Below are some errrors that are appearing in the /var/log/messages of a server:

kernel: EDAC MC0: CE page 0x4eea2, offset 0xe80, grain 128, syndrome 0x8f, row 0, channel 0, label "": i3000 CE
kernel: EDAC MC0: CE page 0x4eea2, offset 0xc80, grain 128, syndrome 0x23, row 0, channel 0, label "": i3000 CE
kernel: EDAC MC0: CE page 0x4eea2, offset 0xf00, grain 128, syndrome 0x8f, row 0, channel 0, label "": i3000 CE
kernel: EDAC MC0: CE page 0x4eea2, offset 0xc80, grain 128, syndrome 0x8f, row 0, channel 0, label "": i3000 CE
kernel: EDAC MC0: CE page 0x4eea2, offset 0xd80, grain 128, syndrome 0x8f, row 0, channel 0, label "": i3000 CE
kernel: EDAC MC0: CE page 0x4eea2, offset 0xc00, grain 128, syndrome 0x23, row 0, channel 0, label "": i3000 CE

kernel: EDAC MC0: CE page 0x4eea2, offset 0xe80, grain 128, syndrome 0x8f, row 0, channel 0, label "": i3000 CE
kernel: EDAC MC0: CE page 0x4eea2, offset 0xf00, grain 128, syndrome 0x8f, row 0, channel 0, label "": i3000 CE

Mytop has started to break recently when upgrading from RHEL or CentOS 5.x to 5.3. It appears that some of the perl modules have change.d

There error is:
#mytop
Error in option spec: "long|!"

The fix for this is to edit the mytop script and comment out the line containing long|!

pico /usr/bin/mytop

Run a search for long|! and comment out the following line:

"long|!" => \$config{long_nums},

Start mytop and you should be fine!

While directly logging into a server as root is certainly easy it is not the best choice from a security standpoint. Disabling direct root logins is not something that instantly makes a server impervious but it does help fight against petty brute force script kiddies. There are two options when disabling direct root login, one is to have them completely disabled and the other is to have it only with an ssh key. Make SURE that you add another user you can ssh into. If you are using cPanel use WHM --> Manage wheel users and add your user. Once logging in you can do "su -" you will gain full root access and be able to do your normal administrative commands. Make sure you use su - and not simply su, without the - you will not be on the root path and not have access to all commands.



First open up the ssh config:

nano /etc/ssh/sshd_config

PermitRootLogin

I wrote up a quick guide to setting up NFS awhile back but never published it. It is not exactly a nice and clean format but it is exactly what you need to be reading if you want a quick way to setup NFS between two servers. For the purpose of the guide I have added directions for the APF firewall, obviously anything else will work fine.

This is another one of my quick mini-guides for how to install Xcache php optimizer. We have found this to work very nicely on servers and can even work with zend and eaccelerator if you require both. We have found no stability issues with 1.2.1 and run it on several very large and important servers.



Download the source and start to compile:

cd /usr/local/src/
wget http://xcache.lighttpd.net/pub/Releases/1.2.1/xcache-1.2.1.tar.gz
tar -zxf xcache-1.2.1.tar.gz
cd xcache-1.2.1

Next we have to run phpize, if it is not in a standard location you will need to do the full path. The configure may also require additional options if your php-config binary is not on the bin path.


phpize
./configure

make
make install

ln -s /usr/local/lib/php/extensions/no-debug-non-zts-20020429/xcache.so /usr/local/php5//lib/php/extensions/no-debug-non-zts-20060613/xcache.so

Hi all,

When creating a .tar.gz file is thier any way , command , option To creat a password for that file ?

It seems that Cpanel is not updating LogWatch automatically, so it was time to do it by hand. Just follow these easy steps and your all set.

1) Login to your server as root, go to root-folder:

cd /root

----------------------------------------------------

2) Remove existing Logwatch by typing:

rpm -e logwatch

----------------------------------------------------

3) Download latest stable logwatch (please note, later on you have to check for the latest version from LogWatch website, www2.logwatch.org)

wget ftp://ftp.kaybee.org/pub/redhat/RPMS/noarch/logwatch-7.3-1.noarch.rpm

----------------------------------------------------

4) Install LogWatch with the following command:

rpm -i logwatch-7.3-1.noarch.rpm

----------------------------------------------------

5) Edit the LogWatch configuration file:

nano -w /usr/share/logwatch/default.conf/logwatch.conf

A) Scroll down to:

MailTo = root

and replace root with your email address.

hi all ,

Is there any Idea to set acustom permissions for a group in the system ??

ie: set acustom permission for the group (nobody) making them only can excuting files or read only or cannot read etc..

waiting

Ahmed,

I just noticed www.dnsreport.com seems to have new check: it checks for open DNS server. This is how you check:

1) Go to http://www.dnsreport.com/tools/dnsreport.ch?domain=mydomain.com
2) Check for BIG RED "FAIL" (7th box, going down from up) saying "Open DNS servers".

If you see the message, you can correct it the following way:

1) login to your server as root
2) nano -w /etc/named.conf (if you are running Bind)
3) Look for // query-source address * port 53; and right below write the following line:

recursion no;

4) Save and exit, restart Bind by typing service named restart
5) Check DNSReport.com to make sure it went right. You should not see the error message anymore.

If you run something else than Bind then please check http://www.dnsreport.com/info/opendns.htm for instructions.

For who have recently notice that now DNSreport do verify if your DNS is recursive lookup or not, here is the tip on how to set it up.

open you named.conf and add before options { the follow lines:

acl "trusted" {
xxx.xxx.xxx.xxx;
yyy.yyy.yyy.yyy;
};

where xxx.xxx.xxx.xxx is your ip address same for yyy.yyy.yyy.yyy.
for cpanel users, you can find yours ips in the follow file: /etc/nameserverips

after that, inside the options add after the line "// query-source address * port 53;" the follow:
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

also uncomment the line "// query-source address * port 53;" "to query-source address * port 53;" with out the " (double-quotes).

restart your service.

Verify again your status with DNSreport.

Observation: you can also set up a version line it should be like:
version "Oh come on why do you want to know witch version my DNS server is ?";

this line can be add iside your named.conf

There are many different backup solutions that we can deploy for you to ensure they your data is safe. They start at the cheaper options and go up, depending on what level of paranoia you have will determine which you should go with. Each of them has their own advantages and disadvantages. Regardless of the option that you choose it is always advisable to download the site to your local computer occasionally, especially if the site contains very important information. This information was originally for use with Total Server Solutions but it is a good general guide for people thinking about backups.