system tools. | ramblings of a sysadmin.

System Tools.

preventing against ddos attacks.

what is a ddos attack, you ask? a distributed denial of service (ddos) attack is when multiple computers try to flood your server with thousands of connections with the goal in mind to bring your server down for a good chunk of time.
a lot of people fall victim to these attacks daily.
they don’t have to.
(d)dos-deflate is an open-source tool that will prevent against any denial of service attacks. you can download it here.
all of the configuration files by default get stored in /usr/local/ddos/ddos.conf.
i’ve personally tweaked the system to ban the IP for a little longer than the default 600 seconds, and of course, don’t forget to change the email address so that the warnings go to you. (you wouldn’t want your IP being blocked accidentally and have your email warnings go to a possibly unchecked email address!)
you can also whitelist IP addresses by adding them, line by line, to /usr/local/ddos/ignore.ip.list.

i found another free useful tool today:
the file can be accessed right over here.
this tool will search for malicious files on your server and email you in the event that such files are found. right now, it’s intended to be used by cpanel users, although the application for plesk and other web administrator consoles are in development from what i have heard.
there are never too many security tools that you can install on your linux server, as each can do something different and may catch something that another does not.

disabling spamassassin in plesk for individual mailboxes.

today, i got a complaint from a user who didn’t like spam headers in his email. since spamassassin is the only spam-filtering addon installed on our servers, i knew that the best solution would be to disable spamassassin altogether for this particular email address.
the Plesk GUI, unfortunately, doesn’t make that easy. fortunately, with versions of plesk 7.5.3 and up, you can do it on the command-line as such:
# /usr/local/psa/bin/ –update -status false
this completely disables the spamassassin addon for this email address and eliminates all spam headers. while that is not what people nowadays want, it’s exactly what this guy wanted, and it works.

automated SQL database backups.

i found another awesome little tool today.
AutoMySQLBackup allows you to back up all of your databases on the fly. it’s fully customizable (you can select only to back up certain databases, or just use “all” to backup all databases) and you can get email results or the entire backup emailed to you via attachment.
this little utility makes me very happy. i’ve seen so many backup tools but nothing has been as usable and as versatile as this.

viewing and editing mail queues.

while i’m excited about getting mail to work on my linux box after such a long time, i think it’s appropriate to address some useful applications to view mail queues (and edit them whenever necessary).
first, let’s look at this in sendmail.
you can use one of the two commands below which essentially do the same thing:
# /usr/sbin/sendmail -bp
/var/spool/mqueue is empty
Total requests: 0

# mailq
/var/spool/mqueue is empty
Total requests: 0

if you have numerous messages in your queue and you want to empty them out, simply:
# cd /var/spool/mqueue
# rm

now, to do the same on qmail, you will need to get an application called qmHandle. once you install this, you can view the number of messages in the queue by typing:
# qmHandle -s
Messages in local queue: 0
Messages in remote queue: 47

if you want more detailed information, including messageid, from, to, and subject lines:
# qmHandle -l
you can delete items with problematic subject lines as such:
# qmHandle -S’failure notice’
# qmHandle -Sailure
will work just as well (and will delete all emails that include the text string “ailure” in the subject).
you can also view the subject/from/to of emails in the queue by typing:
fgrep Subject /var/qmail/queue/mess/*/*
fgrep From /var/qmail/queue/mess/*/*
this command is far more useful — it will search each email for any text in the email, whether body, subject, recipient, or sender.
any offensive emails in the queue? you now know where to go.
# fgrep Testing /var/qmail/queue/mess/*/*
# rm /var/qmail/queue/mess/12/28952688

finally, you can attempt to send all emails in the queue by using the command below:
# qmHandle -a
if the emails cannot be sent at any time for whatever reason, they will remain in the queue.

system monitoring tools.

i’ve always seen nagios in action, but i guess i’ve always been overwhelmed by all of the steps required to get the service running properly. however, with BobCares: Installing and Configuring Nagios, i now have a real robust monitoring system for a variety of services provided on my server.
this is real good stuff.


ever wonder if your system is hacked? i’ve been told about a bunch of applications, but nothing has impressed me like rkhunter has. this application has it all, and it also has very nifty CLI friendly output.
i’d also recommend chkrootkit, but i must say that i’m quite impressed with rkhunter and its ease of installation and use.
i have already set a cron job for this to be run on a regular basis to verify that my system is running smoothly.