Setting up Apache Log File Rotation

Posted on by
Reply

This how-to walks users through setting up proper log file rotation for a multil-site Apache installation where the log file are broken out by site. I built all this on my own, but forgot about logfile rotation so now the log files just keep growing and growing.  Time to institute a log rotation algorithm.

For the most part when you are working with Unix you will find that the syslog daemon handles how messages are logged in you system, but Apache handles it’s own logs and the details are typically kept in the httpd.conf file.

sudo grep -i 'log' /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/*
# Custom log file locations
LogLevel warn
ErrorLog  /var/www/html/site1.com/log/error.log
CustomLog /var/www/html/site1.com/log/access.log combined
# Custom log file locations
LogLevel warn
ErrorLog  /var/www/html/site2.com/log/error.log
CustomLog /var/www/html/site2.com/log/access.log combined
# Custom log file locations
LogLevel warn
ErrorLog  /var/www/html/site3.com/log/error.log
CustomLog /var/www/html/site3.com/log/access.log combined

So, grepping gives me a listing of logfile locations for each of the sites and as you can see they are all located in different directories.  You probably also noticed that there are logfiles in the con.d directory that I grepped for.  A lot of stuff will want to install there, like phpMyAdmin or webalizer or ssl.conf.  One other note, some installations will have their config files in an apache2 directory. Continue reading

Summary of Google’s Privacy Policy – March 2012

Posted on by
Reply

Disclaimer: I am not a lawyer and my views are simply my interpretation of information posted publicly by Google.

Google announced a new privacy policy the other day and characterized it as very user friendly because it combines more than 60 policies into a single policy.  I have to agree with that characterization.  One of the most important features of a privacy policy should be it’s transparency and having 60-some overlapping policies is not very transparent and pretty well impossible to read through.

One other significant change is that while you may have created accounts with special aliases to hide your identity, these are not necessarily anonymous anymore.  Google has be transitioned to a unified Google account where a single profile is attached to multiple services. Some or all Google services may replace your pseudonym  with your Google Profile account name and picture and make that information available publicly.  This has become part of the ‘Information you volunteered to Google’ [see below].

WHAT THEY COLLECT

  1. Information you volunteer to Google – Information you give Google when you sign up for a service like your name, email address, telephone number or credit card and possibly a publicly visible Google Profile, which may include your name and photo.
  2. Information Google learns while you use their services
    1. Device Information – such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). Google is able to associate your device identifiers or phone number with your Google Account.
    2. Log information – Details of how you used a Google service, such as your search queries, IP Address, cookies, browser type, browser language, the date.  Some applications may log, device event information such as crashes, system activity, hardware settings.
    3. Log information – Details of how you used a Google service, such as your search queries, IP Address, cookies, browser type, browser language, the date.  Some applications may log, device event information such as crashes, system activity, hardware settings.
    4. Unique application number – Tracks Google application versions for automatic updates.
    5. Cookies – limited data is collected through cookies and shared with advertisers (opt-in consent for personal info)

WHO HAS THE ACCESS TO THE INFO

  • Google Employees – They say the information is distributed on a ‘need-to-know’ basis, but there are certainly some Google employees who have access to all of the information, sensitive and otherwise.
  • Companies Outside Google – may purchase information, but personal (confidential medical facts, racial or ethnic origins, political or religious beliefs or sexuality) information is not shared without your consent (opt-in)
  • External Processing Companies – companies that process the data for Google in accordance with Google privacy policies.
  • Law Enforcement/Govt. – Any enforceable governmental request or if are believed to have violated the Terms of Service.

TRANSPARENCY
In the interest of transparency Google offers these links to assist you to understanding the scope of the information stored and to control that information, in a limited way.

  1. Review Your Accounthttps://www.google.com/dashboard/?hl=en
  2. Advertising Managementhttps://www.google.com/settings/u/0/ads/preferences/?hl=en
  3. Edit Your Profilehttp://support.google.com/accounts/bin/answer.py?hl=en&answer=97706
  4. Control Your Circle of Friendshttp://support.google.com/plus/bin/static.py?hl=en&page=guide.cs&guide=1257347
  5. I want outhttp://www.dataliberation.org/

 

References:
ACLU Article hammering home the danger of targeted ads.

 

Mounting a ‘Foreign’ LVM Volume

Posted on by
Reply

First, what do I mean by foreign?  Foreign means mounting the logical volume with an OS that it wasn’t originally installed on.  This could be because you are using KNOPPIX to repair something on the volume, or because you’ve moved the disk to a new location.

The process itself if quite simple, but it would help if you understood how logical volumes work first.  Click here for some nice background

Mounting an LVM Volume

  1. First Identify it with the fdisk command
  2. And find the VolGroup with the pvs command
  3. lvdisplay will show you the Logical Volume
  4. Finally mount it

# fdisk -l
Disk /dev/sda: 500.1 GB, 500107862016 bytes255 heads, 63 sectors/track, 60801 cylindersUnits = cylinders of 16065 * 512 = 8225280 bytes
Device Boot      Start         End      Blocks   Id  System/dev/sda1   *           1          13      104391   83 Linux/dev/sda2              14       60801   488279610   8e  Linux LVM

# pvs  PV         VG         Fmt  Attr PSize   PFree
/dev/sda2  VolGroup00 lvm2 a-   465.66G    0

lvdisplay

Okay, this isn’t finished yet, but I published it so that next time I’m working on this task I’ll complete it.  If you have any suggestions or want to complete this list. let me know.

Common Email Error Codes

Posted on by
Reply

Please help me add to these. If you have more add a comment and I’ll extend the list.  Thanks.

ERROR : “Remote host said: 476 – connection from your host are denied “
REASON : If sending client originates too many requests of the server in too short a time this will result in a lockout of that account for a period of time.  I have seen this happen when I open a huge IMAP account on a new machine.  You can either adjust one or more of the parameters or whitelist the IP Address.

ERROR : “Remote host said: 550 Requested action not taken: mailbox unavailable Giving up on “
REASON : If sending address is invalid,then you will get this message

ERROR : Sorry, I couldn’t find any host named
REASON : Problem with the recipient domain. i.e , The domain name specified is unknown. Either you typed it incorrectly or that domain no longer exists.

ERROR : “Remote host said: 550 abc [at] example [dot] com: Recipient address rejected:” unknown user
REASON : The email address specified by you was incorrect. kindly check the recipient email address.

ERROR : Remote host said: 554 Message type not allowed. UP Email not accepted for policy reasons
REASON : Please add SPF records for your DNS and send the mail.

ERROR : Remote host said:553: Relay access denied
REASON : This error means that the person sending the email was not authorized to use the email server (SMTP) server. In your email-client please enable this option —> my server requires Authentication(In out going server settings)

ERROR : Remote host said 554: Sender address rejected: Access denied
REASON :This error means that the sender address is blacklisted in one of the spam filter lists .

ERROR : 554 #5.5.4 Relaying denied. IP name lookup failed for
REASON : Your IP address does not have a reverse DNS record.

ERROR :Remote host said: 553 sorry, that domain isn’t in my list of allowed rcpthosts
REASON :This error means that the local user ( who is allowed to send mails locally, not to outside domains) is sending mail to the outside world.

ERROR : “Sorry, no mailbox here by that name”
REASON : This is due to invalid email address.please check the email-address and try again.

ERROR : Connected to but greeting failed
REASON : This sometimes occurs when your servers Ip is blacklisted.

ERROR : Connected to but connection died. (#4.4.2) I’m not going to try again; this message has been in the queue too long.
REASON : Recipient server was facing some problem at that time.try to resend the mail again.

ERROR :This message is looping: it already has my Delivered-To line
REASON : problem with the aliases.please check the aliases

ERROR : Sorry, I wasn’t able to establish an SMTP connection. (#4.4.1) I’m not going to try again; this message has been in the queue too long
REASON : If the recipient domain does not have valid mx record, you will get this error.so please contact them and get it rectified.

ERROR : Connected to 192.121.XX.XXX but authentication was rejected (password).“Remote host said: 535 authorization failed”
REASON : This is due to wrong password.please check the password.

ERROR :user [at] example [dot] com:qmail-group: fatal: get ldap group entry: no such object I’m not going to try again; this message has been in the queue too long
REASON :

ERROR : Sorry, user@domain.com is over their allocated Quota
REASON : The recipient’s mailbox is full. Contact them to delete some emails.

ERROR : Remote host said:552 sorry, that message size exceeds my databytes limit
REASON : The size of the attachment is too large.please try to reduce the size of attachment and try to send the mail.

ERROR : Connected to 45.54.XXX.XXX but sender was rejected. Remote host said: 550 Your e-mail was rejected for policy reasons on this gateway. Reasons for rejection may be related to content such as obscene language, graphics, or spam-like characteristics (or) other reputation problems. For sender troubleshooting information, please go to http://postmaster.msn.com. Please note: if you are an end-user please contact your E-mail/Internet Service Provider for assistance.
REASON : Please add SPF record for your DNS.This will solve the problem.

Stock Valuation

Posted on by
Reply

The US stock market over the past decade to establish an expected rate of return for our investment. The CAGR of the S&P 500 over the last one hundred years is roughly 10%, so that will be our starting point. A fairly priced stock will return 10% a year to investors – no more, no less.

Now the question becomes, at what valuation will our hypothetical zero growth company return 10%? A company with no growth prospects will be expected to return all its earnings to shareholders in dividends at a 100% payout ratio. After all, there’s no point in retaining and reinvesting earnings if your company has reached absolute maturity and growth is no longer possible.

Since the company will never grow, capital appreciation of its stock is expected to remain pretty much flat over the long run. Therefore, the only way for our hypothetical company to generate shareholder value is through dividend distributions (and share buybacks, but since a buyback is the same as a reinvested dividend when the shares are purchased at fair value, we’ll ignore them for now). For a no growth company paying out 100% of its earnings, the total return of its investors will be equal to its yield. To achieve a 10% yield at a 100% payout ratio, the company’s P/E must be equal to 10. And there we have it: a no growth company, all other factors being equal, is fairly valued at a P/E of 10.

Installing Subversion Edge 2.2.0 on CentOS 6

Posted on by
1

Should be easy, right?  It is, but I spent a good bit of time discovering how things really work.  Don’t get me wrong, the installation instructions are a good start, but things don’t working the way they should with Subversion Edge 2.2.0.

IN A NUTSHELL

  1. Install CentOS 6
  2. Prep CentOS 6 for Subversion Edge
  3. Install Subversion Edge
  4. Configure Subversion Edge in the GUI

Continue reading

Integrating JIRA and MS Project

Posted on by
Reply

A couple of weeks ago I was tasked with setting up an environment where our Project Manager, working with MS Project is able to setup all of the software development tasks and then sync that data with JIRA, the tools used by the development, technical services and QA teams to track their work.  On top of that the executive team wants the ability to monitor progress using MS Project.  They’d like it to work on iPads, Windows, Macs, Androids.  Pretty much everywhere.  Oh, and it should be too costly.

You can do this with MS Project Server and Sharepoint, but as soon as you start down that road there are all kinds of problems not the least of which is the cost which will be well into 5 figures.  So didn’t didn’t go there.

THE PARTS

  • R/W JIRA Users – Using JIRA, Dev, QA and TS log progress and time spent with a browser connection.
  • JIRA Server – We are adding The Connector to the JIRA server to enable synchronization of data between a MS Project and JIRA.
  • R/W Project Manager – A virtual workstation with MS Project 2010 loaded with a JIRA connector.  This system is the only system allowed to write to the .MPP files on Mercury (the file server) and synchronize those files to the JIRA server.
  • File/HTTP Server – The location of the project files.  We will be loading a .NET framework Project Viewer by Housatonic that allows 5 concurrent users read-only access the active files.  The project viewer works just like project, but runs on Mac, Windows, iPhone, iPad, etc.  That data is updated by the PM who pulls progress updates from JIRA.
  • R/O Executive – Management with read-only access to the project plan as served up on Mercury.  These user may also access JIRA directly
THE PROCESS
This outlines the workflow.
  1. Project Creation – The PM creates projects in MS Project 2010 on a single workstation and updates JIRA which replicates all of the components of the project onto the JIRA Server.  The project files live on Mercury and are now visible to the executive team through a web browser.
  2. Working on the Project – As users work on the project they use JIRA to log their time and tasks completed sharing notes with other users as needed.
  3. JIRA / Project Synchronization - The data on Mercury does not automatically reflect the data in JIRA. Periodically, the PM will open MS Project and sync up the data.  This will pull the task completed and time worked from JIRA into MS Project.
  4. Reporting – The PM will periodically create reports that include links to the project.  The hyperlinks will cause a project viewer to open allowing management to drill down into details as necessary.
THE COSTS
  • JIRA Connector ($500) – Licence for a single user.
  • JIRA Runs on a CentOS server which we already own.
  • Project Viewer ($400) 5 concurrent licenses.
  • Runs on a Windows Server that we already own. ($0)

OPINION

I love this setup.  I’ll enumerate my thoughts:

  1. I don’t like MS Project, but I understand that Project Managers feel comfortable with it and over time executives have grown up using it.  So I see the need.  I just don’t like paying for multiple copies of MS Project when I don’t have to.
  2. The Project Viewer looks very much like MS Project, but it runs through the web on OSX, Windows, iOS etc.  So, when the executive team are being cool, they can work on iPads.
  3. The JIRA Connector works surprising well.  There are some procedural things you need to keep in mind when working with it due to fact that we have read-write users in both JIRA and MS Project.  These sorts of things are common sense to sysadmins, but need to be discussed with your team.
  4. JIRA is a great tool for software development.  Period.

One other aspect was added to this project now.  Basically, pretty PowerPoint’s are created and converted to PDFs for distribution to those who will be using the ‘Project Viewer’.  Embedded hyperlinks in the .PDF work great when the user needs additional detail.  Just one problem though, If you are using an older MS Office like 2003 it cannot save links in PDFs.  You’ll need 2007 or above and I don’t believe any version of Mac Office can save a hyperlink.

Reset mySQL password

Posted on by
Reply

Simple stuff assuming you haven’t forgotten your password.  If you have lost the password then read on below after the two methods

mysql -uroot
USE mysql;
UPDATE user
SET password = password
WHERE user = “root”;
flush privileges;
exit;

# or is you have a password – change it
mysqladmin -h localhost -u root password newpassword

I LOST MY PASSWORD

Easy enough, you have to start in safe mode and then use the first method above.  Safe mode is invoked by skipping hte grant table load:

/usr/bin/mysqld_safe –skip-grant-tables&

Working with ILOM on a Sun/Oracle System

Posted on by
Reply

#### STARTING STOPPING
The ILOM allows you to manage the system (SYS) with a few simple commands:

-> start /SYS
-> stop /SYS
-> reset /SYS

#### MANAGING AUTO BOOT MODE
-> set /HOST/bootmode script=”setenv auto-boot? false”
-> reset /SYS

#### FORCING A BREAK COMMAND
-> set /HOST send_break_action=break command
-> start /SP/console

#### GRAB A CONSOLE CONNECTION
-> start /SP/console

#### CREATE ILOM USER
-> create /SP/users/<username>
Creating user…
Enter new password: ********
Enter new password again: ********
Created /SP/users/<username>

#However, I want my team to be able to use this system just like they did the old ALOM systems
because it simplifies management for me when I’m on vacation.  Create the user as shown below
to have an old school ALOM experience.

-> create /SP/users/admin role=aucro cli_mode=alom
Creating user…
Enter new password: ********
Enter new password again: ********
Created /SP/users/admin

#### SET A PASSWORD
set /SP/users/root password

#### CHANGING THE IP
-> cd /SP/Network
-> set pendingipaddress=<ip_address>
-> set pendingipdiscovery=static
-> set pendingipnetmask=255.255.255.0
-> set pendingipgateway=<ip_address>
-> set commitpending=true

Remote Access in Solaris with the ALOM

Posted on by
Reply

Resetting the ALOM’s network setting is a little un-intuitive.

cd /usr/platform/`uname -i`/sbin

./scadm set netsc_ipaddr 172.16.3.27
./scadm set netsc_ipnetmask 255.255.0.0
./scadm set netsc_ipgateway 172.16.0.8

# Check your work
./scadm show | grep netsc

netsc_tpelinktest=”true”
netsc_dhcp=”false”
netsc_ipaddr=”172.16.3.27″
netsc_ipnetmask=”255.255.0.0″
netsc_ipgateway=”172.16.0.8″

You really need to have tpelinktest=”true” before proceeding.

# Reset the interface and then look at the settings.

./scadm resetrsc
./scadm shownetwork

keyword: solaris, eeprom, Sunfire