Tag Archives: centos

CentOS how to tips

How to remove RPM packages with several dependencies

If you are using fedora, simply use this simple script but be careful when answering y/N:

yum remove $(rpm -qa | grep PACKAGENAME)

  • Change PACKAGENAME with your Package name
  • For disabling plugins just add --disableplugin=PLUGIN-NAME
  • If you can’t access the Internet, just add this options to the line above --disablerepo=*

Find out what files are in my rpm package

Use following syntax to list the files for already INSTALLED package:

The –v (verbose) option can give you more information on the files when used with the various query options.

rpm -ql package-name

Use following syntax to list the files for RPM package:

rpm -qlp package-name

Type the following command to list the files for gitlab*.rpm package file:

rpm -qlp gitlab-7.1.1_omnibus-1.el6.x86_64.rpm

See also: HowTo: Extract an RPM Package Files Without Installing It

Update yum repositories for CentOS, RHEL Systems

Get the latest yum repos from one of the two links below, selecting to match your host’s architecture:

# CentOS/RHEL 6, 64 Bit (x86_64):
rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

Then enjoy update with yum update yum-updatesd

Change CentOS language

vi /etc/sysconfig/i18n

check the lang is your expected, such as:

LANG="en_US.UTF-8"  <<-----
SUPPORTED="en_US.UTF-8:en_US:en" 
SYSFONT="latarcyrheb-sun16"

and re-login with you user/passwd, check it with command locale

Yum install/update with specific repository

# update git with rpmforge-extras repository
yum --disablerepo=base,updates --enablerepo=rpmforge-extras update git

CentOS LOG – Safety optimizations

Kernel optimization vi /etc/sysctl.conf

We can view the system kernel settings by sysctl -a.

# Not accept ICMP redirects (prevent MITM attacks)
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0

# Do not send ICMP redirects (we are not a router)
net.ipv4.conf.all.send_redirects = 0

优化内核阻挡SYN洪水攻击 sysctl -a | grep syn

# 设置syncookies:
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_max_syn_backlog=3072
sysctl -w net.ipv4.tcp_synack_retries=0
sysctl -w net.ipv4.tcp_syn_retries=0
sysctl -w net.ipv4.conf.all.send_redirects=0
sysctl -w net.ipv4.conf.all.accept_redirects=0
sysctl -w net.ipv4.conf.all.forwarding=0
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1

# 防止PING:
sysctl -w net.ipv4.icmp_echo_ignore_all=1

Add iptables to avoid Sync Flood Attack

# 防止Sync Flood, 缩短SYN- Timeout时间 (-limit 1/s 限制SYN并发数每秒1次,可以根据自己的需要修改)
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -i eth0 -m limit --limit 1/sec --limit-burst 5 -j ACCEPT

# 防止各种端口扫描
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT

# 防止 Ping of Death 攻击
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

# 每秒 最多3个 syn 封包 进入
iptables -N syn-flood
iptables -A INPUT -p tcp --syn -j syn-flood
iptables -A syn-flood -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j RETURN
iptables -A syn-flood -j REJECT

# 拦截具体IP范围 (eg. 10.0.0.0/8)
iptables -A INPUT -s 10.0.0.0/8 -i eth0 -j Drop

开防火墙,不用的端口都禁止掉

iptables -F
iptables -A INPUT -p tcp -i vnet0 –dport ssh -j ACCEPT
iptables -A INPUT -p tcp -i vnet0 –dport 80 -j ACCEPT
iptables -A INPUT -i vnet0 -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p ICMP -j DROP
iptables -A INPUT -i vnet0 -j DROP

修改好之后重启iptables

/etc/init.d/iptables restart

libpcre.so.1: cannont open shared object file: No such file or directory.

after installed nginx, got some error message when raunch as: `/opt/nginx/sbin/nginx`

/opt/nginx/sbin/nginx: error while loading shared libraries: libpcre.so.1: cannot open shared object file: No such file or directory

still i’m sure i’ve installed the latest pcre. and also i can find the libpcre.so.1 with:

find /usr/ -name "libpcre.so.1"
/usr/local/lib/libpcre.so.1

ok, why cannot found the libpcre.so.1 in `/user/local/lib` ??

strace /opt/nginx/sbin/nginx

So how does the dynamic loader know where to look for executables? As with many things on Linux, there is a configuration file in /etc. In fact, there are two configuration files, /etc/ld.so.conf and /etc/ld.so.cache. Note that /etc/ld.so.conf specifies that all the .conf files from the subdirectory ld.so.conf.d should be included.
Dynamic library configuration

ldconfig -p | grep "libpcre.so.1"

not found any matches.

so the problem is the dynamic loader not serach for my lib dir in /usr/local/lib

Then Use shared libraries in /usr/local/lib??

For the current session you can

export LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib

or to make the change permanent you can add /usr/local/lib to /etc/ld.so.conf (or something it includes) and run `ldconfig` as root.

keep reading. If not, read aboout ldconfig first.

after all, grep it:

ldconfig -p | grep "libpcre.so.1"
libpcre.so.1 (libc6,x86-64) => /usr/local/lib/libpcre.so.1

ok, got it!
run again /opt/nginx/sbin/nginx

that all..

these are some keyword need to read for details: `strace`, `ldconfig`, `/etc/ld.conf`, `/etc/ld.conf.cache`.

Input/Output Error: Bad Blocks: How To Restart Linux

-bash: /usr/bin/du: Input/output error

$ du
-bash: /usr/bin/du: Input/output error
$ reboot
bash: /sbin/reboot: Input/output error
$ shutdown -r now
bash: /sbin/shutdown: Input/output error

记得之前在sina的时候测试机也出现过类似的问题,当时是直接给运维同事电话重启了。。。

If the above reboot commands doesnot work try either forced reboot or shutdown

# Forced Reboot
echo 1 > /proc/sys/kernel/sysrq
echo b > /proc/sysrq-trigger

# Forced Shutdown
echo 1 > /proc/sys/kernel/sysrq
echo o > /proc/sysrq-trigger

see also for details

Install Virtualbox Guest Additions On CentOS

version: CentOS-6.4-i386-minimal

# update linux kernel souce and some require toolkits.
yum update
yum install make gcc
yum install kernel-devel

# mount additions cdrom
md /media/vboxadd
mount /dev/cdrom /media/vboxadd

# install
sh /media/vboxadd/VBoxLinuxAdditions.run

PS: Unistall Guest Additions

sh /media/vboxadd/VBoxLinuxAdditions.run uninstall

YUM Hangs And Won’t Respond

keyword: yum hangs and won’t respond

ssh 到测试机更新subversion1.7, 需要删除之前的老版本,发现yum命令没有响应,提示 “yum hangs and won’t respond”,
初步解决办法更新yum库缓存数据:

rm -f /var/lib/rpm/__*
rpm --rebuilddb -v -v   
yum clean all

If that did not work, you can set a debug level, error level and timeout for yum in /etc/yum.conf:

debugelevel=1
errorlevel=1
timeout=1

The timeout is standard 30 seconds. So if a repository does not respond, the error takes 30 seconds to appear. Also try using yum without the plugins (like fastest mirror and priorities) with the option –noplugins. Now starting yum again should give you more info faster. Test with:

yum --verbose --noplugins info