ServerName server.domain.com
ServerAlias server server2.domain.com server2
ServerAlias *.example.com
# …

This issue is related to semaphores. To view how many semaphores you have use:

root@hal [~]# sysctl -a | egrep kernel.sem\|kernel.msgmni
kernel.sem = 250 32000 32 128
kernel.msgmni = 16

You can change this values by adding them in /etc/sysctl.conf and then using sysctl -p to activate them.
There is no need to reboot.

To remove sempahores use either one of these commands:

for i in `ipcs -s | grep nobody | awk ‘{print $2}’`; do ipcrm -s $i; done
/scripts/restartsrv_httpd

or in Perl

ipcs -s | grep nobody | perl -e ‘while () { @a=split(/\s+/); print `ipcrm sem $a[1]`}’

or with xargs

ipcs -s | grep nobody | awk ‘ { print $2 } ‘ | xargs ipcrm

or bash style

for ipsemId in $(ipcs -s | grep nobody | cut -f 2 -d ‘ ‘); do ipcrm $ipsemId;done

Other errors :

Cannot create SSLMutex

add in httpd.conf

SSLMutex sem

yum install squid

Example of squid.conf

http_port 10000
hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

acl ncsa_users proxy_auth REQUIRED
http_access deny !Safe_ports
http_access allow ncsa_users
visible_hostname mysite.com
coredump_dir /var/spool/squid

service squid start

Setting proxy for wget:

export http_proxy=http://anton:testinsg@mysite:10000

If you want to make it anonymous add these lines:

forwarded_for off

header_access Allow allow all
header_access Authorization allow all
header_access WWW-Authenticate allow all
header_access Proxy-Authorization allow all
header_access Proxy-Authenticate allow all
header_access Cache-Control allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Type allow all
header_access Date allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Last-Modified allow all
header_access Location allow all
header_access Pragma allow all
header_access Accept allow all
header_access Accept-Charset allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Content-Language allow all
header_access Mime-Version allow all
header_access Retry-After allow all
header_access Title allow all
header_access Connection allow all
header_access Proxy-Connection allow all
header_access Cookie allow all
header_access Set-Cookie allow all
header_access All deny all

acl ip4 myaclname yourip
tcp_outgoing_address yourip myaclname

Generate acl and tcp_outgoing_address:

for f in {314..372}; do echo “acl ip$((f))” myip aaa.bbb.ccc.$((f-246)) >> “blah1″; done
for f in {314..372}; do echo “tcp_outgoing_address aaa.bbb.ccc.$((f-246))” ip$((f)) >> “blah1″; done

Seems these things happen a lot these days. If you have a ssh account like root or an other valid user you can search an remove easier the infected code from your files.

First of all try to find a file that was infected and check the date of it with :

find . -mtime -2

Will search all files that were modified in the last 48 hours

Cisco way:

ip as-path access-list 1 deny _1234$
ip as-path access-list 1 deny _5678$
ip as-path access-list 1 permit .*

router bgp 100
neighbor 192.168.0.1 remote-as 200
neighbor 192.168.0.1 des ebgp-test
neighbor 192.168.0.1 filter-list 1 in

Juniper way:

protocols {
bgp {
group “ebgp-test” {
type external;
import test-in;
peer-as 200;
neighbor 192.168.0.1 {
}
}
policy-options {
policy-statement test {
from as-path [test test1];
then reject;
}
set policy-options as-path a “.*1234″
set policy-options as-path b “.*5678″
}

Interfaces

ae: Aggregated Ethernet A virtual aggregated link.
as: Aggregated SONET/SDH A virtual aggregated link.
at: ATM1 or ATM2 IQ Asynchronous Transfer Mode
cau4: Channelized AU-4 IQ Configured on the Channelized STM-1 IQ PIC.
coc1: Channelized OC-1 IQ Configured on the Channelized OC-12 IQ PIC.
coc12: Channelized OC-12 IQ Configured on the Channelized OC-12 IQ PIC.
cstm1: Channelized STM-1 IQ Configured on the Channelized STM-1 IQ PIC.
ce1: Channelized E1 IQ Configured on the Channelized E1 IQ PIC or Channelized
STM-1 IQ PIC.
ct1: Channelized T1 IQ Configured on the Channelized DS-3 IQ PIC or
Channelized OC-12 IQ PIC.
ct3: Channelized T3 IQ Configured on the Channelized DS-3 IQ PIC or
Channelized OC-12 IQ PIC.
cp: Collector Configured on the Monitoring Services II PIC.
ds: DS-0 Configured on the Channelized DS-3 to DS-0 PIC, Channelized E1 PIC, Channelized OC-12 IQ PIC
dsc: Discard Allows you to identify the ingress point of a denial-of-service (DoS) attack.
e1: E1 Includes the channelized STM-1 to E1 interfaces.
e3: E3 Includes the E3 IQ interfaces.
es: Encryption Allows you to configure a security association (SA) name
with a logical interface.
fe: Fast Ethernet 100Base-TX (Fast Ethernet, 100 Mbps).
fxp0: Management and internal Ethernet The management Ethernet interface is an out-of-bandmanagement interface within the routing platform.
fxp1: Interface that connects the routing engine and packet forwarding engine.
ge: Gigabit Ethernet Includes Gigabit Ethernet IQ interfaces.
gr: Generic Route Encapsulation tunnel Allows you to configure a unicast tunnel using GRE
encapsulation.
gre: Internally generated This interface is internally generated and is not
configurable.
ip: IP-over-IP encapsulation tunnel Allows you to configure a unicast tunnel using IP-IP
encapsulation.
ipip: Internally generated This interface is internally generated and is not
configurable.
lo Loopback This interface is internally generated. The logical
interface lo0.16383 is a non-configurable interface for routing platform control traffic.
ls: Link services Supports bundles that contain links.
lsi: Internally generated This interface is internally generated and is not
configurable.
ml: Multilink Includes Multilink Frame Relay and Multilink PPP.
mo: Monitoring services Includes the monitoring services and monitoring services
II interfaces. The logical interface mo-fpc/pic/port.16383 is an internally generated, non-configurable interface for routing platform control traffic.
mt: Multicast tunnel Internal routing platform interface for VPNs.
mtun: Internally generated This interface is internally generated and is not
configurable.
me0: – out of band management interface on ex switches
oc3: OC-3 IQ Configured on the Channelized OC-12 IQ PIC.
pe: This interface is present on the first-hop routing platform. Encapsulates packets destined for the rendezvous point (RP) routing platform.
pd: This interface is present on the RP De-encapsulates packets at the RP.
pimd: Internally generated This interface is internally generated and is not
configurable.
pime: Internally generated This interface is internally generated and is not
configurable.
rlsq: – a redundant bundle interface, made of two or more lsq interface. If you have redundant AS Pics.
se: Serial Includes the EIA-530, V.35, and X.21 interfaces.
so: SONET/SDH Both are widely used methods for very high speed
transmission of voice and data signals across the numerous world-wide fiber-optic networks.
sp: Adaptive services The logical interface sp-fpc/pic/port.16383 is an
internally generated, non-configurable interface for routing platform control traffic.
t1: T1 Includes the channelized DS-3 to DS-1 interfaces.
t3: T3 Includes the channelized OC-12 to DS-3 interfaces.
tap: Internally generated This interface is internally generated and is not
configurable.
vcp: – virtual chassis interface (EX4200 only)
vsp: Voice services The Adaptive Services (AS) Physical Interface Card (PIC)
supports the compressed real-time transport protocol (RTP) on this interface.
vt: Virtual loopback tunnel On routing platforms equipped with a Tunnel PIC,
enables egress filtering.
xe: – 1GE optical interface on ex switches

Juniper reference:
http://www.juniper.net/techpubs/software/nog/nog-interfaces/download/nog-interfaces.pdf

(more…)

I use this script on a cpanel server..if output of pgrep command is 0 then the $restart command is issued

#!/bin/bash
restart=”/scripts/restartsrv_httpd”
pgrep httpd || $restart
exit 0

If its a VPS then I might add to clear the Semaphore Arrays.

for i in `ipcs -s | grep nobody | awk ‘{print $2}’`; do ipcrm -s $i; done

Then I put this script into Cron to run every 5 minutes.

# MIN HOUR DAYOFMONTH MONTH DAYOFWEEK COMMAND
*/5 * * * * /root/checkhttp.sh

RPM has an option (–prefix) that allows users to install rpms in other directories than the default ones.
Packages that allow to be installed in other directories are called : relocatable

[root@localhost gcc]# rpm -qpi libxslt-1.1.24-4.fc11.i586.rpm | grep Relocations
Name : libxslt Relocations: /usr
[root@localhost gcc]# rpm -qi libxslt | grep Relo
Name : libxslt Relocations: /usr

So basically you can install this package in other directory.

[root@localhost gcc]# rpm -ihv libxslt-1.1.24-4.fc11.i586.rpm –prefix $PWD –force
Preparing… ########################################### [100%]
1:libxslt ########################################### [100%]
[root@localhost gcc]# ls
bin lib libxslt-1.1.24-4.fc11.i586.rpm share

For example gcc is not relocatable and installing it in an different directory is not allowd:

[root@localhost gcc]# rpm -qi gcc | grep Relo
Name : gcc Relocations: (not relocatable)
[root@localhost gcc]# rpm -Uhv gcc-4.1.2-33.i386.rpm –prefix=$PWD
error: package gcc is not relocatable

To extract a cpio file:

cpio -iv < cpio_file

To list the contents of a cpio file:

cpio -itv < cpio_file

To create a cpio file with all files in the current directory:

ls | cpio -o > cpio_file

To extract all files from an RPM:

rpm2cpio RPM_file | cpio -idv

To extract individual file(s) from an RPM:

rpm2cpio RPM_file | cpio -id individual_file(s)

e.g. Extracting libcrypto.so.0.9.7a and libssl.so.0.9.7a from openssl-0.9.7a-2.i386.rpm:

rpm2cpio openssl-0.9.7a-2.i386.rpm | cpio -it egrep “libcrypto.so.0.9.7a|libssl.so.0.9.7a”

-rwxr-xr-x 1 root root 992092 Feb 27 12:10 ./lib/libcrypto.so.0.9.7a
-rwxr-xr-x 1 root root 216004 Feb 27 12:10 ./lib/libssl.so.0.9.7a

rpm2cpio openssl-0.9.7a-2.i386.rpm | cpio -idv ./lib/libssl.so.0.9.7a ./lib/libcrypto.so.0.9.7a

This will extract the two files from the RPM into a ./lib subdirectory.

Lets say you have this package from FC11:

[root@localhost ~]# rpm -q gcc
gcc-4.4.0-4.i586

But you have an source code that needs gcc-4.3 to compile or something lower.

So download lets say this: gcc-4.3.2-7.i386.rpm then:

mkdir newgcc && cd newgcc
download http://pathtogcc/gcc-4.3.2-7.i386.rpm
rpm2cpio gcc-4.3.2-7.i386.rpm | cpio -idv

Now you should have in newgcc/usr/bin/gcc.

Or download the gcc package you need from ftp://ftp.gnu.org and compile it with –prefix=$HOME/newgcc