LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 01-16-2011, 11:13 AM   #16
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600

Quote:
Originally Posted by MisterTickle View Post
Code:
Jan 16 18:52:25 rs238 sshd[10880]: reverse mapping checking getaddrinfo for ptr110.49.dnion.com failed - POSSIBLE BREAK-IN ATTEMPT!
*Jan 16 18:52:25 rs238 sshd[10880]: Invalid user test1 from 122.11.49.110
Ensure root login in /etc/ssh/sshd_config is not possible, (set up your unprivileged account with pubkey auth and without password auth,) ensure fail2ban watches SSH (which it should do by default), add your own IP address or range to the /etc/fail2ban/jail.conf "ignore" variable, restart fail2ban and it take care of the rest.
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 01-16-2011, 11:17 AM   #17
MisterTickle
LQ Newbie
 
Registered: Jan 2011
Posts: 19

Original Poster
Rep: Reputation: 0
Okay should I go along and run the IP tables script? ( I need instructions how to make a script and run it still ) and I installed Atop but, I'm not sure what to use it for or how to run it.

btw so far so good on high CPU issue.

I don't see pubkey auth on the cfg I'm a bit confused on what to do. I want only my IP and toord to be able to access the server but, I woudl like to add IPs every now and than to give other people access for various things and new business partners and so on.

Last edited by MisterTickle; 01-16-2011 at 11:59 AM.
 
Old 01-16-2011, 01:29 PM   #18
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by MisterTickle View Post
I want only my IP and toord to be able to access the server but, I woudl like to add IPs every now and than to give other people access for various things and new business partners and so on.
- Check your /etc/hosts.deny. If it has just one rule reading "ALL: ALL" that is OK. Check your /etc/hosts.allow. Add a line "sshd: n.n.n." where "n.n.n." (don't forget the trailing dot!) is the first three octets of your IP address. So if yours would be "1.2.3.4" you would make it read "sshd: 1.2.3.".
- Open your /etc/ssh/sshd_config and look for the line "PermitRootLogin" and ensure it says "no". Look for lines "AllowUsers" and "AllowGroups" if there are none add them: "AllowUsers toord" and "AllowGroups toord".
- (Later on you can add users and groups to the AllowUsers and AllowGroups directives.)
- (Later on, when we have dealt with pubkey auth, you will set PasswordAuthentication to read "no".)


Quote:
Originally Posted by MisterTickle View Post
I installed Atop but, I'm not sure what to use it for or how to run it.
Most commands you run will have one or more manual pages and often documentation in /usr/share/doc/{applicationname-version}. Get accustomed to reading them to get a clue. Atop starts on boot with /etc/rc.d/init.d/atop, gets restarted daily with /etc/cron.d/atop (/etc/atop/atop.daily) and runs as daemon with a default 10 second interval for taking samples which get logged to /var/log/atop/. The file can be read back and stepped through with 'atop -r /var/log/atop/{file name}'.


Quote:
Originally Posted by MisterTickle View Post
Okay should I go along and run the IP tables script? ( I need instructions how to make a script and run it still ) and
Copy the contents of the script to a file, let's call it "/tmp/iptables.sh", and before the "# End
exit 0" line add a line "sleep 5m && service iptables stop" (w/o quotes) so it reads "# End
sleep 5m && service iptables stop
exit 0". This ensures the script runs and after 5 minutes the firewall is reset, giving you the opportunity to check the log and make adjustments. Now run as 'sudo /bin/bash /tmp/iptables.sh'. Suggestion: if you have a local Linux workstation, or use virtualization (VMware, Qemu, Virtual Box) to install a Linux distribution, you can test things out without harming your server. Highly recommended.
 
Old 01-16-2011, 02:21 PM   #19
MisterTickle
LQ Newbie
 
Registered: Jan 2011
Posts: 19

Original Poster
Rep: Reputation: 0
Quick question:

# Set a 128kbyte/sec rate for authenticated users
local_max_rate=128000

Why did you set it so low? I'm finding uploading my 20 mb gamemode file for my server to be tediously slow and I have a 30 MB upload so I'm used to high speeds.
 
Old 01-16-2011, 08:21 PM   #20
MisterTickle
LQ Newbie
 
Registered: Jan 2011
Posts: 19

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by unSpawn View Post
- Check your /etc/hosts.deny. If it has just one rule reading "ALL: ALL" that is OK. Check your /etc/hosts.allow. Add a line "sshd: n.n.n." where "n.n.n." (don't forget the trailing dot!) is the first three octets of your IP address. So if yours would be "1.2.3.4" you would make it read "sshd: 1.2.3.".
- Open your /etc/ssh/sshd_config and look for the line "PermitRootLogin" and ensure it says "no". Look for lines "AllowUsers" and "AllowGroups" if there are none add them: "AllowUsers toord" and "AllowGroups toord".
- (Later on you can add users and groups to the AllowUsers and AllowGroups directives.)
- (Later on, when we have dealt with pubkey auth, you will set PasswordAuthentication to read "no".)
Well I basically was setting it up and something happened and now I and no one else can access FTP when I updated some files. What can I do? Also my web server is disconnected with my dedi now.

I added All:All to the host denied and I think I just... fuck I'm in deep shit I need to get this fixed before I hit the sack.

Last edited by MisterTickle; 01-16-2011 at 08:30 PM.
 
Old 01-17-2011, 03:07 AM   #21
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by MisterTickle View Post
Well I basically was setting it up and something happened and now I and no one else can access FTP when I updated some files. What can I do? Also my web server is disconnected with my dedi now. I added All:All to the host denied and I think I just... fuck I'm in deep shit I need to get this fixed before I hit the sack.
I'm sorry to hear that but it is unclear to me what steps you took, in what order and what the result was or of there where any error messages. If there is no way to access the machine and if you do not have access to some web-based systems management panel then the only course of action I could think of is to ask your hosting provider to help you out by reversing what changes you made.
 
Old 01-17-2011, 06:26 AM   #22
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Moved: This thread is more suitable in Linux-Server and has been moved accordingly to help your question get the exposure it deserves.
 
Old 01-17-2011, 08:04 AM   #23
MisterTickle
LQ Newbie
 
Registered: Jan 2011
Posts: 19

Original Poster
Rep: Reputation: 0
Okay I got that situation sorted but, Can you addresses this unSpawn?

Quick question:

# Set a 128kbyte/sec rate for authenticated users
local_max_rate=128000

Why did you set it so low? I'm finding uploading my 20 mb gamemode file for my server to be tediously slow and I have a 30 MB upload so I'm used to high speeds.
 
Old 01-17-2011, 03:51 PM   #24
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by MisterTickle View Post
Why did you set it so low?
Let's get things straight and put them in the "right" perspective.
You're operating a server with (hopefully paying) customers.
We're trying to help you deal with the most important performance issues.

So. If I were to prioritize things this issue you're addressing right now would be just a minor nit.
I mean it's not like you can't decide to change the value on your own, right?
 
Old 01-18-2011, 03:26 PM   #25
MisterTickle
LQ Newbie
 
Registered: Jan 2011
Posts: 19

Original Poster
Rep: Reputation: 0
Yeah I have everything setup now and its working great no VSFTPD crashes for 2 days but maillog continues to use 30% of CPU and kdjournal is fairly high and the maillog is just massive its like 80X bigger than all the previous logs from December. I posted a older version of the maillog above but its still doing the same thing for the most part. Its quite a strain and keeping peak times to hit around 80% when they shouldn't get that high. Raised VSFTPS bandwith limit to 3mb/s a sec I hope that alright.

My SQL also tends to raise to like 80% - 100% and now go down without a restart of the service. Sendmail usually shoots back up after a restart though.My SQL takes a tad bit longer

Last edited by MisterTickle; 01-18-2011 at 07:00 PM.
 
Old 01-19-2011, 12:59 AM   #26
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Please reread post #15, my reply to your "Would there be anyway to pinpoint the process?" question, install software as necessary and reply in 24 hours with requested data and system logs attached as plain text file or email me the URI if you make a tarball out of it if it's too large?
 
Old 02-08-2011, 01:21 PM   #27
MisterTickle
LQ Newbie
 
Registered: Jan 2011
Posts: 19

Original Poster
Rep: Reputation: 0
I had to reinstall the dedi for unrelated issues and I noticed

iptables -A INPUT -m state --state NEW -m tcp -p udp --dport 7777 -j ACCEPT

is returning

iptables: Unknown error 4294967295
 
Old 03-26-2011, 08:38 AM   #28
markseger
Member
 
Registered: Jul 2003
Posts: 244

Rep: Reputation: 26
Just saw thing and an earlier comment to collectl. When it comes to process issues, run collectl as a daemon and then play back the log like this:

collectl -p logfilename --top

and it will show the top 10 processes every minutes, sorted by cpu load. You can also change the number of processes displayed or the frequency with which collectl logs the data. You can also change the sort, so if you want to see the top page faulters, or memory users or even i/o users (assuming your kernel is reported i/o stats), you can do that too.

for more help on looking at process stats see "collectl --showsubopts" and look at the process monitoring options.

-mark
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
So - which apps max out your CPU? GTrax Linux - General 13 01-01-2010 04:55 PM
How do i assign max cpu to applications? RonaldUitAlmere Debian 3 05-23-2006 05:44 AM
max % of CPU for one process uselpa Slackware 2 07-30-2005 08:21 AM
Max logins per user (vsftpd) dsgdevil Linux - Software 0 06-14-2004 06:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 03:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration