pptpd on Debian doesn’t write any logs

pptpd on Debian doesn’t write any logs

I'm trying to set up PPTP server with Debian Squeeze.
The problem is nothing is being written in the logs (neither in messages nor in debug nor in daemon.log) though debug and dump options are set. The only line I get after pptpd restart is:
# tail -n 1 /var/log/daemon.log
Dec 21 00:25:09 vpn pptpd[1965]: MGR: Manager process started

The daemon starts, the port is listened and available to connect. But no logs... I've tried to find pptpd-dbg but debian has no such package.
Any ideas on what's wrong with my config? pptpd or rsyslog ones. Is there any way to get pptpd debug output on stdout? 
pptpd version 1.3.4-3 (set up from stable repository)
rsyslog version 4.6.4-2 (set up from stable repository)

Configurations:
pptpd.conf
# egrep -v '^#.*' /etc/pptpd.conf  | egrep -v '^$'
ppp /usr/sbin/pppd
option /etc/ppp/pptpd-options
debug
logwtmp
delegate

pptpd-options
# egrep -v '^#.*' /etc/ppp/pptpd-options  | egrep -v '^$'
name vpn
domain example.com
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
nomppe-40
nodefaultroute
debug
dump
lock
nobsdcomp 
auth

rsyslog.conf
# egrep -v '^#.*' /etc/rsyslog.conf  | egrep -v '^$'
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$IncludeConfig /etc/rsyslog.d/*.conf
auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog
daemon.*                        -/var/log/daemon.log
kern.*                          -/var/log/kern.log
lpr.*                           -/var/log/lpr.log
mail.*                          -/var/log/mail.log
user.*                          -/var/log/user.log
mail.info                       -/var/log/mail.info
mail.warn                       -/var/log/mail.warn
mail.err                        /var/log/mail.err
news.crit                       /var/log/news/news.crit
news.err                        /var/log/news/news.err
news.notice                     -/var/log/news/news.notice
*.=debug;\
        auth,authpriv.none;\
        news.none;mail.none     -/var/log/debug
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none          -/var/log/messages
*.emerg                         *
daemon.*;mail.*;\
        news.err;\
        *.=debug;*.=info;\
        *.=notice;*.=warn       |/dev/xconsole

Solutions/Answers:

Answer 1:

I’m sorry…
Packet filter misconfiguration.

pptpd begins to write to the log file only when it receives a connection. IMHO it should dump the configuration earlier, at start but that’s not the topic of the question.

Answer 2:

Is /var/log/debug also empty? Try adding kdebug 1 to pptpd-options. To see pptpd output, run

pptpd -d -f -c /etc/pptpd.conf

References

Use authentication with Dante Socks

Use authentication with Dante Socks

I just set up my dante socks proxy and it works just fine without authentication. Now I want only certain users to be able to use it tho. Preferably only those users that are in the passwd. What would you guys recommend me using? Can I somehow use PAM and link it to my passwd? What other authentication is there and how would they work? For example would an authentication window pop up, before the user would be able to browse?

Solutions/Answers:

Answer 1:

If you want to allow all users from your passwd, and only them, you can simply say:

method: username

But if you decide to have all the PAM features, modules and hassle:

method: pam
pam.servicename: sockd_myservice

In PAM you need to configure a new stack for “sockd_myservice”, look for example how “ssh” service is configured to allow sshd to use PAM.

Pre-requisite to either username or pam methods is:

user.privileged    : root
user.notprivileged : socks     # some non-root user name

References

OSSEC: Unblock an IP and increase tresshold

OSSEC: Unblock an IP and increase tresshold

I just set up OSSEC, but I accidentally shut myself out already from my home ip. 
So does OSSEC have a function to unblock an IP after it is blocked or do I need to do this manually in iptables ?
Also does OSSEC provide a way to temporary ban IP's ? 

Solutions/Answers:

Answer 1:

To manually unblock them you need to change the ‘add’ to ‘delete’, so to the delete the previous rules it would be:

/var/ossec/active-response/bin/host-deny.sh delete - 188.163.238.252 1328614852.61546 5712
/var/ossec/active-response/bin/firewall-drop.sh delete - 188.163.238.252 1328614852.61546 5712

Sometimes rules are to strict or not strict enough. You might want to change something or add something yourself. This can be done in local_rules.xml file. Suggest we want to increase the tresshold of failed login on http auth for apache2. If we look at the apache_rules.xml we see a number of rules. The interesting one is:

 <rule id="30119" level="12" frequency="6" timeframe="120">
    <if_matched_sid>30118</if_matched_sid>
    <same_source_ip />
    <description>Multiple attempts blocked by Mod Security.</description>
    <group>access_denied,</group>
  </rule>

To change the frequency from 6 to 10, we need to copy the rule and paste it in local_rules.xml. Then we add a parameter overwrite=”yes” to tell OSSEC it needs to overwrite the rule defined in apache_rules.xml and instead use the one defined in local_rules.xml. The rule would look like this:

 <rule id="30119" level="12" frequency="10" timeframe="120" overwrite="yes">
    <if_matched_sid>30118</if_matched_sid>
    <same_source_ip />
    <description>Multiple attempts blocked by Mod Security.</description>
    <group>access_denied,</group>
  </rule>

If we want to completely ignore this rule as it is not relevant for us, we just change the level to 0:

 <rule id="30119" level="0" frequency="10" timeframe="120" overwrite="yes">
    <if_matched_sid>30118</if_matched_sid>
    <same_source_ip />
    <description>Multiple attempts blocked by Mod Security.</description>
    <group>access_denied,</group>
  </rule>

Excerpt from my blog answers this question.

Answer 2:

An I-need-to-unblock-IP-quickly approach (replace 1.2.3.4 with your IP):

$ iptables -L | grep 1.2.3.4
$ grep 1.2.3.4 /etc/hosts.deny

If the IP is found in iptables's DROP rule, then run:

/var/ossec/active-response/bin/firewall-drop.sh delete - 1.2.3.4

If the IP is found in /etc/hosts.deny, then run

/var/ossec/active-response/bin/host-deny.sh delete - 1.2.3.4

References

My server doesn’t seem to be caching anything well

My server doesn’t seem to be caching anything well

I have a VPS from tocici (via BuildYourVPS). It's got 4 GB of RAM (2 GB of it "burst" RAM).
This server has some severe performance issues, however. First, a quick explanation of what this server runs:

Debian 5
Apache (generally up to date)
fcgi for PHP
mysqld
Some other trivial stuff that it runs


memcached, but...


The webserver mainly serves up MediaWiki. Caching is turned entirely off in MW's configuration; enabling memcached is actually slower somehow, even though memcached reports decent to great hit rates when enabled (60%, then rises to 90% over time). 
The biggest chokehold that seems to be strangling my server's performance is just disk i/o. It's so bad that even a simple ls can take forever:
xkeeper@localhost:~/logs/wiki.rustedlogic.net$ time ls /root
.  ..  .aptitude  [...]
real    0m0.766s

xkeeper@localhost:~/logs/wiki.rustedlogic.net$ time ls /usr/
.  ..  bin  games  include  lib  local  sbin  share  src  X11R6
real    0m1.460s
user    0m0.000s
sys     0m0.004s
At some times it can get really bad, like this. It's gone further, but...
xkeeper@localhost:~$ time ls /etc/log 
ls: cannot access /etc/log: No such file or directory 

real 0m3.887s
The iowait can be so awful at times that even restarting mysqld will actually fail because it times out. (Attempting to /etc/init.d/mysqld restart again will work, though, usually much faster).
I'm at a loss for what to do next.
Here is a chart from Monit showing the CPU usage at this particular time (the drop at the right being when I restarted Apache and MySQL):

The server isn't exactly choking on RAM, either. Trying to search for a way to increase caching (outside of increasing MySQL's key cache and other things) has proved mostly fruitless; even with outright doubling the cache sizes in MySQL it doesn't seem to have made much of an impact yet.

If you think it will help, you can also view the full stats page with rolling charts. 
Running iostat:
avg-cpu:  %user   %nice %system %iowait  %steal   %idle
           0.00    0.00    0.00   99.18    0.00    0.82
          13.82    0.00    0.88  941878736.18    0.00  142.11
           0.69    0.00    0.69    6.21    0.00   92.41

Solutions/Answers:

Answer 1:

You’re mostly out of options with regards to making the VPS perform better since you’re sharing the system with many others (sounds like the days of mainframes are returning \o/ ).

I would say get a dedicated server, or at the very least make sure to choose a VPS provider who doesn’t over utilize its servers.

References

A script that updates interfaces if /etc/network/interfaces changes

A script that updates interfaces if /etc/network/interfaces changes

[This is for Debian Squeeze, but applies to Ubuntu and other Linux distros.]
I have a rather complex /etc/network/interfaces file which is generated based on various factors (number of interfaces, are bridges needed, vlans, etc).  After the new file is generated, I need to ifup any new interfaces and ifdown any obsolete interfaces; and I might have to reboot if the primary interface changes (for example, it changes from eth0 or br0).
Right now I figure out what to ifup/ifdown manually.
Is there a script that will do this for me?

Solutions/Answers:

Answer 1:

I don’t know how you currently modify/generate your /etc/network/interfaces. Probably the best solution would be to use a configuration management tool (such as Puppet, Chef or Cfengine) to do this task, and have it call ifup when the file is modified. Such tools are tailored for tasks like this one. You could even benefit from Puppet’s templating capabilities or the Augeas provider to modify your file.

Another solution would be to use inotify. For examople, you could set up incron to call ifup every time /etc/network/interfaces is modified.

Answer 2:

I don’t know of any readily available script for this use-case, but hacking together a simple shell script for this task shouldn’t be too hard.

Answer 3:

This is how I manage ifcfg files with puppet. I create a directory under files/ for each host, e.g.:

modules/network/files/foohostname/
modules/network/files/someotherhostname/

Then in modules/network/manifests/init.pp I do the following:

  1. Copy all files in modules/network/files/hostname/ to the network scripts directory on the host.
  2. Run service network start or /etc/init.d/network start when any files are added/changed. I’ve found that service network start will bring up any interfaces that are not up yet, but won’t kill my existing network connections.
class network {
  # copy all ifcfg files from files/hostname/ directory to network-scripts/ 
  # other files in network-scripts/ will not be touched.
  file { '/etc/sysconfig/network-scripts/':
      recurse => true,
      purge   => false,
      owner   => root,
      group   => root,
      ignore  => '\.svn', # this is specific to me as I use svn.
      source  => "puppet:///modules/network/${hostname}/",
  }

  # if anything changes with the above File resource, then fire network start to bring them up.
  # this won't restart the network, only bring up any ifaces that are not up yet.
  exec{ 'network-ifup':
      command     => 'service network start',       
      refreshonly => true,
      subscribe   => File['/etc/sysconfig/network-scripts/'],
  }        
}

FYI some of the above may be a little CentOS/RHEL-specific.

References

Nginx slow connect

Nginx slow connect

Im trying to diagnose a connection issue with nginx on debian. there is an delay of anything from 2-10 seconds on the connection, im using curl to test:
curl -o /dev/null -w "Connect: %{time_connect} TTFB: %{time_starttransfer} Total time: %{time_total} \n" -s http://example.com/forumhome.css
Connect: 0.657 TTFB: 1.183 Total time: 7.150


Here is a pastebin of the tcpdump output for the curl request above: http://pastebin.com/2tdZHqFr

I have also tested using webpagetest.org from different locations and the same connection issue exists.
the files are served from an ssd mounted on another machine.
Linux main 2.6.32-5-amd64 #1 SMP Wed May 18 23:13:22 UTC 2011 x86_64 GNU/Linux
nginx conf:
user www-data;
worker_processes  4;
worker_rlimit_nofile 802768;
error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

events {
use epoll;
worker_connections 60000;
multi_accept on;
}

http {
include       /etc/nginx/mime.types;

#  access_log   /var/log/nginx/access.log;
access_log off;
sendfile        off;
keepalive_timeout  75;
tcp_nodelay        on;
keepalive_requests   2000;
connection_pool_size       8192;
client_body_buffer_size     1024K;
client_header_buffer_size   8k;
client_max_body_size          10M;
fastcgi_buffers 4 256k;
fastcgi_buffer_size 128k;
fastcgi_busy_buffers_size 256k;
large_client_header_buffers 8 8k;
ignore_invalid_headers          on;

client_header_timeout  60;  
client_body_timeout    60;
send_timeout          60;   

output_buffers   8 32k;
postpone_output  0;
server_name_in_redirect off;
server_tokens           off;

tcp_nopush  on;

gzip on;
gzip_min_length  1100;
gzip_buffers    32 8k;
    gzip_comp_level 2;
gzip_types       text/plain text/html application/x-javascript text/xml text/css text/javascript;
gzip_vary on;

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
    }

sysctl here -> pastebin systcl
site.conf:
open_file_cache max=5000 inactive=20s;
open_file_cache_valid    30s;
open_file_cache_min_uses 2;
open_file_cache_errors   on;

server {
listen   80 ; ## listen for ipv4

server_name example.com;    
root /mnt/ssd/www/static;

location ~* \.(css|js)$ {

expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";

}
}

ifconfig eth0:
eth0  Link encap:Ethernet  HWaddr 00:15:17:26:b4:bd  
      inet addr:x.x.x.x  Bcast:x.x.x.x  Mask:255.255.254.0
      inet6 addr: fe80::215:17ff:fe26:b4bd/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:9000  Metric:1
      RX packets:1136534270 errors:0 dropped:0 overruns:0 frame:0
      TX packets:623191419 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000 
      RX bytes:174357516836 (162.3 GiB)  TX bytes:323522620298 (301.3 GiB)
      Memory:e1a00000-e1a20000 

cat /proc/cpuinfo:
model name  : Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz

cat /proc/meminfo:
MemTotal:        4058884 kB
MemFree:         3366684 kB
Buffers:          117632 kB
Cached:           288320 kB

Solutions/Answers:

Answer 1:

Best check your forward and (especially) reverse dns lookups. This is a usual cause of “slow”.

References

select() hangs due to resource exhaustion – but what resource?

select() hangs due to resource exhaustion – but what resource?

Connecting to my server via sftp sometimes results in a hang here:
if (select(max+1, rset, wset, NULL, NULL) < 0) {
which is line 1428 from openssh 5.2p1's sftp-server.c (main loop of sftp_server_main()).
The same hang occurs when opening a data connection over e.g. vanilla
FTP. I am sometimes able to get through after a number of seconds or
minutes, but sometimes the connection times out on the client side
before the server is able to respond. When the server does respond and
I am connected, then if I issue e.g. 'ls' it will hang again at the
select() for some time.
ssh is OK; can connect with no delay and issue commands, etc.
I don't think it's socket death:
root@dl:~# cat /proc/net/sockstat
sockets: used 304
TCP: inuse 444 orphan 302 tw 152 alloc 451 mem 5280
UDP: inuse 4
RAW: inuse 0
FRAG: inuse 0 memory 0

root@dl:~# netstat -tan | awk '{print $6}' | sort | uniq -c
    2 CLOSE_WAIT
  121 CLOSING
    1 established)
  109 ESTABLISHED
    17 FIN_WAIT1
    9 FIN_WAIT2
    1 Foreign
  300 LAST_ACK
    20 LISTEN
    2 SYN_RECV
  433 TIME_WAIT

It also doesn't seem to be out of file descriptors but I'm not 100%
sure on that. And even if it were, wouldn't that produce an error, not
hang?
It does seem to be somewhat related to the number of connections
nginx is serving. I can shut down nginx and the problem goes
away. Having said this, nginx and apache are able to coexist in
this state with no problem (apache never hangs). People can also
connect to an IRC server on the same machine with no problem during
these "episodes". So maybe it is limited to select()?
What resource is nginx using that is not sockets/file descriptors
that is causing select() to hang? I am pulling my hair out over this.
I've tried all of the usual network tuning stuff (the various settings
through sysctl, reducing the timeouts), all with no effect. The machine is not out of RAM and CPU and I/O are both fine.
Linux dl 2.6.26-2-486 #1 Sat Jun 11 14:47:34 UTC 2011 i686 GNU/Linux
It's running Debian Lenny.
What might cause select() to hang checking some sockets?

Solutions/Answers:

Answer 1:

Two things:

  1. A bug in the code calling 'select'.

  2. No information has been received yet.

Answer 2:

I have now solved this problem; please see my more recent question for the details. Basically, the server was suffering from a shortage of entropy (verified using cat /proc/sys/kernel/random/entropy_avail). Installing the haveged package via Debian backports resolved the very long hangs while using sftp, which presumably plugs into what David Schwartz said ("No information has been received yet") ... because it couldn't be encrypted. It's not clear to me at this time why ssh was not affected (or was not affected as much).

References

apache2 how to trace caller of SIGTERM

apache2 how to trace caller of SIGTERM

I have a dex x64 on  a virtualbox win7pro host. 
My apache2 will stop responding after a page request or other activity such as upload via ftp.
The php.cgi becomes non responsive and a restart is required
any help tracking down the culprit sending the SIGTERM would be much appreciated.
thx
Art
my apache2.conf has

ServerLimit 1024
StartServers 10
MinSpareServers 10
MaxSpareServers 20
MaxClients 1024
MaxRequestsPerChild 0
 `

From the apache2 log I have 
[Wed Jun 20 05:07:01 2012] [notice] caught SIGTERM, shutting down
[Wed Jun 20 05:07:03 2012] [notice] FastCGI: process manager initialized (pid 4369)
[Wed Jun 20 05:07:03 2012] [notice] Apache/2.2.16 (Debian) mod_fastcgi/2.4.6 PHP/5.3.3-7+squeeze13 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
and from the accounting output with lastcomm
php.cgi                www-data __         0.13 secs Wed Jun 20 04:49
lastcomm               root     pts/2      0.10 secs Wed Jun 20 04:49
php.cgi                www-data __         0.18 secs Wed Jun 20 04:49
php.cgi                www-data __         0.18 secs Wed Jun 20 04:47
apache2                root     pts/1      0.02 secs Wed Jun 20 04:46
tput                   root     pts/1      0.00 secs Wed Jun 20 04:46
apache2           F    root     pts/1      0.00 secs Wed Jun 20 04:46
apache2ctl             root     pts/1      0.00 secs Wed Jun 20 04:46
apache2          S     root     pts/1      0.77 secs Wed Jun 20 04:46
rm                     root     pts/1      0.01 secs Wed Jun 20 04:46
install                root     pts/1      0.01 secs Wed Jun 20 04:46
mkdir                  root     pts/1      0.00 secs Wed Jun 20 04:46

apache2ctl        F    root     pts/1      0.00 secs Wed Jun 20 04:46
sleep                  root     pts/1      0.00 secs Wed Jun 20 04:46
apache2          SF    root     __         0.54 secs Wed Jun 20 04:34
apache2          SF    www-data __         0.14 secs Wed Jun 20 04:34
apache2          SF    www-data __         0.07 secs Wed Jun 20 04:34
apache2          SF    www-data __         0.06 secs Wed Jun 20 04:36
apache2          SF    www-data __         0.07 secs Wed Jun 20 04:34
apache2          SF    www-data __         0.11 secs Wed Jun 20 04:34
apache2          SF    www-data __         0.02 secs Wed Jun 20 04:34
apache2          SF    www-data __         0.04 secs Wed Jun 20 04:34
apache2          SF    www-data __         0.06 secs Wed Jun 20 04:34
apache2          SF    www-data __         0.08 secs Wed Jun 20 04:34
apache2          SF    www-data __         0.03 secs Wed Jun 20 04:34
apache2          SF    www-data __         0.02 secs Wed Jun 20 04:34
apache2          SF    www-data __         0.01 secs Wed Jun 20 04:34
grep                   root     pts/1      0.00 secs Wed Jun 20 04:46
apache2ctl             root     pts/1      0.02 secs Wed Jun 20 04:46
apache2                root     pts/1      0.24 secs Wed Jun 20 04:46
apache2          SF    www-data __         0.00 secs Wed Jun 20 04:34
apache2ctl        F    root     pts/1      0.00 secs Wed Jun 20 04:46
apache2ctl             root     pts/1      0.00 secs Wed Jun 20 04:46
apache2                root     pts/1      0.22 secs Wed Jun 20 04:46
apache2ctl        F    root     pts/1      0.01 secs Wed Jun 20 04:46
apache2           F    root     pts/1      0.00 secs Wed Jun 20 04:46
grep                   root     pts/1      0.00 secs Wed Jun 20 04:46
tr                     root     pts/1      0.00 secs Wed Jun 20 04:46
pidof            S     root     pts/1      0.11 secs Wed Jun 20 04:46
cat                    root     pts/1      0.00 secs Wed Jun 20 04:46
apache2           F    root     pts/1      0.00 secs Wed Jun 20 04:46
grep                   root     pts/1      0.00 secs Wed Jun 20 04:46
tr                     root     pts/1      0.00 secs Wed Jun 20 04:46
pidof            S     root     pts/1      0.05 secs Wed Jun 20 04:46
cat                    root     pts/1      0.01 secs Wed Jun 20 04:46
apache2           F    root     pts/1      0.00 secs Wed Jun 20 04:46
apache2ctl             root     pts/1      0.00 secs Wed Jun 20 04:46
apache2                root     pts/1      0.34 secs Wed Jun 20 04:46
apache2ctl        F    root     pts/1      0.00 secs Wed Jun 20 04:46
apache2           F    root     pts/1      0.00 secs Wed Jun 20 04:46
apache2           F    root     pts/1      0.00 secs Wed Jun 20 04:46
smbd             SF    root     __         0.25 secs Wed Jun 20 04:46
php.cgi                www-data __         0.14 secs Wed Jun 20 04:45
php.cgi                www-data __         0.19 secs Wed Jun 20 04:42
cron             SF    root     __         0.02 secs Wed Jun 20 04:39
sh               S     root     __         0.00 secs Wed Jun 20 04:39
find                   root     __         0.00 secs Wed Jun 20 04:39
maxlifetime            root     __         0.02 secs Wed Jun 20 04:39
php5                   root     __         0.13 secs Wed Jun 20 04:39
which                  root     __         0.00 secs Wed Jun 20 04:39
exim4            S     root     __         0.01 secs Wed Jun 20 04:37
php.cgi                www-data __         0.04 secs Wed Jun 20 04:36
php.cgi                www-data __         0.12 secs Wed Jun 20 04:35
php.cgi                www-data __         0.11 secs Wed Jun 20 04:35
php.cgi                www-data __         0.14 secs Wed Jun 20 04:34
lastcomm               root     pts/2      0.09 secs Wed Jun 20 04:34
apache2                root     pts/1      0.02 secs Wed Jun 20 04:34
tput                   root     pts/1      0.00 secs Wed Jun 20 04:34
apache2           F    root     pts/1      0.00 secs Wed Jun 20 04:34
apache2ctl             root     pts/1      0.00 secs Wed Jun 20 04:34
apache2          S     root     pts/1      0.54 secs Wed Jun 20 04:34
rm                     root     pts/1      0.00 secs Wed Jun 20 04:34
install                root     pts/1      0.00 secs Wed Jun 20 04:34
mkdir                  root     pts/1      0.00 secs Wed Jun 20 04:34
apache2ctl        F    root     pts/1      0.00 secs Wed Jun 20 04:34
sleep                  root     pts/1      0.00 secs Wed Jun 20 04:34
apache2          SF    root     __         0.80 secs Wed Jun 20 03:58
sleep                  root     pts/1      0.00 secs Wed Jun 20 04:34
apache2          SF    www-data __         0.26 secs Wed Jun 20 03:58
apache2          SF    www-data __         0.12 secs Wed Jun 20 03:59
apache2          SF    www-data __         0.13 secs Wed Jun 20 03:58
apache2          SF    www-data __         0.13 secs Wed Jun 20 03:59
apache2          SF    www-data __         0.15 secs Wed Jun 20 03:58
apache2          SF    www-data __         0.18 secs Wed Jun 20 03:58
apache2          SF    www-data __         0.07 secs Wed Jun 20 04:21
apache2          SF    www-data __         0.18 secs Wed Jun 20 03:58
apache2          SF    www-data __         0.17 secs Wed Jun 20 03:58
apache2          SF    www-data __         0.30 secs Wed Jun 20 03:58
apache2          SF    www-data __         0.09 secs Wed Jun 20 03:58
apache2          SF    www-data __         0.02 secs Wed Jun 20 04:13

Solutions/Answers:

Answer 1:

The SIGTERM is most likely the restart operation. The server is shutdown with SIGTERM and then started again according to your logs.

This doesn’t explain the stuck server though.

I think the SIGTERM is not what you should be looking for.

References

Nginx reverse proxy not passing through root (/)

Nginx reverse proxy not passing through root (/)

I have set up Nginx as a reverse proxy to Apache on a web server.
Nginx is listening on 0.0.0.0:80 and passing through to 127.0.0.1:81
This all seems to be working fine, except when I first load the site at the root level (i.e. http://example.com/) nginx is not passing through to Apache, instead displaying the 'Welcome to Nginx!' page.
If I CTRL+F5 it will pass through to Apache, also passes through to Apache if I load any other pages on the site..
My vhost is set up as follows:
server {
    listen       0.0.0.0:80;
    server_name domain.com.au;
    access_log /var/log/nginx/default.access.log;

    location / {
    proxy_pass http://127.0.0.1:81/;
    include /etc/nginx/proxy_params;
}
}

My proxy_params is set up as follows:
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Any help on this one is greatly appreciated!

Solutions/Answers:

Answer 1:

Ok, managed to fix this by adding the following to proxy_params:

proxy_redirect off;

Not really sure why this would fix it, but it did!

References

Debian and active directory authentication

Debian and active directory authentication

I'm trying to link a debian server authentication to active directory.
I followed this tutorial: http://wiki.debian.org/Authenticating_Linux_With_Active_Directory but I'm stuck on the 
getent passwd

Because this doesn't list all AD users but only locals.
This is my nsswitch.conf:
passwd:         files winbind
group:          files winbind
shadow:         files winbind

And I'm sure it is well connected to AD becuse this:
wbinfo -u

Lists all AD users.
What have I missed?

Solutions/Answers:

Answer 1:

If you are not running getent passwd as root, this is expected behaviour in most cases as as a standard user should not get access to the user list. Knowing the username of a user you could check via

$ getent passwd <username>

too. This should be possible for root and non-root users.

If this does not work, you should take a look at the logs:

  • /var/log/krb5.log
  • /var/log/auth.log
  • /var/log/samba/*

References