Archive for July, 2012

Set Idle Timeout Interval for User Logins

SSH allows administrators to set an idle timeout interval. After this interval has passed, the idle user will be
automatically logged out.

Find and edit the following lines in /etc/ssh/sshd_config as follows:

ClientAliveInterval interval
ClientAliveCountMax 0

The timeout interval is given in seconds. To have a timeout of 5 minutes, set interval to 300.

Badblocks - search a device for bad blocks

Important note: If the output of badblocks is going to be fed to the e2fsck or mke2fs programs, it is important that the block size is properly specified, since the block numbers which are generated are very dependent on the block size in use by the filesystem. For this reason, it is strongly recommended that users not run badblocks directly, but rather use the -c option of the e2fsck and mke2fs programs.

badblocks -nvs /dev/sdb

This would check the drive “sdb” in non-destructive read-write mode and display progress by writing out the block numbers as they are checked.

badblocks -wvs /dev/sdb6

This would check the sixth partition of the drive “sdb”, in destructive read-write mode and display progress by writing out the block numbers as they are checked. All data will be overwritten at the block level. If used on an entire disk as in the previous example, it destroys MBRs, partitions and data alike.

Yesterday, we have found an insane cpu overload generated from nowhere on several machines we manage, this was related to The leap second that was inserted on Saturday night, this can cause permanent high CPU loads on Linux computers (Debian and CentOS/RHEL mainly). Among other examples, the behaviour is documented in the blog of the Mozilla Foundation, where strange peak loads on one Mozilla server were observed from the time the leap second was added.

A quick fix to solve this is by performig a quick reboot of the server (Notice that rebooting server services such as httpd, mysqld, even tomcat will not work). If you found a reboot it is impossible because of downtime issues, you can solve the issue by stopping the NTP daemon and executing a Perl script that reset the leap second bit in the kernel, the perl script can be found on the following article,

http://my.opera.com/marcomarongiu/blog/2012/06/01/an-humble-attempt-to-work-around-the-leap-second

The root of the behaviour is located in the Linux kernel, where a leap second that is triggered by the NTP subsystem results in a deadlock situation. The problem appears to affect all kernel versions from 2.6.26 up to and including 3.3.

A further topic discussion concerning this behaviour can be followed on the link below,

http://serverfault.com/questions/403732/anyone-else-experiencing-high-rates-of-linux-server-crashes-during-a-leap-second

Should you require further support to patch/upgrade your kernel or solve this issue, please submit a Hour of Support,

http://www.serverbuddies.com/hour-server-support.php

SBDavid

How to disable Zeroconf Networking

How to disable Zeroconf Networking

Zeroconf networking allows the system to assign itself an IP address and engage in IP communication without a statically-assigned address or even a DHCP server. Automatic address assignment via Zeroconf (or DHCP) is not recommended.

To disable Zeroconf automatic route assignment in the 169.245.0.0 subnet, add or correct the following line in /etc/sysconfig/network

NOZEROCONF=yes

Zeroconf addresses are in the network 169.254.0.0. The networking scripts add entries to the system’s routing table for these addresses. Zeroconf address assignment commonly occurs when the system is configured to use DHCP but fails to receive an address assignment from the DHCP server.

« Prev