Monthly Archives: July 2016

view external: query (cache) ‘.in-addr.arpa/PTR/IN’ denied

While working on some issue on clients server I could

see large number of DNS request in /var/log/messages which were flooding DNS server

Jul 27 12:48:55 oklahoma named[14354]: client 74.125.72.2#33485: view external: query (cache) ‘192.245.129.104.in-addr.arpa/PTR/IN’ denied
Jul 27 12:48:55 oklahoma named[14354]: client 173.194.103.8#53106: view external: query (cache) ‘31.249.129.104.in-addr.arpa/PTR/IN’ denied
Jul 27 12:48:55 oklahoma named[14354]: client 74.125.72.147#39348: view external: query (cache) ‘27.249.129.104.in-addr.arpa/PTR/IN’ denied
Jul 27 12:48:55 oklahoma named[14354]: client 173.194.103.7#40721: view external: query (cache) ‘34.249.129.104.in-addr.arpa/PTR/IN’ denied
Jul 27 12:48:55 oklahoma named[14354]: client 173.194.90.9#63592: view external: query (cache) ‘192.245.129.104.in-addr.arpa/PTR/IN’ denied

 

The solution for such issues is by adding few parameter in /etc/named.conf which is bind configuration file

Add the following under options:
recursion no;
additional-from-auth no;
additional-from-cache no;

and restart named

and now I see no such request coming to DNS which has fixed DNS flood issue

Disable Ipv6 on Centos-5

On up-to-date RHEL5 or CentOS5 (currently that means 5.10 aka 5U10)

Add the following line to /etc/sysctl.conf:

On a live system you can disable it with:

Disable Strict Mode mysql mariadb

While working on WHMCS I was not able to generate tickets

I found out issue was due to mysql being in strict mode

I tried disabling mysql strict mode  by adding entries in  /etc/my.cnf

sql_mode=””

However it didnt work out.

I have found that there is a /usr/my.cnf file that is enabling strict mode on  server.

This file contained the following:

====
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
====

I removed the STRICT_TRANS_TABLES option and saved the file. All that is left is to restart the MySQL server. You can do this at your convenience with the following command:

====
/scripts/restartsrv_mysql
====

Once it is restarted, strict mode should be disabled.

mysqldump: Error: ‘Out of resources when opening file ‘/tmp/#sql_466b_2.MAI’

While creating of backup of mysql I was getting below error

mysqldump: Error: ‘Out of resources when opening file ‘/tmp/#sql_466b_2.MAI’ (Errcode: 24 “Too many open files”)’

The error is due to Mysql exceeding the limit of open files on mysql

So I just went ahead and saw the open file limit

MariaDB [(none)]> SHOW VARIABLES LIKE ‘open%’
->
-> ;
+——————+——-+
| Variable_name | Value |
+——————+——-+
| open_files_limit | 1024 |
+——————+——-+
1 row in set (0.00 sec)

 

I went ahead and added a parameter in /etc/my.cnf and restarted mysql to fix this issue

open_files_limit = 5000

 

 

SSL connect attempt failed error

While working on one of clients server I was getting below error while updating cpanel license in server

root@hoskb [~]# /usr/local/cpanel/cpkeyclt
Updating cPanel license…Done. Update Failed!
Error message:
Transition to SSL failed: SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

also while debugging did try yum update

however I got an error as well

root@host113 [~]# yum update
Loaded plugins: fastestmirror, rhnplugin
Traceback (most recent call last):
File “/usr/bin/yum”, line 29, in ?
yummain.user_main(sys.argv[1:], exit_code=True)
File “/usr/share/yum-cli/yummain.py”, line 309, in user_main
errcode = main(args)
File “/usr/share/yum-cli/yummain.py”, line 157, in main
base.getOptionsConfig(args)
File “/usr/share/yum-cli/cli.py”, line 187, in getOptionsConfig
self.conf
File “/usr/lib/python2.4/site-packages/yum/__init__.py”, line 665, in <lambda>
conf = property(fget=lambda self: self._getConfig(),
File “/usr/lib/python2.4/site-packages/yum/__init__.py”, line 254, in _getConfig
self.plugins.run(‘init’)
File “/usr/lib/python2.4/site-packages/yum/plugins.py”, line 179, in run
func(conduitcls(self, self.base, conf, **kwargs))
File “/usr/share/yum-plugins/rhnplugin.py”, line 124, in init_hook
login_info = up2dateAuth.getLoginInfo()
File “/usr/share/rhn/up2date_client/up2dateAuth.py”, line 222, in getLoginInfo
login()
File “/usr/share/rhn/up2date_client/up2dateAuth.py”, line 190, in login
li = server.up2date.login(systemId)
File “/usr/share/rhn/up2date_client/rhnserver.py”, line 64, in __call__
raise up2dateErrors.SSLCertificateVerifyFailedError()
up2date_client.up2dateErrors.SSLCertificateVerifyFailedError: The SSL certificate failed verification.
e/rhn/up2date_client/rhnserver.py”, line 64, in __call__
raise up2dateErrors.SSLCertificateVerifyFailedError()
up2date_client.up2dateErrors.SSLCertificateVerifyFailedError: The SSL certificate failed verification.

The solution was to recreate certificate bundle file

I moved the old ca.bundle to /backup

cp /etc/pki/tls/certs/ca-bundle.crt  /root/backup/

To fix the issue, just download a new certificate bundle. I used the one from haxx.se.

 curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt
The issue got fixed and can run any command on server without any issues

 

Source : http://eric.lubow.org/2011/security/fixing-centos-root-certificate-authority-issues/

No route to host: AH00056: connect to listener on [::]:443

While working on one of clients server I came across one of  the errors in Apache error logs

root@hosting [/usr/local/apache/logs]# tail -n 10 error_log
[Thu Jul 07 23:28:49.791175 2016] [core:warn] [pid 1845] (113)No route to host: AH00056: connect to listener on [::]:443

The error was due to basically iptables blocking

I went ahead and flushed iptables to get this issue resolved using below command

# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X#

/etc/init.d/iptables save
# /etc/init.d/iptables restart

I can see there are no more such errors now in error logs 🙂

 

 

 

 

 

Strict standard error in PHP

While working on one of clients website after migration from PHP 5.3 to PHP 5.6

I would see the error on “[01-Jul-2016 02:18:54 America/Chicago] PHP Strict Standards:  Declaration of Countries::getAttribute() should be compatible with CActiveRecord”

On googling around I could see the issue was fixed by making changing few settings in php.ini

Add & ~E_STRICT to the end of the active error reporting line. For example, if your current setting is:

error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED

You would change it to read:

error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT

and restart httpd

This will fix the issue.

 

 

An installation already exists softacalous

While working on one server with cpanel I was facing this error

where I was getting “An installation already exists softacalous” while installing an application via softacalous

Where as in Softacalous I could not see any application installed.

While debugging I  found the error was occuring from  in file

/home/username/ .softaculous/ installations.php

I went ahead and truncated it and fixed this issue

 

How-To disable IPv6 on RHEL6 / CentOS 6 / etc

Proper way of disabling IPv6 subsytem in RedHat Linux 6 / CentOS 6 (dont unload modules or so)

in /etc/sysctl.conf  :  net.ipv6.conf.all.disable_ipv6 = 1

in /etc/sysconfig/network  : NETWORKING_IPV6=no

in /etc/sysconfig/network-scripts/ifcfg-eth0 : IPV6INIT=”no”

disable iptables6 – chkconfig –level 345 ip6tables off

reboot

done

 

Without reboot it can be done using below command to disable IPV6

root@host121 [~]# echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
root@host121 [~]# echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6

 

However on reboot will need to run same command again as it will revert back to original settings.