Category Archives: Linux

Linux being one of the most widely used system now a days we shared tips here which user may find useful
The commands and tricks being shared are already implemented on production servers
which you can use without any worries.

Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again

While working on a server on installing php 5.6 on centos 6 OS

I was getting error “Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again”

After googleing around I found this issue is due to https mentioned in the .repo file in /etc/yum.repos.d

[root@host yum.repos.d]# ls -la
total 28
drwxr-xr-x. 2 root root 4096 Oct 28 05:15 .
drwxr-xr-x. 80 root root 4096 Oct 28 05:16 ..
-rw-r–r–. 1 root root 954 Oct 28 05:15 epel.repo
-rw-r–r–. 1 root root 1056 Nov 4 2012 epel-testing.repo
-rw-r–r–. 1 root root 966 Jul 4 2015 webtatic-archive.repo
-rw-r–r–. 1 root root 862 Oct 28 05:15 webtatic.repo
-rw-r–r–. 1 root root 966 Jul 4 2015 webtatic-testing.repo

I checked in all files with .repo extension and  an replaced all https with http and  all repository started working fine

 

 

 

cPanel – Can’t change hostname

While setting hostname from WHM  >>  Change Hostname
We were seeing below error
“The hostname was already set to server1k.online.net, syncing configuration only.
Error setting new hostname: Could not execute hostname binary
Could not set property: Connection timed out”
After googling found a alternate solution to this via cli
The command was   /usr/local/cpanel/bin/set_hostname  <hostname>

It would and could change hostname 🙂

 

Disable Mails from single cPanel account

We were having an issue where spams emails were sent from single cpanel account

We could not suspend the account and disable emails

So the solution to this was to keep website online and disable only emails

we use the below method to disable emails for a single cPanel account.

SSH to server and use below steps to disable cpanel for any account

The newwebho is the cpanel user name

root@online [~]# chmod 0 /home/newwebho/etc/
root@online[~]# chattr +ia /home/newwebho/etc/
root@eu [~]#

 

 

view external: query (cache) ‘.in-addr.arpa/PTR/IN’ denied

While working on some issue on clients server I could

see large number of DNS request in /var/log/messages which were flooding DNS server

Jul 27 12:48:55 oklahoma named[14354]: client 74.125.72.2#33485: view external: query (cache) ‘192.245.129.104.in-addr.arpa/PTR/IN’ denied
Jul 27 12:48:55 oklahoma named[14354]: client 173.194.103.8#53106: view external: query (cache) ‘31.249.129.104.in-addr.arpa/PTR/IN’ denied
Jul 27 12:48:55 oklahoma named[14354]: client 74.125.72.147#39348: view external: query (cache) ‘27.249.129.104.in-addr.arpa/PTR/IN’ denied
Jul 27 12:48:55 oklahoma named[14354]: client 173.194.103.7#40721: view external: query (cache) ‘34.249.129.104.in-addr.arpa/PTR/IN’ denied
Jul 27 12:48:55 oklahoma named[14354]: client 173.194.90.9#63592: view external: query (cache) ‘192.245.129.104.in-addr.arpa/PTR/IN’ denied

 

The solution for such issues is by adding few parameter in /etc/named.conf which is bind configuration file

Add the following under options:
recursion no;
additional-from-auth no;
additional-from-cache no;

and restart named

and now I see no such request coming to DNS which has fixed DNS flood issue

Disable Ipv6 on Centos-5

On up-to-date RHEL5 or CentOS5 (currently that means 5.10 aka 5U10)

Add the following line to /etc/sysctl.conf:

On a live system you can disable it with:

Disable Strict Mode mysql mariadb

While working on WHMCS I was not able to generate tickets

I found out issue was due to mysql being in strict mode

I tried disabling mysql strict mode  by adding entries in  /etc/my.cnf

sql_mode=””

However it didnt work out.

I have found that there is a /usr/my.cnf file that is enabling strict mode on  server.

This file contained the following:

====
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
====

I removed the STRICT_TRANS_TABLES option and saved the file. All that is left is to restart the MySQL server. You can do this at your convenience with the following command:

====
/scripts/restartsrv_mysql
====

Once it is restarted, strict mode should be disabled.

mysqldump: Error: ‘Out of resources when opening file ‘/tmp/#sql_466b_2.MAI’

While creating of backup of mysql I was getting below error

mysqldump: Error: ‘Out of resources when opening file ‘/tmp/#sql_466b_2.MAI’ (Errcode: 24 “Too many open files”)’

The error is due to Mysql exceeding the limit of open files on mysql

So I just went ahead and saw the open file limit

MariaDB [(none)]> SHOW VARIABLES LIKE ‘open%’
->
-> ;
+——————+——-+
| Variable_name | Value |
+——————+——-+
| open_files_limit | 1024 |
+——————+——-+
1 row in set (0.00 sec)

 

I went ahead and added a parameter in /etc/my.cnf and restarted mysql to fix this issue

open_files_limit = 5000

 

 

SSL connect attempt failed error

While working on one of clients server I was getting below error while updating cpanel license in server

root@hoskb [~]# /usr/local/cpanel/cpkeyclt
Updating cPanel license…Done. Update Failed!
Error message:
Transition to SSL failed: SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

also while debugging did try yum update

however I got an error as well

root@host113 [~]# yum update
Loaded plugins: fastestmirror, rhnplugin
Traceback (most recent call last):
File “/usr/bin/yum”, line 29, in ?
yummain.user_main(sys.argv[1:], exit_code=True)
File “/usr/share/yum-cli/yummain.py”, line 309, in user_main
errcode = main(args)
File “/usr/share/yum-cli/yummain.py”, line 157, in main
base.getOptionsConfig(args)
File “/usr/share/yum-cli/cli.py”, line 187, in getOptionsConfig
self.conf
File “/usr/lib/python2.4/site-packages/yum/__init__.py”, line 665, in <lambda>
conf = property(fget=lambda self: self._getConfig(),
File “/usr/lib/python2.4/site-packages/yum/__init__.py”, line 254, in _getConfig
self.plugins.run(‘init’)
File “/usr/lib/python2.4/site-packages/yum/plugins.py”, line 179, in run
func(conduitcls(self, self.base, conf, **kwargs))
File “/usr/share/yum-plugins/rhnplugin.py”, line 124, in init_hook
login_info = up2dateAuth.getLoginInfo()
File “/usr/share/rhn/up2date_client/up2dateAuth.py”, line 222, in getLoginInfo
login()
File “/usr/share/rhn/up2date_client/up2dateAuth.py”, line 190, in login
li = server.up2date.login(systemId)
File “/usr/share/rhn/up2date_client/rhnserver.py”, line 64, in __call__
raise up2dateErrors.SSLCertificateVerifyFailedError()
up2date_client.up2dateErrors.SSLCertificateVerifyFailedError: The SSL certificate failed verification.
e/rhn/up2date_client/rhnserver.py”, line 64, in __call__
raise up2dateErrors.SSLCertificateVerifyFailedError()
up2date_client.up2dateErrors.SSLCertificateVerifyFailedError: The SSL certificate failed verification.

The solution was to recreate certificate bundle file

I moved the old ca.bundle to /backup

cp /etc/pki/tls/certs/ca-bundle.crt  /root/backup/

To fix the issue, just download a new certificate bundle. I used the one from haxx.se.

 curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt
The issue got fixed and can run any command on server without any issues

 

Source : http://eric.lubow.org/2011/security/fixing-centos-root-certificate-authority-issues/

No route to host: AH00056: connect to listener on [::]:443

While working on one of clients server I came across one of  the errors in Apache error logs

root@hosting [/usr/local/apache/logs]# tail -n 10 error_log
[Thu Jul 07 23:28:49.791175 2016] [core:warn] [pid 1845] (113)No route to host: AH00056: connect to listener on [::]:443

The error was due to basically iptables blocking

I went ahead and flushed iptables to get this issue resolved using below command

# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X#

/etc/init.d/iptables save
# /etc/init.d/iptables restart

I can see there are no more such errors now in error logs 🙂