide to Nagios also contains a chapter that highlights the differences between Nagios versions 2 and 3 and gives practical migration and compatibility tips. Nagios, 2nd Edition is a key resource for any system and network administrator and will ease the pain of network monitoring migraines in no time.

Wolfgang Barth has written several books for professional network administrators, including The Firewall Book (Suse Press), Network Analysis (Suse Press), and Backup Solutions with Linux (Open Source Press). He is a professional system administrator with considerable experience using Nagios.

Book Info

  • Title: Nagios: System and Network Monitoring, 2nd Edition
  • Author: Wolfgang Barth
  • Pub Date: October 2008, 720 pp
  • ISBN 9781593271794, $59.95 USD
  • Download free chapter 18: "NagVis" (PDF)
  • Order info: order@oreilly.com // 1-800-998-9938 // 1-707-827-7000
  • Support nixCraft: Order Nagios: System and Network Monitoring from Amazon.

Lighttpd: Enable IPv6 Support

Lighttpd supports both IPv6 and IPv4 protocol out of box. You need to compile lighttpd with IPv6 support. The server.use-ipv6 option bind to the IPv6 socket. You need to bind to both IPv6 and IPv4 using the following syntax.

First, see compile-time features (find out if IPv6 is enabled or not), enter:
# lighttpd -V
Sample output:

Build-Date: Sep 30 2008 06:18:08
Event Handlers:
	+ select (generic)
	+ poll (Unix)
	+ rt-signals (Linux 2.4+)
	+ epoll (Linux 2.6)
	- /dev/poll (Solaris)
	- kqueue (FreeBSD)
Network handler:
	+ sendfile
Features:
	+ IPv6 support
	+ zlib support
	+ bzip2 support
	+ crypt support
	+ SSL Support
	+ PCRE support
	- mySQL support
	- LDAP support
	- memcached support
	- FAM support
	- LUA support
	- xml support
	- SQLite support
	- GDBM support

You must see + IPv6 support enabled. If not recompile lighttpd with IPv6 support. Once compiled open lighttpd.conf file:
# vi lighttpd.conf
To enable IPV6 and IPV4 together, enter:

server.use-ipv6 = "enable"
server.port = 80
$SERVER["socket"] == "0.0.0.0:80" {
# add your stuff
#
}

Save and close the file. Restart lighttpd:
# service lighttpd restart

Above config is only useful if you want to use all available IPv4 and IPv6 address. Following configuration will bind IPv4 to 202.54.1.10 and IPv6 to address:
Open lighttpd.conf setup main server IP address as follows:

server.port = 80 
server.bind = "202.54.1.10"

Below that add IPv6 config as follows:

$SERVER["socket"] == "[2001:470:1f04:55a::2]:80" {
   # ...
   # your rest of config for ipv6 host
   # ...
}

Here is my sample config file with IPv4 and IPv6 dual stack enabled:

server.modules              = (
                               "mod_redirect",
                               "mod_alias",
                               "mod_rewrite",
                               "mod_expire",
                               "mod_access",
                               "mod_auth",
                               "mod_status",
                               "mod_fastcgi",
                               "mod_accesslog",
                               "mod_compress"
)
 
server.errorlog            = "/var/log/lighttpd/error.log"
accesslog.filename         = "/var/log/lighttpd/access.log"
index-file.names            = ( "index.php", "index.html", "index.htm", "default.htm" )
server.tag                 = "lighttpd"
 
# FastCGI php5
fastcgi.map-extensions = ( ".html" => ".php" )
fastcgi.server    = ( ".php" =>
        ((
                "bin-path" => "/usr/bin/php-cgi",
                "socket" => "/tmp/php-cgi.socket",
                "max-procs" => 4,
                "idle-timeout" => 30,
                "bin-environment" => (
                        "PHP_FCGI_CHILDREN" => "10",
                        "PHP_FCGI_MAX_REQUESTS" => "20000"
                ),
                "bin-copy-environment" => (
                        "PATH", "SHELL", "USER"
                ),
                "broken-scriptfilename" => "enable"
        ))
)
 
include "mimetype.conf"
 
server.document-root = "/home/lighttpd/example.com/http"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "lighttpd"
server.groupname = "lighttpd"
 
# Turn on IPv4 config
server.port = 80 
server.bind = "202.54.1.10"
 
server.error-handler-404 = "/index.php?error=404"
 
### IPv6 Config ###
# Note only log file name changed
$SERVER["socket"] == "[2607:f0d0:1002:11::5]:80" {
	accesslog.filename         = "/var/log/lighttpd/ipv6.access.log"
	server.document-root = "/home/lighttpd/example.com/http"
	server.error-handler-404 = "/index.php?error=404"
}

It appears that latest php version 5.1.6-20.el5_2.1 under RHEL / CentOS Linux v5.2 has made some major changes. As a result choort jail setup using previous instructions no longer works.

PHP is crashing with segmentation fault errors. So I had to trace php errors using strace command. After spending couple of hours I found solution for following errors:

Sep 15 03:26:59 lightyproxy kernel: php-cgi[19106]: segfault at 0000003151c1b4b8 rip 0000003151e98477 rsp 00007fff9ecdde20 error 6
Sep 15 03:26:59 lightyproxy kernel: php-cgi[19107]: segfault at 0000003151c1b4b8 rip 0000003151e98477 rsp 00007fff9ecdde20 error 6
Sep 15 03:26:59 lightyproxy kernel: php-cgi[19108]: segfault at 0000003151c1b4b8 rip 0000003151e98477 rsp 00007fff9ecdde20 error 6
Sep 15 03:26:59 lightyproxy kernel: php-cgi[19110]: segfault at 0000003151c1b4b8 rip 0000003151e98477 rsp 00007fff9ecdde20 error 6
WARNING! These examples / workaround is only for RHEL / CentOS 5.2 and not for Debian / Ubuntu / FreeBSD lighttpd chroot instructions.

You need to copy entire /etc/ and /usr/share/zoneinfo/ to jail. If your jail is located at /jail directory enter following commands:
# service lighttpd stop
# D=/path/to/chroot/jail
# mkdir /root/jail.etc
# /bin/cp -avr $D/etc/* /root/jail.etc
# /bin/cp -avr /etc/* $D/etc/

Copy back original customized files such as passwd, group, php.ini :
# cp -avr /root/jail.etc/* $D/etc/
Now copy /usr/share/zoneinfo/:
# cd $D/usr/share
# cp -avr /usr/share/zoneinfo/ .

Copy all latest php-cgi and all extensions to $D
# cd $D/usr/bin
# cp /usr/bin/php-cgi .
# l2chroot php-cgi

Copy php modules (for 64 bit use $D/usr/lib64):
# cd $D/usr/lib/
# cp -avr /usr/lib/php/ .
# cd php/modules
# for l in *.so; do l2chroot $l; done

Start lighttpd:
# service lighttpd start
This should fix all errors. Watch /var/log/messages for php errors:
# tail -f /var/log/messages

Install Linux on Fujitsu Siemens ESPRIMO E5720

I was trying to install Redhat ( RHEL 5) / CentOS 5 server on a Fujitsu Siemens ESPRIMO E5720 and got problem with the installer.

The base resolution for CentOS / RHEL Linux 5 is 800x600x32, which requires 2MB video memory. In order to boot or install Linux on the Fujitsu Siemens ESPRIMO E5720, set the reserved amount of video RAM to 8MB in BIOS.

You also need to add pci=nommconf parameter to grub.conf boot option file. While installing Linux on Fujitsu Siemens ESPRIMO E5720, you need to type the following at a boot prompt (excluding boot: word itself):
boot: linux pci=nommconf
Once server is installed, edit /etc/grub.conf or /boot/grub/grub.conf and append pci=nommconf at the end of kernel line:

title Red Hat Enterprise Linux Server (2.6.18-128.el5)
	root (hd0,0)
	kernel /vmlinuz-2.6.18-128.el5 ro root=LABEL=/ console=tty0 console=ttyS1,19200n8 pci=nommconf
	initrd /initrd-2.6.18-128.el5.img

According to wikipedia:

A segmentation fault occurs when a program attempts to access a memory location that it is not allowed to access, or attempts to access a memory location in a way that is not allowed (for example, attempting to write to a read-only location, or to overwrite part of the operating system).

Usually signal #11 (SIGSEGV) set, which is defined in the header file signal.h file. The default action for a program upon receiving SIGSEGV is abnormal termination. This action will end the process, but may generate a core file (also known as core dump) to aid debugging, or perform some other platform-dependent action. A core dump is the recorded state of the working memory of a computer program at a specific time, generally when the program has terminated abnormally.

Segmentation fault can also occur under following circumstances:

a) A buggy program / command, which can be only fixed by applying patch.

b) It can also appear when you try to access an array beyond the end of an array under C programming.

c) Inside a chrooted jail this can occur when critical shared libs, config file or /dev/ entry missing.

d) Sometime hardware or faulty memory or driver can also create problem.

e) Maintain suggested environment for all computer equipment (overheating can also generate this problem).

Suggestions to debug Segmentation Fault errors

To debug this kind of error try one or all of the following techniques :

  • Use gdb to track exact source of problem.
  • Make sure correct hardware installed and configured.
  • Always apply all patches and use updated system.
  • Make sure all dependencies installed inside jail.
  • Turn on core dumping for supported services such as Apache.
  • Use strace which is a useful diagnostic, instructional, and debugging tool.
  • Google and find out if there is a solution to problem.
  • Fix your C program for logical errors such as pointer, null pointer, arrays and so on.
  • Analyze core dump file generated by your system using gdb

Further readings:

Please add your suggestions and debugging techniques in the comment below.