Disable Console Power Save on Ubuntu

By default Ubuntu console turns off after about 15 minutes of no keyboard commands, regardless of what may be, being displayed at the time. Often it is useful to disable this ‘feature’ on production servers to better monitor the activities being sent to the console, such as errors and logs.

There are two methods of doing this, either per session, or for the whole system.

To disable it for only the current session log in as root run the following command:

setterm -powersave off -blank 0

To disable console blacking for all session on this server and to retain this change after reboot, you will need to start by installing the console-tools packet:

apt-get install console-tools

After you have the console-tools packet installed. To stop the screen blanking both the screen saver (BLANK_TIME) and the power management standby (POWERDOWN_TIME) settings need to be disabled. If these two settings are set to zero (0) in the file /etc/console-tools/config the features will be completely disabled.

Alternatively a local settings file called /etc/console-tools/config.d/disable-blank-console can be created containing the following two lines to achieve the same affect.

POWERDOWN_TIME=0
BLANK_TIME=0

Actually you can name the file anything you want so long as the name consists of only upper/lower case letters, numbers, underscores, and hyphens.

pingdom site status

Today I signed up for pingdom.com. Pingdom.com will continuously ping your site to confirm your site is up and will notify you when there is an outage.  They also give nice status of current speed and other useful information.

They also provide a public status page, see mine at status.mattrude.com for this site.

Response time Report for Website - technology.mattrude.com: Last 30 days
Uptime Report for Website - technology.mattrude.com: Last 30 days

Git: Add all remote branches

Adding each remote branch to a local git repository sometimes can be a pain. IF there are many, you have to repeat your self over and over. Here is a quick, copy and past drop into you console, way to add all the remote branches to your local repository.

for b in `git remote show origin |grep tracked |awk '{print $1}'`
do
    LOCALBRANCH=`git branch |sed 's/* //g' |sed 's/  //g' |grep $b`
    if [ "$LOCALBRANCH" != "$b" ]; then
        git branch -t $b origin/$b
    fi
done

Once your done, you should still be in your original branch were you started. You will still need to update each branch by it self. You may also use something like git-up to update all the branches at once.

RoundCube: Error No [604]

I recently had a client who moved RoundCube to a new server. Since the move they are receiving the below error when they go to their webmail site.

SERVICE CURRENTLY NOT AVAILABLE!
Error No. [604]

After much digging and searching, I wasn’t coming up with much. I finely started walking threw the config file seeing what was enabled and were the different config options were pointing. After some digging I found they had memcache configured for session data. The php-pecl-memcache module wasn’t installed. I installed the module via yum, as it was a Fedora system using the below command.

yum install php-pecl-memcache

Since the config was still pointing at the running memcache server, the site came back up and is now working well again.

Custom WordPress Cron Intervals

Here’s how to have WordPress code execute on a different schedule than the default intervals of hourly, twicedaily, and daily. This specific example is for weekly execution.

<?php

// Add a new interval of a week
// See http://codex.wordpress.org/Plugin_API/Filter_Reference/cron_schedules
add_filter( 'cron_schedules', 'myprefix_add_weekly_cron_schedule' );
function myprefix_add_weekly_cron_schedule( $schedules ) {
	$schedules['weekly'] = array(
		'interval' => 604800, // 1 week in seconds
		'display'  => __( 'Once Weekly' ),
	);

	return $schedules;
}

// Schedule an action if it's not already scheduled
if ( ! wp_next_scheduled( 'myprefix_my_cron_action' ) ) {
	wp_schedule_event( time(), 'weekly', 'myprefix_my_cron_action' );
}

// Hook into that action that'll fire weekly
add_action( 'myprefix_my_cron_action', 'myprefix_function_to_run' );
function myprefix_function_to_run() {
	// Add some code here
}

?>


Taken from Viper007Bond‘s post on How To Create Custom WordPress Cron Intervals.

Building a WordPress Cloud, Cluster Setup

This how-to will explain how to build a WordPress site on 2, 3, or more Rackspace cloud servers, with full load-balancing and redundancy.

To accomplish this, you will setup multiple web-servers and one or more mySQL servers, behind two Rackspace cloud load-balancers. One load-balancer will server all you normal user internet traffic from all the web-servers.  The other load-balancer will server only your secured traffic to your admin sites (Dashboard) from a single, master, server.  You will then set WordPress to only server the admins sites threw a secure connections, this way all uploads will be saved to a single server and may be distributed from there. This also insures that you will be able to see the newly uploaded file, even before it has a chance to propagate to the other servers. The flaw with this configuration is that if the Master server goes down, no posts may be created until the issue is resolved.

The Setup

There are meny different ways we can accomplish this.  Here I am going to show a two server setup, but you can easily expand this into as many servers as you wish.

  • Server1 – Master Database Server, Master Web Server
  • Server2 – Slave Database Server, Slave Web Server or only Slave Web Server

Building Server1

Server1 is our main server, if Server2+went down, the site would still be fully up, just slower.

This How-To assumes your using Fedora hosts for these setup’s.  To start out, we need Apache, php, mySQL installed on the server.

SQLite basics

Using SQLite

  • To open a SQLite database.
sqlite3 /path/to/database/file
  • Show the tables in a database
.tables
  • To Exit SQLite
.quit

PHP & SQLite

Connect to the database

try{
$dbHandle = new PDO('sqlite:/var/www/lighttpd/noc/emailserver_stat.sqlite');
}catch( PDOException $exception ){
echo "Can NOT connect to database";
die($exception-&gt;getMessage());
}

Create a table if it doesn’t exist

$sqlCreateTable = 'CREATE TABLE status (date date NOT NULL default \'0000-00-00\', item varchar(255) NOT NULL, value varchar(255) NOT NULL)';
$dbHandle-&gt;exec($sqlCreateTable);

List the conent of a table

$search_date = "2009-02-11";
$sqlGetView = 'SELECT * FROM status WHERE date = "'.$search_date.'"';
$result = $dbHandle-&gt;query($sqlGetView);
echo "&lt;table border='1'&gt;";
 while ($entry = $result-&gt;fetch()) {
    echo "&lt;tr&gt;&lt;td&gt; " . $entry['value'] . "&lt;/td&gt;&lt;td&gt;" . $entry['item']. "&lt;/td&gt;&lt;/tr&gt;";
 } echo "&lt;/table&gt;";

Display a single value from a table

$search_date = "2009-02-11";
$sqlGetView = 'SELECT value FROM status WHERE item = \'connections\' AND date = "'.$search_date.'"';
$result = $dbHandle-&gt;query($sqlGetView);
$pageView = $result-&gt;fetch();
$connections = $pageView['value'];echo "$search_date
";
echo 'Number Of Connections: '.$connections.'
';

Moving to the new Rackspace Load balancer

Recently I have moved this site and others to a new load balancer solution by Rackspace (the company who also hosts the servers these sites run on).

Prior to this change, I was running a single 1024mb ram/40gb server, with this change I am now running two, fully master/master mirror 512mb/20gb servers, so the threw put should be a bit faster since there is now two.

I will hold my breath and let you know how it goes.

Setting up a VPN Tunnel between Two Linksys RV042

This article is one in a series to assist in the setup, troubleshooting, and maintenance of Cisco Small Business products (formerly Linksys Business Series).

  • Q. How do I set-up a VPN Tunnel on Two Linksys Routers?
  • A. A Virtual Private Network (VPN) is a connection between two endpoints – VPN Routers, for instance – in different networks that allows private data to be sent securely over a shared or public network, such as the Internet. A private network, that sends data securely between these two locations or networks, is established by creating a tunnel. A VPN tunnel connects two PCs or networks and allows data to be transmitted over the Internet as if the endpoints were within a network. Not a literal tunnel, it is a connection secured by encrypting the data sent between the two networks.

This article explains the four steps required to set up a VPN tunnel using two Linksys routers and also contains a VPN overview. Select a link below to go directly to a section:

  • VPN Overview
  • Verify the VPN Settings on Both Routers
  • Configure VPN Tunnel Settings on Router A
  • Configure VPN Tunnel Settings on Router B

VPN Overview

The IPSec protocol suite itself is designed to support multiple modes of operation for securing communications over an Internet Protocol network. A VPN tunnel between two routers interconnected via the Internet is just one of the supported modes. A VPN tunnel of this type provides the following services to the network:

  • Privacy – Encryption of the traffic (both the Protocol Headers and the Payload) such that it can not be read by entities other than those for which it is intended.
  • Integrity – Validation that the traffic is not modified along the transport path between the tunneling devices.
  • Authentication – Ensuring that the end point devices (the routers) are the correct trusted sources.
  • Anti-replay – Ensuring that the sessions are secure from replay attacks by intermediary devices.

These services are enabled by the administrator at initial configuration time by specific parameter selections from among the available cryptographic protocols which ensure secure packet flows and mutual device authentication. The means by which IPSec creates a secure tunnel is by the creation of a Security Association (SA) between the two devices being configured. The SA is nominally the list of selections that define the parameters for Encryption and Authentication that the administrator has chosen for this particular tunnel configuration.

The SA defines the encryption algorithms and cryptographic keys which are used to encode and decode the traffic and which capabilities of Internet Key Exchange (IKE – the protocol used to setup the SA) are used to manage those keys. As there are many options, both sides of the communication must agree on the parameters used to setup the SA (meaning that both routers must have the same configuration parameters selected). IKE happens in 2 phases. In phase 1 a secure, authenticated communication channel (called an IKE SA) between the two devices is created such that the key exchange required to setup IPSec (and the IPSec SA) can be executed in Phase 2.

Parameters to be selected include:

  • Keying Mode – Whether the actual encryption keys are to be entered manually by administrator (Manual) or automatically defined {and periodically changed} by the devices, but the administrator will enter a pre-shared “initialization” key which must be entered on both devices (IKE with Pre-Shared Key). IKE with Preshared Key is more secure and is recommended if supported by both end devices (both routers).
  • Phase 1 (or 2) DH Group – What key exchange protocol Group and corresponding key length are to be used in each Phase:
    o Group 1 (768 bits)
    o Group 2 (1024 bits)
    o Group 5 (1536 bits).

    Shorter lengths should be faster, but longer lengths are more secure. Select a Group according to your administrative preference.

  • Phase 1 (or 2) Encryption – Which of the available standard encryption methods are to be used in each Phase. Typical options include:
    o Data Encryption Standard (DES) – 56 bit keys, proven to be susceptible to brute force attacks and was replaced by 3DES
    o Triple Data Encryption Standard (3DES) -192 bits, subsequently replaced by AES
    o Advanced Encryption Standard (AES)

    In general, AES is generally faster in software and should be selected if available. Otherwise 3DES is recommended (if supported by both devices).

  • Phase 1 (or 2) Authentication – Which Authentication method is going to be used to ensure that the traffic has not been altered. Typically available options include:
    o Message Digest 5 (MD5)
    o Security Hash Algorithm (SHA)

    SHA is more secure and should be used if available.

  • Phase 1 (or 2) SA Life Time – The length of time (seconds) that the SA can remain active in each phase. The default is 28,800 seconds (eight hours).
  • Perfect Forward Secrecy – PFS nominally means that encryption keys are single use, such that if one key is broken that key can not be used to break subsequence or previous keys in the stream.
  • Preshared Key – The character-based or hexadecimal-based value which is defined by the administrator and which is used as the pre-shared initialization key for IKE.

Note: This type of tunnel configuration between two network devices (routers) creates a Routed IP subnetwork, meaning that the packets that cross the tunnel between the sites must be IP routed (at layer-3, not bridged at layer-2) across the network.

Fundamentally, this means that it is required that:

  • Each site must have its own unique IP subnetwork address on its LAN interface(s) (i.e. 192.168.1.x for site 1, 192.168.2.x for site 2, …). Specifically the same subnetwork address (such as 192.168.1.x) may NOT be used in more than one site.
  • Each device must be configured not only with its local LAN subnetwork address, but also with knowledge of the LAN addressing used in the remote site.
  • Each device must be configured with information that allows the device to determine the WAN IP address of the remote site:
    • WAN IP addresses may be manually determined by the administrator when setting up the remote site by noting the WAN address that is either statically configured by the administrator (the address is actually assigned by the ITSP) or dynamically learned by the device from the ITSP’s DHCP service.
      Note: In this scenario, if the remote device’s IP address changes (for example a reboot and new DHCP assignment) then the IPSec configuration on the local device will no longer work (as the remote device’s address has been changed and is currently unknown).
    • Alternatively, WAN IP addresses for remote devices may be dynamically determined by having the remote device report any update to its configured WAN IP address by use of Dynamic-DNS. By enabling D-DNS on a device, when it learns its WAN IP address (either manually configured or DHCP assigned) it causes the Internet’s DNS system to be updated with its new IP address. D-DNS enables a Domain Name to IP address mapping so that any device (such as the local router) may determine the current IP address for a remote device by doing a DNS query based upon the Name of the remote device (for example ‘www.abc.com’). Therefore, the remote device must be enabled for D-DNS and the local device must be configured to resolve the WAN IP address for the remote device by use of the DNS system.

Verify Internet Connection

Before connecting to a VPN tunnel, be sure you have an active Internet connection allowing the two routers to communicate. When you’ve verified your Internet connection, follow the instructions below to verify the VPN settings on the routers.

Verify the VPN Settings on Both Routers

Successfully configuring a VPN tunnel requires specific settings. Here’s how.

Step 1:
Access the router’s web-based setup page. For instructions, click here.

Step 2:
Select the System Summary tab and review the Network Setting Status.

On Router A Network Setting Status:

  • WAN1 IP address is Router B’s Remote Security Gateway IP
  • LAN IP address is Router A’s Local Security Group
  • LAN IP address is also Router B’s Remote Security Group IP


On Router B Network Setting Status:

  • WAN1 IP address is Router A’s Remote Security Gateway IP
  • LAN IP address is Router B’s Local Security Group
  • LAN IP address is also Router A’s Remote Security Group IP

Step 3:
Make sure the Local IP Addresses of the two routers are different. Remember the Local IP Address of Router A will be Router B’s Remote Security Group.

In this example, we will use the following

Step 4:
After verifying the VPN settings on both routers, configure the VPN Tunnel settings on Router A.

Configure VPN Tunnel Settings on Router A

Step 1:
Access the router’s web-based setup page. For instructions, click here.

Step 2:
When the router’s web-based setup page appears, select the VPN tab, and then select the Gateway to Gateway sub tab.

Step3:
In the Tunnel Name field, enter a name for this tunnel. (In this example “TestTunnel ” was used.)

Step 4:
In the Local Group Setup section:

  • Select a Local Security Group Type (Subnet, IP Addr, or IP Range) from the drop down menu.
  • In the IP address field, enter the Local IP address of your router. (In this example 192.168.1.0 was used.)
  • In the Subnet Mask field, enter the Subnet Mask of your router.(In this example 255.255.255.0 was used.)
  • Local Security Gateway IP address will be generated automatically. (In this example, it is 22.15.160.53.)

Step 5:
In the Remote Group Setup section:

  • Select a Remote Security Group Type (Subnet, IP Addr, or IP Range) from the drop down menu.
  • Enter the appropriate values of the remote router In the IP Address and Subnet Mask fields. (In this example, we selected Subnet, and entered 192.168.2.0 for the IP address and 255.255.255.0 for the Subnet Mask.)
  • Select a Remote Security Gateway Type (IP Addr, FQDN, or Any) from the drop down menu.
  • Enter the WAN/Internet IP address of the remote router in the Remote Group Setup IP Address field. (In this example 10.100.16.60 was used.)

Step 6:
In the IPSec Setup section:

  • Select IKE with PreShared key from the Keying Mode drop down menu.
  • Select the encryption level you wish to enable from the Phase1 Encryption and Phase2 Encryption drop down menus. (In this example we used DES.)
  • Select the authentication mode you wish to enable from the Phase1 Authentication and Phase2 Authentication drop down menus. (In this example we used MD5.)
  • Check the box next to Perfect Forward Secrecy (PFS) to enable. This will ensure that the initial key exchange and IKE proposals are secured.
  • Enter the key you want to enable in the Preshared Key field. (In this example “MyKey” was used.)
  • Enter the key expiration period in the Phase1 SA Life Time and Phase2 SA Life Time fields. (In this example “28800” was used for Phase1, “3600” was used for Phase2.)

Note: The following fields must be the same on both routers:

  • Phase1 Encryption
  • Phase2 Encryption
  • Phase1 Authentication
  • Phase2 Authentication
  • Preshared Key
  • Phase1 SA Life Time
  • Phase2 SA Life Time

Step 7:
Select Save Settings and then configure the settings on Router B.

Configure VPN Tunnel Settings on Router B

Step 1:
Access the router’s web-based setup page. For instructions, click here.

Step 2:
When the router’s web-based setup page appears, select the VPN tab, and then select the Gateway to Gateway sub tab.

Step3:
In the Tunnel Name field, enter a name for this tunnel. (In this example “TestTunnel ” was used.)

Step 4:
In the Local Group Setup section:

  • Select a Local Security Group Type (Subnet, IP Addr, or IP Range) from the drop down menu.
  • In the IP address field, enter the Local IP address of your router. (In this example 192.168.2.0 was used.)
  • In the Subnet Mask field, enter the Subnet Mask of your router. (In this example 255.255.255.0 was used.)
  • Local Security Gateway IP address will be generated automatically. (In this example, it is 10.100.16.60.)

Step 5:
In the Remote Group Setup section:

  • Select a Remote Security Group Type (Subnet, IP Addr, or IP Range) from the drop down menu.
  • Enter the appropriate values of the remote router In the IP Address and Subnet Mask fields. (In this example, we selected Subnet, and entered 192.168.1.0 for the IP address and 255.255.255.0 for the Subnet Mask.)
  • Select a Remote Security Gateway Type (IP Addr, FQDN, or Any) from the drop down menu.
  • Enter the WAN/Internet IP address of the remote router in the Remote Group Setup IP Address field. (In this example 22.15.160.53 was used.)

Step 6:
In the IPSec Setup section:

  • Select IKE with PreShared key from the Keying Mode drop down menu.
  • Select the encryption level you wish to enable from the Phase1 Encryption and Phase2 Encryption drop down menus. (In this example we used DES.)
  • Select the authentication mode you wish to enable from the Phase1 Authentication and Phase2 Authentication drop down menus. (In this example we used MD5.)
  • Check the box next to Perfect Forward Secrecy (PFS) to enable. This will ensure that the initial key exchange and IKE proposals are secured.
  • Enter the key you want to enable in the Preshared Key field. (In this example “MyKey” was used.)
  • Enter the key expiration period in the Phase1 SA Life Time and Phase2 SA Life Time fiel ds. (In this example “28800” was used for Phase1, “3600” was used for Phase2.)

Note: The following fields must be the same on both routers:

  • Phase1 Encryption
  • Phase2 Encryption
  • Phase1 Authentication
  • Phase2 Authentication
  • Preshared Key
  • Phase1 SA Life Time
  • Phase2 SA Life Time

Step 7:
Select Save Settings.

Step 8
Select the Summary sub tab under the VPN tab and then select the Connect button to establish the tunnel.