Ubuntu + Apache2 + vsftpd + virtual hosts

After a fresh install of Ubuntu complete the following.

sudo su
passwd root

-> login as root

dpkg-reconfigure tzdata
dpkg -P apparmor apparmor-utils
apt-get update
apt-get upgrade

-> login as root

apt-get dist-upgrade

-> login as root

apt-get autoremove
apt-get install ssh openssh-server openntpd

-> ssh as root

apt-get install apache2
apt-get install php5 php-pear php5-mysql php5-gd

-> Setup of MTA send ONLY

apt-get install exim4-daemon-light mailutils
dpkg-reconfigure exim4-config

-> Select "internet site;" -> Ok -> Enter/Accept default entry as the FQDN -> Enter "" to listen on -> Enter/Accept default in recipient domains -> Leave relay domains and relay machines blank -> Select No to keep DNS queries to a minimum -> Select "Maildir" for locally delivered email -> Select No to split file configuration -> Setup vsftpd

apt-get install vsftpd libpam-pwdfile

Edit vsftpd.conf

mv /etc/vsftpd.conf /etc/vsftpd.conf.bak
vi /etc/vsftpd.conf

Add the following


Register the virtual users

mkdir /etc/vsftpd
htpasswd -cd /etc/vsftpd/ftpd.passwd user1
htpasswd -d /etc/vsftpd/ftpd.passwd user2
mv /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak
vi /etc/pam.d/vsftpd

Add the following

auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd
account required pam_permit.so

Create the local vsftpd user without shell access

 useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd

Restart vsftpd

service vsftpd restart

Now we create the users directories

mkdir /var/www/user1
chmod -w /var/www/user1
mkdir /var/www/user1/www
chmod -R 755 /var/www/user1/www
chown -R www-data: /var/www/user1

The main one to not forget is the removal of write access to the users root directory /var/www/user1

Supermicro IPMI disconnects when os boots.

There is an issue with the e1000e driver when using the supermicro IPMI BMC2 card. When the OS boots you loose all connection to the BMC2 card.
To fix this you have to disable CRC Checking in the e1000e driver.

To do this on Ubuntu add/edit the following file. Add the following kernel boot parameters to /etc/default/grub:


Reboot your server and your IPMI will stay active. Your checking for the following

[    0.960771] e1000e 0000:0d:00.0: CRC Stripping Disabled
dmesg | grep e1000e
[    0.000000] Command line: BOOT_IMAGE=/vmlinuz-3.11.0-15-generic root=/dev/mapper/em--web--00--vg-root ro e1000e.CrcStripping=0
[    0.000000] Kernel command line: BOOT_IMAGE=/vmlinuz-3.11.0-15-generic root=/dev/mapper/em--web--00--vg-root ro e1000e.CrcStripping=0
[    0.960506] e1000e: Intel(R) PRO/1000 Network Driver - 2.3.2-k
[    0.960516] e1000e: Copyright(c) 1999 - 2013 Intel Corporation.
[    0.960554] e1000e 0000:0d:00.0: Disabling ASPM L0s L1
[    0.960559] e1000e 0000:0d:00.0: can't disable ASPM; OS doesn't have ASPM control
[    0.960764] e1000e 0000:0d:00.0: Interrupt Throttling Rate (ints/sec) set to dynamic conservative mode
[    0.960771] e1000e 0000:0d:00.0: CRC Stripping Disabled
[    0.960810] e1000e 0000:0d:00.0: irq 68 for MSI/MSI-X
[    1.071099] e1000e 0000:0d:00.0 eth0: (PCI Express:2.5GT/s:Width x1) 00:30:48:90:ee:68
[    1.071109] e1000e 0000:0d:00.0 eth0: Intel(R) PRO/1000 Network Connection
[    1.071284] e1000e 0000:0d:00.0 eth0: MAC: 2, PHY: 2, PBA No: FFFFFF-0FF
[    1.071306] e1000e 0000:0e:00.0: Disabling ASPM L0s L1
[    1.071312] e1000e 0000:0e:00.0: can't disable ASPM; OS doesn't have ASPM control
[    1.071488] e1000e 0000:0e:00.0: Interrupt Throttling Rate (ints/sec) set to dynamic conservative mode
[    1.071527] e1000e 0000:0e:00.0: irq 70 for MSI/MSI-X
[    1.182944] e1000e 0000:0e:00.0 eth1: (PCI Express:2.5GT/s:Width x1) 00:30:48:90:ee:69
[    1.182951] e1000e 0000:0e:00.0 eth1: Intel(R) PRO/1000 Network Connection
[    1.183022] e1000e 0000:0e:00.0 eth1: MAC: 2, PHY: 2, PBA No: FFFFFF-0FF
[    7.547764] e1000e 0000:0d:00.0: irq 68 for MSI/MSI-X
[    7.648070] e1000e 0000:0d:00.0: irq 68 for MSI/MSI-X

Downloading a website using wget with auth and ssl TEST

First off issue the login and store the session cookie.

 wget --no-check-certificate \
--save-cookies cookies.txt \
--keep-session-cookies \
--post-data 'username=user&password=pass&remember=1&Submit=Login' \

Then we request the page we wish to download and follow.

 wget \
 --load-cookies cookies.txt \
 --keep-session-cookies \
 --save-cookies cookies.txt \
 --reject *index.php*,*whoson.php* \
 --no-check-certificate \
 --recursive \
 --no-clobber \
 --page-requisites \
 --html-extension \
 --convert-links \
 --restrict-file-names=windows \
 --domains some.web.site.com \
 --no-parent \

Installing RALUS client on Debian with 3.0 kernel

1. Unpack the archive provided by Symantec

  • tar xzf RALUS_RMALS_RAMS-2896.9.tar.gz

2. Stop the RALUS service if it is already installed and runnig

  • /etc/init.d/VRTSralus.init stop

3. Very important, if you are under a 64 bit Linux you have to this

  • Extract debian package :
    tar xzf RALUS64/pkgs/Linux/VRTSralus.tar.gz
  • Install debian package :
    dpkg -i VRTSralus-13.0.2896-0.x86_64.deb
  • Start installation :
  • If you get "./installralus: line 50: ../perl/Linux/bin/perl: No such file or directory", simply edit ./RALUS64/installralus, and change line 50 :

  • from:

    • if [ $LOCAL_PERL -eq 1 ] ; then
        ../perl/$OS/bin/perl -I.. -I$PATH -I$VXIF_HOME -I../perl/$OS/lib/$PERL_VER ./installralus.pl $*
        perl -I.. -I$PATH -I$VXIF_HOME ../installralus.pl $*
      #if [ $LOCAL_PERL -eq 1 ] ; then
      # ../perl/$OS/bin/perl -I.. -I$PATH -I$VXIF_HOME -I../perl/$OS/lib/$PERL_VER ./installralus.pl $*
        perl -I.. -I$PATH -I$VXIF_HOME ../installralus.pl $* 
      C) If the installation is sucessful but VRTSralus refuses to start, launch /opt/VRTSralus/bin/beremote –-log-console to see the error.

    If you get error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory you simply need to install the package :

    • Under Debian : apt-get install libstdc++5

      However the service will fail to start afterwards.

Change into ralus directory
#cd /opt/VRTSralus/bin

Make a backup of libbesocket.so
#cp libbesocket.so libbesocket.so.orig

Install objdump
apt-get install binutils binutils-multiarch

Disassemble the binary to a file
#objdump -D libbesocket.so > libbesocket.asm

Open file and search for ‘$0x8938?

#nano libbesocket.asm
Type ctrl+w to search
Type '$0x8938' and press enter

Find the following lines and locate the hex highlighted in red in front of the jump-no-sign instruction.
In my case it happens to be ’79 19?.

23840:       31 c0                   xor    %eax,%eax
23842:       be 38 89 00 00          mov    $0x8938,%esi
23847:       e8 2c df fe ff          callq  11778 <ioctl@plt>
2384c:       85 c0                   test   %eax,%eax
2384e:       79 19                   jns    23869 <_Z10getifaddrsPP7ifaddrs+0xb9>
23850:       e8 d3 df fe ff          callq  11828 <__errno_location@plt>
23855:       83 38 16                cmpl   $0x16,(%rax)
23858:       0f 85 40 03 00 00       jne    23b9e <_Z10getifaddrsPP7ifaddrs+0x3ee>
2385e:       c7 84 24 ec 00 00 00    movl   $0x20,0xec(%rsp)

Install hex editor and open the file

#apt-get install hexer
#hexer libbesocket.so

Search for the hex we found earlier

Type '/' to search
Type '\xx 79 19' and press enter

NOTE: Only change the code where the hex matches the preceeding chunks of code in the middle column earlier in that exact order. This is what my line looked like.
00023840:  31 c0 be 38 89 00 00 e8  2c df fe ff 85 c0 78 19  1..8....,.....x.

Using arrow keys move cursor into position and change value from ’79’ to ’78’

Type 'r' to edit
Type '78' and press enter
Type ':wq' and press enter to quit while saving

Now go and start the service
/etc/init.d/VRTSralus.init start

mpt-statusd: detected non-optimal RAID status

I have noticed that mpt-status gets installed by default in Debian 7 Wheezy when running on VMware. Since the virtual machine does not use RAID mpt-statusd reports "non-optimal" RAID status in the log every 10 minutes.

mpt-statusd: detected non-optimal RAID status

The mpt-status package is used to query the status of LSI SCSI HBAs so unless your machine is using such HBA cards the mpt-status package should be safe to remove.

sudo service mpt-statusd stop
sudo apt-get purge mpt-status