Posts Tagged ‘value’

« Older Entries

‘host-name’ is blocked because of many connection errors; unblock with ‘mysqladmin flush-hosts’

Sunday, May 20th, 2012

My home run machine MySQL server was suddenly down as I tried to check my blog and other sites today, the error I saw while trying to open, this blog as well as other hosted sites using the MySQL was:

Error establishing a database connection

The topology, where this error occured is simple, I have two hosts:

1. Apache version 2.0.64 compiled support externally PHP scripts interpretation via libphp – the host runs on (FreeBSD)

2. A Debian GNU / Linux squeeze running MySQL server version 5.1.61

The Apache host is assigned a local IP address 192.168.0.1 and the SQL server is running on a host with IP 192.168.0.2

To diagnose the error I've logged in to 192.168.0.2 and weirdly the mysql-server was appearing to run just fine:
 

debian:~# ps ax |grep -i mysql
31781 pts/0 S 0:00 /bin/sh /usr/bin/mysqld_safe
31940 pts/0 Sl 12:08 /usr/sbin/mysqld –basedir=/usr –datadir=/var/lib/mysql –user=mysql –pid-file=/var/run/mysqld/mysqld.pid –socket=/var/run/mysqld/mysqld.sock –port=3306
31941 pts/0 S 0:00 logger -t mysqld -p daemon.error
32292 pts/0 S+ 0:00 grep -i mysql

Moreover I could connect to the localhost SQL server with mysql -u root -p and it seemed to run fine. The error Error establishing a database connection meant that either something is messed up with the database or 192.168.0.2 Mysql port 3306 is not properly accessible.

My first guess was something is wrong due to some firewall rules, so I tried to connect from 192.168.0.1 to 192.168.0.2 with telnet:
 

freebsd# telnet 192.168.0.2 3306
Trying 192.168.0.2…
Connected to jericho.
Escape character is '^]'.
Host 'webserver' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'
Connection closed by foreign host.

Right after the telnet was initiated as I show in the above output the connection was immediately closed with the error:

Host 'webserver' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'Connection closed by foreign host.

In the error 'webserver' is my Apache machine set hostname. The error clearly states the problems with the 'webserver' apache host unable to connect to the SQL database are due to 'many connection errors' and a fix i suggested with mysqladmin flush-hosts

To temporary solve the error and restore my normal connectivity between the Apache and the SQL servers I logged I had to issue on the SQL host:

mysqladmin -u root -p flush-hostsEnter password:

Thogh this temporar fix restored accessibility to the databases and hence the websites errors were resolved, this doesn't guarantee that in the future I wouldn't end up in the same situation and therefore I looked for a permanent fix to the issues once and for all.

The permanent fix consists in changing the default value set for max_connect_error in /etc/mysql/my.cnf, which by default is not too high. Therefore to raise up the variable value, added in my.cnf in conf section [mysqld]:

debian:~# vim /etc/mysql/my.cnf
...
max_connect_errors=4294967295

and afterwards restarted MYSQL:

debian:~# /etc/init.d/mysql restart
Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..

To make sure the assigned max_connect_errors=4294967295 is never reached due to Apache to SQL connection errors, I've also added as a cronjob.

debian:~# crontab -u root -e
00 03 * * * mysqladmin flush-hosts

In the cron I have omitted the mysqladmin -u root -p (user/pass) input options because for convenience I have already stored the mysql root password in /root/.my.cnf

Here is how /root/.my.cnf looks like:

debian:~# cat /root/.my.cnf
[client]
user=root
password=a_secret_sql_password

Now hopefully, this would permanently solve SQL's 'failure to accept connections' due to too many connection errors for future.

Share this on

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in MySQL, System Administration, Web and CMS | No Comments »

How to search text strings only in hidden files dot (.) files within a directory on Linux and FreeBSD

Saturday, April 28th, 2012

If there is necessity to look for a string in all hidden files with all sub-level subdirectories (be aware this will be time consuming and CPU stressing) use:
 

hipo@noah:~$ grep -rli 'PATH' .*

./.gftp/gftprc
./.gftp/cache/cache.OOqZVP
….

Sometimes its necessery to only grep for variables within the first-level directories (lets say you would like to grep a 'PATH' variable set, string within the $HOME directory, the command is:

hipo@noah:~$ grep PATH .[!.]*

.profile:PATH=/bin:/usr/bin/:${PATH}
.profile:export PATH
.profile:# set PATH so it includes user's private bin if it exists
.profile: PATH="$HOME/bin:$PATH"
.profile.language-env-bak:# set PATH so it includes user's private bin if it exists
.profile.language-env-bak: PATH="$HOME/bin:$PATH"
.viminfo:?/PATH.xcyrillic: XNLSPATH=/usr/X11R6/lib/X11/nls
.xcyrillic: export XNLSPATH

The regular expression .[!.]*, means exclude any file or directory name starting with '..', e.g. match only .* files

Note that to use the grep PATH .[!.]* on FreeBSD you will have to use this regular expression in bash shell, the default BSD csh or tsch shells will not recognize the regular expression, e.g.:

grep PATH '.[!.]*'
grep: .[!.]*: No such file or directory

Hence on BSD, if you need to look up for a string within the home directory, hidden files: .profile .bashrc .bash_profile .cshrc run it under bash shell:

freebsd# /usr/local/bin/bash
[root@freebsd:/home/hipo]# grep PATH .[!.]*

.bash_profile:# set PATH so it includes user's private bin if it exists
.bash_profile:# PATH=~/bin:"${PATH}"
.bash_profile:# do the same with …

Another easier to remember, alternative grep cmd is:

hipo@noah:~$ grep PATH .*
.profile:PATH=/bin:/usr/bin/:${PATH}
.profile:export PATH
.profile:# set PATH so it includes user's private bin if it exists
.profile: PATH="$HOME/bin:$PATH"
….

Note that grep 'string' .* is a bit different in meaning, as it will not prevent grep to match filenames with names ..filename1, ..filename2 etc.
Though grep 'string' .* will work note that it will sometimes output some unwanted matches if filenames with double dot in the beginning of file name are there …
That's all folks :)

Share this on

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, System Administration | 2 Comments »

Geeqie and GThumb advanced picture viewing Picasa alternative for GNU / Linux – GQView on Debian now a meta package for Geeqie

Saturday, March 31st, 2012

I'm currently learning some basic graphic design – reading GIMP's documentation etc. While reading http://docs.gimp.org, I saw a reference to Gthumb and GQView picture viewing apps, so I thought of installing them on my Debian LinuxGQView has a lot of santimental value to me as it reminds me of the the old times when I used gqview as a default picture viewing program on a old machine running Debian Woody Linux with Window Maker as desktop environment.

I wanted to see how GQView looks nowdays so installed it:

noah:~# apt-get --yes install gqview

And onwards launch it:

hipo@noah:~/Desktop$ gqview
This is a compatibility alias for Geeqie!
Please use /usr/bin/geeqie instead!
Creating Geeqie dir:/home/hipo/.config/geeqie
Creating Geeqie dir:/home/hipo/.local/share/geeqie/collections
Creating Geeqie dir:/home/hipo/.cache/geeqie/thumbnails
Creating Geeqie dir:/home/hipo/.local/share/geeqie/metadata

GQview Debian linux screenshot ancient icon of saint Paul from Ephesus

What poped up instead of gqview is Geeqie – a picture viewer nowdays available on a default Slackware Linux install.

Fedora, CentOS users will have to build geekie from its source, as of time of writting there is no available rpm package.

It was new to me Gqview is no longer developed, its dev is forked (because its head developer is not reachable any more). Hence QGView continues to live on nowdays under the hood of Geekie
As you can see from the prior screenshot Geeqie has very similar interface to GQView. Going through the interface, I've found it has much more features than GQView. You see one of the many new nice features is the support for drawing Image Histograms.
There are few type of Histograms to display in Geekiq, available by navigating to:

View -> Image Overlay

Even if you're not familiar with Image histograms, probably you have seen them appear on a digital camera while browsing in menus. Its likely you didn't know what you saw a digital camera display is a histogram.
Anyways being not familiar with histograms is perfectly fine as for most of us (regular) users image historograms doesn't make much sense.

BTW Histograms are very useful for pro Photographers. Photographers can use them as an aid to show the distribution of picture "tones" captured, and whether image detail has been lost to blown-out highlights or blacked-out shadows.
Interesting fact concerning "reading" and understanding Histograms is on a Histogram for a very dark image the majority of data points are on the left side and center of the graph, whether histogram for a very bright image with few dark areas and/or shadows will have most of its data points located on the right side and center of the graph.
With this said in mind, you can see, the above Geeqie picture visibile histogram obviously has most of its data concentrated on the right and the center so this means the histogram belongs to a bright pic. Well, Actually you can see this without a histogram too ;)
Though Image Histograms might seem pretty useles they're very much needed in Professional Graphic Manipulation. For instance for correction of image color gamma or manually adjusting the brightness for each picture pixel brightness.
So Enough with histograms, I will switch now to a short review of Gthumb

Since I haven't used/seen Gthumb "for ages", I was also curious how the program looks nowdays. I did not needed to install gthumb, as I had it installed already on my notebook. I assume gthumb package was installed as some package dependency or I did it install some very long time ago and I forgot.

For people who didn't have it install do:

noah:~# apt-get --yes install gthumb
...

This installs a Gthumb version 2.12.2. The current latest stable Gthumb release is way ahead from the existing deb stable package, the latest available version on sourceforge is 2.7.4

Ubuntu gthumb latest packages would probably be newer than my debian installed one, so Ubuntu users can have the joy to use a newer version of gthumb…

gthumb is also installable for Fedora and CentOS users by default from default assigned package repos:

To install on RPM based Linux distro:

[root@centos:~ ]# yum -y install gthumb
...

Once installed, I ran it via a gnome run application shortcut ALT+F2 and typed:

gthumb

If you're more of a gui user than me you can run it also through GNOME menus:

Applications -> Graphics -> Gthumb Image Viewer

Gthumb Debian Linux Squeeze Screenshot

You see gthumb appears, quite similar in "look&feel" to Geeqie.
I went through the program options just for the sake to compare with Geeqie. Based on the fact Geeqie seems to have more functionality it is probably superior and better choice for people looking for professional image vieweing / editting.However there are some other aspects I've noticed, where it lacks behind Gthumb.
Gthumb has few great functionality which unfortunately as of time of writting are missing or hardly achievable in Geeqie

1. Bookmarking pictures.

This allows for your favourite pictures to be bookmarked in the same way as bookmarks work in a browser, really neat feature.

2. Share functionality

Share button is located on the rightest upper corner and makes sharing with major web storage places easy.
Through the Share button, you can export (share) your pictures directly in Picasa, Facebook,Flickr and Photobucket.
Gthumb Share button screenshot on my Debian Squeeze Linux

Through this share button it is also possible to "share your photos on a CD or DVD", – burn them on a CD/DVD directly from gthumb. This is doable via:

Gthumb Share Button list options

One other Gthumb advantagle is its extensibility. It has a powerful plugin system. Many of the features it has are already there thanks to its enabled extensions.

GThumb extensions menu Debian GNU / Linux

3. Photo Tagging

Nowdays tagging, photos has become so popular with the boom of facebook tagging. Gthumb has a relatively easy to use image tagging integrated.
tagging a picture is done by simply going through the picture and selecting it with the (rightest located mouse button).

GThumb picture properties tag menu shot

There is a list of few already predefined tags, which can be used to tag images.Assigning more tags is done via menu:

Tags -> Other

Gthumb assign new tag category menu shot

4. Organizing pictures

Through the Organize button located right below the Share button, one can easily organize his picture collections, based on few criterias.

GTHUMB organize files Debian cropped screenshot

The organize easy feature is not so important for not people, who are not in depth in photographing but for professional photographers this is an absolute necessity. For people who are image freaks and store tens of thousands of pictures organizing pictures for easy later retrieval is really nice.
To sum it, up Geeqie and Gthumb are richer in functionality if compared to GNOME's default pic viewer (eye of the gnome) – eog.

Geeqie, as the name suggests is more for geek oriented and has a lot of great options which can serve well for advanced computer users. For an ordinary desktop user however it will probably be not easy to "digest". Gthumb on the other hand is ideal for anyone who prefers gui convenience. Gthumb is a good option for anyone looking for some similar to Picasa free software program that is feature rich and easy to use.For people who has to review a dozens of pictures daily, associating one of the two as a default picture viewer will probably be useful.
 

Share this on

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Gnome, Linux and FreeBSD Desktop, News | No Comments »

Resolving “nf_conntrack: table full, dropping packet.” flood message in dmesg Linux kernel log

Wednesday, March 28th, 2012

On many busy servers, you might encounter in /var/log/syslog or dmesg kernel log messages like

nf_conntrack: table full, dropping packet

to appear repeatingly:

[1737157.057528] nf_conntrack: table full, dropping packet.
[1737157.160357] nf_conntrack: table full, dropping packet.
[1737157.260534] nf_conntrack: table full, dropping packet.
[1737157.361837] nf_conntrack: table full, dropping packet.
[1737157.462305] nf_conntrack: table full, dropping packet.
[1737157.564270] nf_conntrack: table full, dropping packet.
[1737157.666836] nf_conntrack: table full, dropping packet.
[1737157.767348] nf_conntrack: table full, dropping packet.
[1737157.868338] nf_conntrack: table full, dropping packet.
[1737157.969828] nf_conntrack: table full, dropping packet.
[1737157.969928] nf_conntrack: table full, dropping packet
[1737157.989828] nf_conntrack: table full, dropping packet
[1737162.214084] __ratelimit: 83 callbacks suppressed

There are two type of servers, I've encountered this message on:

1. Xen OpenVZ / VPS (Virtual Private Servers)
2. ISPs – Internet Providers with heavy traffic NAT network routers
 

I. What is the meaning of nf_conntrack: table full dropping packet error message

In short, this message is received because the nf_conntrack kernel maximum number assigned value gets reached.
The common reason for that is a heavy traffic passing by the server or very often a DoS or DDoS (Distributed Denial of Service) attack. Sometimes encountering the err is a result of a bad server planning (incorrect data about expected traffic load by a company/companeis) or simply a sys admin error…

- Checking the current maximum nf_conntrack value assigned on host:

linux:~# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
65536

- Alternative way to check the current kernel values for nf_conntrack is through:

linux:~# /sbin/sysctl -a|grep -i nf_conntrack_max
error: permission denied on key 'net.ipv4.route.flush'
net.netfilter.nf_conntrack_max = 65536
error: permission denied on key 'net.ipv6.route.flush'
net.nf_conntrack_max = 65536

- Check the current sysctl nf_conntrack active connections

To check present connection tracking opened on a system:

:

linux:~# /sbin/sysctl net.netfilter.nf_conntrack_count
net.netfilter.nf_conntrack_count = 12742

The shown connections are assigned dynamicly on each new succesful TCP / IP NAT-ted connection. Btw, on a systems that work normally without the dmesg log being flooded with the message, the output of lsmod is:

linux:~# /sbin/lsmod | egrep 'ip_tables|conntrack'
ip_tables 9899 1 iptable_filter
x_tables 14175 1 ip_tables

On servers which are encountering nf_conntrack: table full, dropping packet error, you can see, when issuing lsmod, extra modules related to nf_conntrack are shown as loaded:

linux:~# /sbin/lsmod | egrep 'ip_tables|conntrack'
nf_conntrack_ipv4 10346 3 iptable_nat,nf_nat
nf_conntrack 60975 4 ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_defrag_ipv4 1073 1 nf_conntrack_ipv4
ip_tables 9899 2 iptable_nat,iptable_filter
x_tables 14175 3 ipt_MASQUERADE,iptable_nat,ip_tables

 

II. Remove completely nf_conntrack support if it is not really necessery

It is a good practice to limit or try to omit completely use of any iptables NAT rules to prevent yourself from ending with flooding your kernel log with the messages and respectively stop your system from dropping connections.

Another option is to completely remove any modules related to nf_conntrack, iptables_nat and nf_nat.
To remove nf_conntrack support from the Linux kernel, if for instance the system is not used for Network Address Translation use:

/sbin/rmmod iptable_nat
/sbin/rmmod ipt_MASQUERADE
/sbin/rmmod rmmod nf_nat
/sbin/rmmod rmmod nf_conntrack_ipv4
/sbin/rmmod nf_conntrack
/sbin/rmmod nf_defrag_ipv4

Once the modules are removed, be sure to not use iptables -t nat .. rules. Even attempt to list, if there are any NAT related rules with iptables -t nat -L -n will force the kernel to load the nf_conntrack modules again.

Btw nf_conntrack: table full, dropping packet. message is observable across all GNU / Linux distributions, so this is not some kind of local distribution bug or Linux kernel (distro) customization.
 

III. Fixing the nf_conntrack … dropping packets error

- One temporary, fix if you need to keep your iptables NAT rules is:

linux:~# sysctl -w net.netfilter.nf_conntrack_max=131072

I say temporary, because raising the nf_conntrack_max doesn't guarantee, things will get smoothly from now on.
However on many not so heavily traffic loaded servers just raising the net.netfilter.nf_conntrack_max=131072 to a high enough value will be enough to resolve the hassle.

- Increasing the size of nf_conntrack hash-table

The Hash table hashsize value, which stores lists of conntrack-entries should be increased propertionally, whenever net.netfilter.nf_conntrack_max is raised.

linux:~# echo 32768 > /sys/module/nf_conntrack/parameters/hashsize
The rule to calculate the right value to set is:
hashsize = nf_conntrack_max / 4

- To permanently store the made changes ;a) put into /etc/sysctl.conf:

linux:~# echo 'net.netfilter.nf_conntrack_count = 131072' >> /etc/sysctl.conf
linux:~# /sbin/sysct -p

b) put in /etc/rc.local (before the exit 0 line):

echo 32768 > /sys/module/nf_conntrack/parameters/hashsize

Note: Be careful with this variable, according to my experience raising it to too high value (especially on XEN patched kernels) could freeze the system.
Also raising the value to a too high number can freeze a regular Linux server running on old hardware.

- For the diagnosis of nf_conntrack stuff there is ;

/proc/sys/net/netfilter kernel memory stored directory. There you can find some values dynamically stored which gives info concerning nf_conntrack operations in "real time":

linux:~# cd /proc/sys/net/netfilter linux:/proc/sys/net/netfilter# ls -al nf_log/
total 0
dr-xr-xr-x 0 root root 0 Mar 23 23:02 ./
dr-xr-xr-x 0 root root 0 Mar 23 23:02 ../
-rw-r--r-- 1 root root 0 Mar 23 23:02 0
-rw-r--r-- 1 root root 0 Mar 23 23:02 1
-rw-r--r-- 1 root root 0 Mar 23 23:02 10
-rw-r--r-- 1 root root 0 Mar 23 23:02 11
-rw-r--r-- 1 root root 0 Mar 23 23:02 12
-rw-r--r-- 1 root root 0 Mar 23 23:02 2
-rw-r--r-- 1 root root 0 Mar 23 23:02 3
-rw-r--r-- 1 root root 0 Mar 23 23:02 4
-rw-r--r-- 1 root root 0 Mar 23 23:02 5
-rw-r--r-- 1 root root 0 Mar 23 23:02 6
-rw-r--r-- 1 root root 0 Mar 23 23:02 7
-rw-r--r-- 1 root root 0 Mar 23 23:02 8
-rw-r--r-- 1 root root 0 Mar 23 23:02 9

 

IV. Decreasing other nf_conntrack NAT time-out values to prevent server against DoS attacks

Generally, the default value for nf_conntrack_* time-outs are (unnecessery) large.
Therefore, for large flows of traffic even if you increase nf_conntrack_max, still shorty you can get a nf_conntrack overflow table resulting in dropping server connections. To make this not happen, check and decrease the other nf_conntrack timeout connection tracking values:

linux:~# sysctl -a | grep conntrack | grep timeout
net.netfilter.nf_conntrack_generic_timeout = 600
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
net.netfilter.nf_conntrack_tcp_timeout_established = 432000
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close = 10
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
net.netfilter.nf_conntrack_udp_timeout = 30
net.netfilter.nf_conntrack_udp_timeout_stream = 180
net.netfilter.nf_conntrack_icmp_timeout = 30
net.netfilter.nf_conntrack_events_retry_timeout = 15
net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent2 = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 10
net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30

All the timeouts are in seconds. net.netfilter.nf_conntrack_generic_timeout as you see is quite high – 600 secs = (10 minutes).
This kind of value means any NAT-ted connection not responding can stay hanging for 10 minutes!

The value net.netfilter.nf_conntrack_tcp_timeout_established = 432000 is quite high too (5 days!)
If this values, are not lowered the server will be an easy target for anyone who would like to flood it with excessive connections, once this happens the server will quick reach even the raised up value for net.nf_conntrack_max and the initial connection dropping will re-occur again …

With all said, to prevent the server from malicious users, situated behind the NAT plaguing you with Denial of Service attacks:

Lower net.ipv4.netfilter.ip_conntrack_generic_timeout to 60 – 120 seconds and net.ipv4.netfilter.ip_conntrack_tcp_timeout_established to stmh. like 54000

linux:~# sysctl -w net.ipv4.netfilter.ip_conntrack_generic_timeout = 120
linux:~# sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000

This timeout should work fine on the router without creating interruptions for regular NAT users. After changing the values and monitoring for at least few days make the changes permanent by adding them to /etc/sysctl.conf

linux:~# echo 'net.ipv4.netfilter.ip_conntrack_generic_timeout = 120' >> /etc/sysctl.conf
linux:~# echo 'net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000' >> /etc/sysctl.conf

 

Share this on

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, System Administration | 4 Comments »

How to increase brightness on Fujitsu Siemens Amilo PI22515 notebook with Slackware Linux

Friday, March 9th, 2012

Increase LCD screen brightness on Fujitsu Siemens Amilo laptop with Linux Slackware

A friend of mine has Fujitsu Siemens Amilo laptop and is full time using his computer with Slackware Linux.

He is quite happy with Slackware Linux 13.37 on the laptop, but unfortunately sometimes his screen brightness lowers. One example when the screen gets darkened is when he switch the computer on without being plugged in the electricity grid. This lowered brightness makes the screen un-user friendly and is quite tiring for the eye …

By default the laptop has the usual function keys and in theory pressing Function (fn) + F8 / F7 – should increase / decrease the brightness with no problems, however on Slackware Linux (and probably on other Linuxes too?), the function keys are not properly recognized and not responding whilst pressed.
I used to have brigtness issues on my Lenovo notebook too and remember how irritating this was.
After a bit of recalling memories on how I solved this brightness issues I remembered the screen brigthness on Linux is tunable through /proc virtual (memory) filesystem.

The laptop (Amilo) Fujitsu Siemens video card is:

lspci |grep -i vga
00:02.0 VGA compatible controller: Intel Corporation Mobile GM965/GL960 Integrated Graphics Controller (primary) (rev 03)

I took a quick look in /proc and found few files called brightness:
 

  • /proc/acpi/video/GFX0/DD01/brightness
  • /proc/acpi/video/GFX0/DD02/brightness
  • /proc/acpi/video/GFX0/DD03/brightness
  • /proc/acpi/video/GFX0/DD04/brightness
  • /proc/acpi/video/GFX0/DD05/brightness

cat-ting /proc/acpi/video/GFX0/DD01/brightness, /proc/acpi/video/GFX0/DD03/brightness, /proc/acpi/video/GFX0/DD04/brightness all shows not supported and therefore, they cannot be used to modify brightness:

bash-4.1# for i in $(/proc/acpi/video/GFX0/DD0{1,3,4,5}/brightness); do \
cat $i;
done
<not supported>
<not supported>
<not supported>
<not supported>

After a bit of testing I finally succeeded in increasing the brightness.
Increasing the brightness on the notebook Intel GM965 video card model is done, through file:

/proc/acpi/video/GFX0/DD02/brightness

To see all the brightness levels the Fujitsu LCD display supports:

bash-4.1# cat /proc/acpi/video/GFX0/DD02/brightness
levels: 13 25 38 50 63 75 88 100
current: 25

As you can see the dark screen was caused cause the current: brightness is set to a low value of 25.
To light up the LCD screen and make the screen display fine again, I increased the brightness to the maximum level 100, e.g.:

bash-4.1# echo '100' > /proc/acpi/video/GFX0/DD02/brigthness

Just for the fun, I've written also a two lines script which gradually increases LCDs brightness :)

bash-4.1# echo '13' > /proc/acpi/video/GFX0/DD02/brightness;
bash-4.1# for i in \
$(cat /proc/acpi/video/GFX0/DD02/brightness|grep 'levels'|sed -e 's#levels:##g'); do \
echo $i > /proc/acpi/video/GFX0/DD02/brightness; sleep 1; \done

fujitsu_siemens_brightness_fun.sh script is fun to observe in changing the LCD screen gradually in one second intervals :)

Here is also a tiny program that reduces and increases the notebook laptop brightness written in C. My friend Dido, coded it in just few minutes just for the fun :)
To permanently solve the issues with darkened screen on boot time it is a good idea to include echo '100' > /proc/acpi/video/GFX0/DD02/brigthness in /etc/rc.local:

bash-4.1# echo '100' > /proc/acpi/video/GFX0/DD02/brigthness

I've also written another Universal Linux Increase laptop screen brightness Shell script which should be presumable also working for all Laptop models running Linux :)

My maximize_all_linux_laptops_brightness.sh "universal increase Linux brightness" script is here
I'll be glad to hear from people who had tested the script on other laptops and can confirm it works fine for them.
 

Share this on

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, Linux and FreeBSD Desktop, Linux Audio & Video, System Administration | No Comments »

How to prevent SSH and FTP bruteforce attacks with iptables on Linux

Friday, December 30th, 2011

Earlier I've blogged about how to prevent brute force attacks with fail2ban, denohosts and blockhosts , however there is easier way to secure against basic brute force attacks by not installing or configuring any external programs.
The way I'm talking about uses simple iptables rules to filter out brute force attacks.

Here is a small script to stop ssh and FTP invaders which try to initiate more than 3 consequential connections in 5 minutes time to port 22 or port 23:

SERVER_MAIN_IP='AAA.BBB.CCC.DDD';/sbin/iptables -N SSH_WHITELIST
/sbin/iptables -A INPUT -p tcp --dport 22 --syn -m recent --name sshbr --set
/sbin/iptables -A INPUT -p tcp --dport 22 --syn -j SSH_WHITELIST
/sbin/iptables -A INPUT -p tcp --dport 22 --syn -m recent --name sshbr \
--update --rttl --hitcount 3 --seconds 300 -j REJECT --reject-with tcp-reset
/sbin/iptables -A SSH_WHITELIST -s $SERVER_MAIN_IP -p tcp --dport 22 --syn -m recent --rttl --remove

The only thinIf the rules are matched iptables filter rules will be added to the iptables CHAIN SSH_WHITELIST
In case if you want to add some more truested IPs add some more iptables rules, like:

ALLOW_IP='BBB.CCC.DDD.EEE';
/sbin/iptables -A SSH_WHITELIST -s $ALLOW_IP -p tcp --dport 22 --syn -m recent --rttl --remove

Each filtered IP that matches the rules will be filtered for 5 minutes, if 5 minutes is enough, the 300 value has to be increased.
 

Share this on

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Computer Security, Linux, System Administration | 2 Comments »

Cleaning Packard Bell Hera GL laptop running Windows XP from Viruses and Spyware (Viruses / Spyware which can make CD drive and Wireless seem unworking)

Tuesday, December 13th, 2011

Packard Bell Hera GL Fixing Broken RaLink Wireless

Yesterday, one (girl)friend of mine brought me one Packard Bell notebook, which had a 2 years old Windows installed on it.
As one can imagine Windows XP on it is full of Spyware and Viruses. Besides the software problems the notebook had some hardware problems with the CD / DVD which is not reading CD / DVDs at all.

Initially I thought, the CD unable to read problems are caused by the infected Windows, however even restarting the PC with a bootable Hirens BootCD and a Whoppix liveCD and trying to boot from it failed this convinced me its a CD / DVD combo drive hardware failure.

By the way, I've just recently found out about Nixory – Is a nice Free Software Open Source AntiSpyware tool for Firefox, IE and Chrome.

Nixory Windows XP Screenshot

I hope it will get a sharp development and soon, when some friend asks me to fix his stupid non free-Windows PC, I would not have to use a trial version of Malware Bytes but directly use only Nixory

Anyways after using Nixory, MalwareBytes and Avira and thoroughfully scanned the system in Safe Mode and found and deleted some 15 Spyware / Viruses and tampered a bit with the Wireless Driver settings all the notebook devices started working fine again.

The wireless had also one really odd problem on this Packard BellHera GL, even though the notebook wireless antenna was capable of detecting all the wireless networks it couldn't properly connect to any of it but failed to get proper IP addresses.
Partially the unable to grab an IP via wireless router dhcp server got fixed by using the Wireless restart Button (located on the Notebook corpus).
However even after cleaning up the Virus and Spyware the Wireless Networks connectivity problems on this Packard Bell continued, until I changed also few settings in the Control PanelI never thought Viruses / Spyware infected can have some bad impact on Wireless Card and CD drive make them unsusable though they showed like working correctly in Windows Control Panel -> System ??

In the meantime I reinstalled the Wireless Driver for the notebook, the Wireless card on the notebook was showing up itself under the name of Ralink 802.11n Wireless Lan Card in Windows Device Manager

After re-installing the wireless driver I had to also change few settings for the Wireless Network Connection using the menus Properties -> Configure -> Extended; therein everywhere for each Value I make it be Enable and for Power Saving Mode , I've choose the Value option of CAM

After a system reboot, everything started working finally fine. One last thing to add is that before I fixed the Ralink wireless to work under Windows, I tried to use a Bootable Linux LiveCD but even there the wireless was failing to connect to the wireless networks (maybe this shit wireless device has some issues with its Linux drivers).

Share this on

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in System Administration, Windows | 1 Comment »

Where does Debian GNU / Linux Apache + PHP stores session files?

Tuesday, November 22nd, 2011

In order to debug some PHP session problems on Debian, I needed to check the count of existing session files.
When PHP is compiled from source usually, by default sessions are stored in /tmp directory, however this is not the case on Debian.

Debian's PHP session directory is different, there the sessions are stored in the directory:

/var/lib/php5

I've discovered the session directory location by reading Debian's cron shell script, which delete session files on every 30 minutes.

Here is the file content:

debian~# cat /etc/cron.d/php5
# /etc/cron.d/php5: crontab fragment for php5
# This purges session files older than X, where X is defined in seconds
# as the largest value of session.gc_maxlifetime from all your php.ini
# files, or 24 minutes if not defined. See /usr/lib/php5/maxlifetime

# Look for and purge old sessions every 30 minutes
09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && \
[ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -delete

To check the amount of existing PHP opened session files:

debian:~# ls -1 /var/lib/php5|wc -l
14049

Share this on

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, System Administration, Various | No Comments »

How to copy CD or DVD on GNU/Linux and FreeBSD using console or terminal

Monday, November 14th, 2011

CD Burning Console Terminal Linux / FreeBSD picture

These days more and more people start to forget the g* / Linux old times when we used to copy CDs from console using dd in conjunction with mkisofs .

Therefore to bring some good memories back of the glorious console times I decided to come up with this little post.

To copy a CD or DVD the first thing one should do is to make an image copy of the present inserted CD into the CD-drive with dd :

1. Make copy of the CD/DVD image using dd

# dd if=/dev/cdrom of=/tmp/mycd.iso bs=2048 conv=notrunc

/dev/cdrom is the location of the cdrom device, on many Linuces including (Debian) /dev/cdrom is just a link to the /dev/ which corresponds to the CD drive. Note on FreeBSD the location for the CD Drive is /dev/acd0
/tmp/mycd.iso instructs dd CD image creation to be placed in /tmp/ directory.
bs argument instructs it about the byte size portions by which the content of the CD-Drive inserted CD will be read. bs value of 2048 is actually only 2KB per dd read, increasing this value will decrease the time required for the CD image to be extracted.

2. Prepare CD image file to be ready for burning

After dd completes the image copy operation, next to prepare the extracted image / ISO to be ready for burning mkisofs is used:

# mkisofs -J -L -r -V TITLE -o /tmp/imagefile.iso /tmp/mycd.iso

The -J option makes the CD compatible for Pcs running Microsoft Windows. The -V TITLE option should be changed to whatever title the new CD should have, -r will add up status bar for the mkisofs operation.
-r is passed to create specific file permissions on the newly created CD, -o specifies the location where mkisofs will produce its file based on the CD image /tmp/mycd.iso .

3. Burning the mkisofs image file to a CD/DVD on GNU / Linux

linux:~# cdrecord -scanbus
linux:~# cdrecord dev=1,0,0 /tmp/imagefile.iso

If all wents okay with cdrecord operation, after a while the CD should be ready.

4. Burning the mkisofs image file to CD on FreeBSD

freebsd# burncd -f /dev/acd0 data /tmp/imagefile.iso fixate

Share this on

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, Linux and FreeBSD Desktop, System Administration, Various | No Comments »

Triumph of the Nerds – A documentary about the rise of Personal Computers

Saturday, October 8th, 2011

Triumph of the Nerds movie cover

Triumph of the Nerds is 3 parts documentary movie on how the Personal Computer was developed. The movie features interviews with Steve Jobs, Bill Gates, Steve Ballmer, Allan Paul and many other IT veterans who played key roles for the development of the Personal Computer ,

The movie is an interesting watching for people interested into Information Technology and gives some minor insights on the starred interviewed people and their life philosophy. It was interesting times back then and it seems many of the guys who could participate in the PCs were very lucky, where others who made key developments which are de-facto standards today went into history without much being remembered.

Now the trends which these man set in world's development is not nice. Even though PC brough a lot of fun in our every lives it suddenly started taking over our privacy and made the humanity divided.
The movie is a story of a man motivated by greed arrogancy and exploitation. Even though the movie has historical value it doesn't even mention about Free Software Richard Stallman and the free software movement.

The movie talks about the development of CP/M the predecessor of Quick and Dirty DOS (QDOS), MS-DOS Windows 1,2,3, Windows 95 etc.

It also tries to picture the events around the raise and fall of IBM and OS/2.

The most notable parts for me in the movie are the showing off of some old computer hardware and Mainframe servers as well as the quick explanation on how Mainframes irons predecessed the PC. Another interesting moment in the movie is displaying Steve Jobs demonstrating the Xerox's Alto graphical interface. Talking about Jobs it was quite shocking for the world his sudden death just 3 days ago so (R.I.P).

The movie author Robert X. Cringery stress out in the movie the great struggle between the so called "the blue Elephant" IBM and the just emerging early Microsoft Corporation

Triumph of the Nerds slightly mentions Digital Equipment Corporation / DEC or COMPAQ as later known. DEC is company less known in todays world which had historically great impact on computer market, so its a pity the movie part mentioning DEC is so short.

What the movie misses is to aforemention About's Digital Equipment VMS operating system known under the code name OpenVMS. OpenVMS even of today is believed by many to be the most secure Operating System ever developed.
The movie part that talks about DEC is the second part of movie it shows a nice COMPAQ portable computer.

DEC Compaq portable II Computer

One should admit COMPAQ portable Computer is a really trendy for its time, Also the way it sticks the keyboard to the screen does remind seriously the opening and closing of a modern laptop ;)

The movie includes some interesting, so called crash courses where the movie author gives some insight on elementary computing, so for those new to informatix the movie will surely be educative as well, though for a UNIX gurus this elementary computing scenes will look kinda ridiculous ;)

One serious flaw with this movie is the complete lack of interviews with Richard Stallman and the importance of Free Software for the development of modern PC and the influence of the free software culture on todays latest Macintosh and PC developments.

A related movie which probably most IT geeks already know / seen is Pirates of the Sillicon Valley
, hence large chunk of Triumph of the Nerds gives another point of view on the ideas and stories presented in Triumph of the Nerds

Triumph of the Nerds brings back some good memories of the glorious PC computer past for all of us who had been a DR-DOS/MS-DOS and Windows 3.11 / 95 users.

Share this on

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Business Management, Entertainment, Everyday Life | 4 Comments »

« Older Entries