Increase in CPU load due to apache

There are many cause for cpu load , it could be explained in many ways.
1. Poor scripts
Look in error_log or php_error.log for something suspicious
2. Increase of visitors (the holiday is off)
I'm use to such increase of traffic in this month
3. Attacks
Look for suspicious connections. A ps -ax|grep -c httpd could tell you
how many apache child are running. If you rich the max number of
clients it could be a problem.
Try
netstat -ntu | grep SYN_RECV | awk '{print $5}' | cut -d: -f1 | sort |
uniq -c | sort -nr to see how many connections you have/ip
Apachetop could be a better tool for analyzing the apache load. you
can see the top requested files/sites

It can also be e matter of suddenly increase the number off visitors
versus the ability of the apache server to provide requested child
processes. For this matter look for the configuration options

KeepAliveTimeout
MinSpareServers
MaxSpareServers
StartServers
MaxClients
MaxRequestsPerChild

Also it could be a good ideea to limit the traffic. You can try
mod_evasive, mod_gzip, mod_expires, etc

MaxClients 500 could be useless (I may be wrong but from what I know
is a hard coded limit in apache source code HARD_SERVER_LIMIT who is
set to 250 so if you want to raise that limit you must recompile your
apache)

MaxRequestsPerChild 0 it say that once a child is created he can stay
up and running for infinite time. It could be better to limit this ,
let say to 10000 in order to force apache to kill a stressed child and
start a fresh one.

MinSpareServers 25 in my opinion is a little bit high. Practically you
force apache to keep free 25 servers any time. Try to set this
parameter to something like 10 or 15

Ther is a lot of literature about those parameters and how is the best
way to set them bun ther is not a clear solutions so the best practice
is to start playing with them and look for what happen.

--

apache : mod_rewrite

Suppose you wan to rewrite a url to another . Take for example the following

HTTP://www.raoset.com/jasonpruim112 and  and want to rewrite  to a script
HTTP://www.raoset.com/purl/purl.php?purl=jasonpruim112

 

we can do it with addin the folowing in your virtual host  

<Directory /websites/domain/web >

RewriteEngine On

RewriteRule  /(.*)       /purl/purl.php?purl=$1

</Directory>

 

How to check CPU load in command line

top displays all sorts of CPU/Memory/Process information.

I believe that there is also ntop for monitoring network stuff but I've never used this myself.

free -m will show you stats about RAM usage in MB

uptime will show you the load average for the past 1min, 5mins and 15mins

cat /proc/cpuinfo will give you general information about the CPU(s)
 

'htop' is alo a good command

A great program for monitoring network traffic is iptraf which is in the repositories.

--

apache log rotation script

#!/bin/bash
clear

add_log_rotation ()
{
read -p "Enter your domain name: " d
read -p "Enter the number of times you want logs to be rotated : " r
read -p "Enter the size of you log size " s

tmp=` echo $d |sed s/\.com//g `

config_file="/etc/logrotate.conf"

if [ -d /websites/"$d" ]; then

if [ -z "$(sed -n
"/\#apache_logs_${d}\#/,/\#apache_logs_${d}\#/p" /etc/logrotate.conf)"
]; then

cat >> $config_file << _eof_
######################apache_logs_$d###########################
"/websites/$d/logs/$tmp.sys.qualiproj.access_log"
/websites/$d/logs/$tmp.sys.qualiproj.error_log {
rotate $r
size= $s
sharedscripts
postrotate
/sbin/killall -HUP httpd
endscript
}
#####################apache_logs_$d###########################
_eof_

else
echo -e "logrotate for this domian already exist"
fi
else
echo -e " the domain does not exist "
fi
}

delete_log_rotation ()
{
read -p "Enter your domain name: " d
tmp=`echo $domain |sed s/\.com//g `

if [ -d /websites/"$d" ]; then

if [ -n "$(sed -n
"/\#apache_logs_${d}\#/,/\#apache_logs_${d}\#/p" /etc/logrotate.conf)"
]; then

sed -i "/\#apache_logs_${d}\#/,/\#apache_logs_${d}\#/d" /etc/logrotate.conf

else
echo -e "log rotate does not exist for this domain"
fi
else
echo -e "The domain does not exist"
fi
}

edit_log_rotation ()
{
read -p "Enter your domain name: " d
read -p "Edit the number of times you want logs to be rotated : " r
read -p "Edit the size of your log sise " s
tmp=`echo $domain |sed s/\.com//g `

if [ -d /websites/"$d" ]; then

if [ -n "$(sed -n
"/\#apache_logs_${d}\#/,/\#apache_logs_${d}\#/p" /etc/logrotate.conf)"
]; then

sed -i "/\#apache_logs_${d}\#/,/\#apache_logs_${d}\#/d" /etc/logrotate.conf

cat >> $config_file << _eof_
######################apache_logs_$d###########################
"/websites/$d/logs/$tmp.sys.qualiproj.access_log"
/websites/$d/logs/$tmp.sys.qualiproj.error_log {
rotate $r
size=$s
sharedscripts
postrotate
/sbin/killall -HUP httpd
endscript
}
#####################apache_logs_$d###########################
_eof_
else
echo -e "log rotate does not exist for this domain"
fi
else
echo -e "The domain does not exist"
fi
}

read -p "Do you want to add, delete, or edit the logs rotation: " l

case $l in
add ) add_log_rotation
;;
delete ) delete_log_rotation
;;
edit ) edit_log_rotation
;;
* ) echo -e "Please type add delete or edit"
esac

--

Set up NAT with Linux and iptables Firewall

 

This step-by-step tutorial shows how to set up Network Address Translation (NAT) with Open Source Linux operating system and iptables firewall. This will allow your system to act as gateway and to provide Internet access to multiple hosts in Local Area Network (LAN) using a single public IP address.

Requirements

1. Hardware server with 2 (two) network interface cards (NICs).
2. Any Linux distribution (get more information at DistroWatch.com).
3. Linux kernel with networking and iptables support.
4. iptables package (you can find latest release at NetFilter's Download page).

Basic definitions

aa.aa.aa.aa is Wide Area Network (WAN) IP address (bb.bb.bb.bb is WAN netmask).
cc.cc.cc.cc is LAN IP address (e.g. 192.168.0.1 or 10.0.0.1), dd.dd.dd.dd is LAN netmask (e.g. 255.255.255.0).
ee.ee.ee.ee is default gateway for Internet connection.

eth0 is hardware name of the NIC connected to WAN base.
eth1 is name of LAN connected NIC.

Step-by-step set up

1. Apply two NICs to hardware server.
2. Verify that both NICs are recognized by Linux well and are fully workable:

dmesg | grep eth0 dmesg | grep eth1 

the output may vary but in most cases it would be like following one:

eth1: RealTek RTL8139 at 0xe0830000, 00:30:4f:3b:af:45, IRQ 19 eth1:  Identified 8139 chip type 'RTL-8100B/8139D' eth0: link up, 100Mbps, full-duplex, lpa 0x41E1 

Similar output should be for eth0 NIC.

To verify that NICs are recognized by Linux as networking devices use the following commands:

ifconfig eth0 ifconfig eth1 

In case of success the output will be as follows:

eth0      Link encap:Ethernet  HWaddr 00:50:56:C0:00:08           inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1           RX packets:0 errors:0 dropped:0 overruns:0 frame:0           TX packets:41 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b) 

You can find full manual page for ifconfig command here.

3. Configure WAN interface (eth0) to get Internet connection:

ifconfig eth0 aa.aa.aa.aa netmask bb.bb.bb.bb

e.g.

ifconfig eth0 123.45.67.89 netmask 255.255.255.248

WAN IP address and netmask should be provided by your ISP.

4. Set up WAN NIC settings to apply after server start up.

Configuration files containing NIC settings may have different syntax and location in various distributions. For such distributions as RedHat, Fedora, Centos and similar ones eth0 configuration file is at /etc/sysconfig/network-scripts/ifcfg-eth0. In Debian, Ubuntu NIC settings are located at single file /etc/network/interfaces.

To edit configuration files use any preferred text editor like vim, GNU nano or any other.

After editing /etc/sysconfig/network-scripts/ifcfg-eth0 should look as follows:

DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=aa.aa.aa.aa        # e.g. 123.45.67.89 NETMASK=bb.bb.bb.bb       # e.g. 255.255.255.0 GATEWAY=ee.ee.ee.ee       # e.g. 123.45.67.1 HWADDR=00:30:4f:3b:af:45  # MAC address (optional entry) 

After making changes to /etc/network/interfaces section regarding eth0 NIC should looks like:

auto eth0 iface eth0 inet static address aa.aa.aa.aa netmask bb.bb.bb.bb gateway ee.ee.ee.ee 

Related links: detailed syntax description of /etc/sysconfig/network-scripts/ifcfg-ethN, manual page of /etc/network/interfaces.

5. Set up LAN NIC settings to apply after server start up. This step requires operations similar to previous step.

Edit /etc/sysconfig/network-scripts/ifcfg-eth1 and make sure that it looks like:

DEVICE=eth1 ONBOOT=yes BOOTPROTO=static IPADDR=cc.cc.cc.cc       # e.g. 192.168.0.1 NETMASK=dd.dd.dd.dd      # e.g. 255.255.255.0 HWADDR=00:50:8d:d1:24:db # MAC address of LAN NIC (optional entry) 

If you are using Debian or related Linux distribution, edit /etc/network/interfaces (see previous step):

auto eth1 iface eth1 inet static address cc.cc.cc.cc netmask dd.dd.dd.dd 

6. Set up Domain Name System servers IP addresses by editing /etc/resolv.conf:

nameserver 203.145.184.13 nameserver 203.145.184.12 

7. Enable IP Forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward 

8. Set up NAT with iptables:

To delete existing rules from every iptables table, execute the following commands:

iptables -F iptables -t nat -F iptables -t mangle -F 

Related links: official iptables documentation.

Enable NAT by commands:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth1 -j ACCEPT 

8. Configure LAN clients to access Internet via described gateway:

Use clients' operating system tools to set up the following TCP/IP settings:

IP address: from the same network as cc.cc.cc.cc (you can use IP/Subnet calculator to get it)
Netmask: dd.dd.dd.dd
DNS: ff.ff.ff.ff
Gateway: cc.cc.cc.cc

Example:

IP address: 192.168.0.7 Netmask: 255.255.255.0 DNS: 209.160.67.13 Gateway: 192.168.0.1 

Done!!!

--

iptables config example

# Generated by iptables-save v1.3.5 on Thu Apr 10 20:09:49 2008
*filter
:INPUT ACCEPT [284757:218570741]
:FORWARD ACCEPT [39841:24366908]
:OUTPUT ACCEPT [295372:221619506]
-A INPUT -s ! 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 3128 -j DROP
-A INPUT -i lo -j ACCEPT
-A FORWARD -i eth2 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
COMMIT
# Completed on Thu Apr 10 20:09:49 2008
# Generated by iptables-save v1.3.5 on Thu Apr 10 20:09:49 2008
*nat
:PREROUTING ACCEPT [3356:298279]
:POSTROUTING ACCEPT [5:3398]
:OUTPUT ACCEPT [6455:393108]
-A PREROUTING -i eth1 -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth1 -p udp -m udp --dport 22 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DROP
-A PREROUTING -d 209.85.201.189 -i eth2 -p tcp -m tcp --dport 443 -j DROP
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Thu Apr 10 20:09:49 2008
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed


--

/usr/bin/ld: cannot find -lcrypto [ nagios ]

hi

I  am trying to install a SNMP pulgin for nagios  from ( http://nagios.manubulon.com/package_c.html )

 

I downloaded the file  and ran a ./configure --prefix=/usr/local/nagios -----> this is OK

then i ran make   and it give me the following error  -------> /usr/bin/ld: cannot find -lcrypto

 

[root@vps nagios-plugins-snmp]# make
make  all-recursive
make[1]: Entering directory `/usr/local/src/nagios-plugins-snmp'
Making all in src
make[2]: Entering directory `/usr/local/src/nagios-plugins-snmp/src'
gcc  -DINET6 -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -lcrypto -Dlinux -I/usr/include/rpm -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -I/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE -I. -I/usr/include/net-snmp   -o check_snmp_int  check_snmp_int.o nagios_common_snmp.o  -L/usr/lib -lnetsnmp -lcrypto -lm -L/usr/lib/lib -lwrap
/usr/bin/ld: cannot find -lcrypto

collect2: ld returned 1 exit status
make[2]: *** [check_snmp_int] Error 1
make[2]: Leaving directory `/usr/local/src/nagios-plugins-snmp/src'
 

I was able to solve this 

 

chk if you hav the following 

 

rpm -qa |grep libcrypto

................... openssl

................... openssl-devel 

 

  

--

How to vi text editor

The text editor vi, is supplied with all Linux distributions. It is a difficult editor to come to grips with initially, but once you do the rewards are vast. The editor is quite intuitive once you get the hang of it. The main thing to remember when using it is that the very last line on the screen (Or window that the editor is running in), is the status line, much like the status bar at the bottom of Netscape, or *cough* Internet Exlporer. It will tell you there what mode your in, and what operations have been completed - such as save or quit.

Lets start by firing up the editor with a blank text file. From the command line, type vi blah. Another cool thing about Linux is that you dont need to supply the legacy ".xxx" extensions given to us by DOS, and Windows. The editor will appear on-screen, with a tilde, ~, on evey line, and at the bottom of the screen it says "blah" [new file]. If you want to put anything into this file, you have to put vi into insert mode. Do this by typing the letter 'i' on its own. "-- INSERT --" appears on the bottom of the screen. Now you can type in anything you want. Try typing "Hello", and then on a new line "World". Now try going back up to the line above, using the cursor keys and try to delete Hello. You wont be able to. When you give a Carraige Return (Press Enter in other words), the text on that line becomes static. If you want to delete it, heres how.

Press your Esc button on the top left of the keyboard, and the "-- INSERT --" at the base dissapears. Vi is ready to accept a new command. The only thing here is that vi will only delete what is in front of the cursor, let me show you. Bring the cursor to the start of Hello, and press the x key once. Now only 'ello' remains. This doesnt really make any sense, so we'll delete the line altogether. Press 'd' twice in quick sucession. Now we have the word 'World' on its own. Press 'i' and insert "Hello" again. This time, leave the text in insert mode. Press the "Insert" key on your keyboard, its above the cursor keys. The "-- INSERT --" at the base of the screen has been replaced with "-- REPLACE --". Now type the word "Nurse" over the existing "World". Press Esc again to return to the ready mode.

Vi has a search tool too, which I find indispensable. From the ready mode, type in a slash, /, and input the text you want to look for. Remember, since Linux is case sensitive, looking for "money" is not the same as looking for "Money".

Well, what about saving the file, or quitting without saving? What about just quitting? Its easy. From the ready mode, type in ":w" to write the file ... you already supplied the file name when you typed 'vi blah' earlier. The editor will return this on the status line : "blah" [New File] 1 line, 12 characters written. Lets quit out of it altogether. Type in ":q". You have been returned to the command prompt. There was an easier way of doing that ... from the ready mode in the editor, you could have just typed in, in capitals, "ZZ" ... this saves the file and quits. If you had wanted to quit without saving the changes, you could have just typed in ":q!", and nothing would have saved ... blah wouldn't have existed.

Thats the basics of vi, but you could always 'man vi' from the command prompt ...

--

Linux commands

Alphabetical Directory of Linux Commands Click on any of the 687 commands below to get a description and list of available options. [a] [b] [c] [d] [e] [f] [g] [h] [i] [j] [k] [l] [m] [n] [o] [p] [q] [r] [s] [t] [u] [v] [w] [x] [y] [z] a accept access aclocal aconnect acpi acpi_available acpid addr2line addresses agetty alsactl amidi amixer anacron aplay aplaymidi apm apmd apropos apt ar arch arecord arecordmidi arp as at atd atq atrm audiosend aumix autoconf autoheader automake autoreconf autoscan autoupdate b badblocks banner basename bash batch bc biff bison bzcmp bzdiff bzgrep bzip2 bzless bzmore c c++ c++filt cal cardctl cardmgr cat cc cdda2wav cdparanoia cdrdao cdrecord cfdisk chage chattr chfn chgrp chkconfig chmod chown chpasswd chroot chrt chsh chvt cksum clear cmp col colcrt colrm column comm compress cp cpio cpp crond crontab csplit ctags cupsd cut cvs d date dd deallocvt debugfs depmod devdump df diff diff3 dig dir dircolors dirname disable dlpsh dmesg dnsdomainname dnssec-keygen dnssec-makekeyset dnssec-signkey dnssec-signzone doexec domainname dosfsck du dump dumpe2fs dumpkeys e e2fsck e2image e2label echo edquota egrep eject elvtune emacs enable env envsubst esd esd-config esdcat esdctl esddsp esdmon esdplay esdrec esdsample etags ex expand expr f factor false fc-cache fc-list fdformat fdisk fetchmail fgconsole fgrep file find finger fingerd flex fmt fold formail free fsck ftp ftpd fuser g g++ gawk gcc gdb getent getkeycodes gpasswd gpg gpgsplit gpgv gpm gprof grep groff groffer groupadd groupdel groupmod groups grpck grpconv gs gunzip gzexe gzip h halt hdparm head hexdump host hostid hostname htdigest hwclock i iconv id ifconfig imapd inetd info init insmod install ipcrm ipcs iptables iptables-restore iptables-save isodump isoinfo isosize isovfy ispell j join k kbd_mode kbdrate kernelversion kill killall killall5 klogd kudzu l last lastb lastlog ld ldconfig ldd less lesskey lftp lftpget link ln loadkeys locale locate lockfile logger login logname logrotate look losetup lpadmin lpinfo lpmove lpq lpr lprm lpstat ls lsattr lspci lsmod lsusb m m4 mail mailq mailstats mailto make makedbm makemap man manpath mattrib mbadblocks mcat mcd mcopy md5sum mdel, mdeltree mdir mdu merge mesg metamail metasend mformat mimencode minfo mkdir mkdosfs mke2fs mkfifo mkfs mkfs.ext3 mkisofs mklost+found mkmanifest mknod mkraid mkswap mktemp mlabel mmd mmount mmove modinfo modprobe more mount mountd mpartition mpg123 mpg321 mrd mren mshowfat mt mtools mtoolstest mtype mv mzip n named namei nameif netstat newaliases newgrp newusers nfsd nfsstat nice nm nohup nslookup nsupdate o objcopy objdump od openvt p passwd paste patch pathchk perl pidof ping pinky pmap portmap poweroff pppd pr praliases printenv printf ps ptx pwck pwconv pwd python q quota quotacheck quotaon quotaoff quotastats r raidstart ramsize ranlib rarpd rcp rdate rdev rdist rdistd readcd readelf readlink reboot reject rename renice repquota reset resize2fs restore rev rexec rexecd richtext rlogin rlogind rm rmail rmdir rmmod rndc rootflags route routed rpcgen rpcinfo rpm rsh rshd rsync runlevel rup ruptime rusers rusersd rwall rwho rwhod s sane-find-scanner scanadf scanimage scp screen script sdiff sed sendmail sensors seq setfdprm setkeycodes setleds setmetamode setquota setsid setterm sftp sh sha1sum showkey showmount shred shutdown size skill slabtop slattach sleep slocate snice sort split ssh ssh-add ssh-agent ssh-keygen ssh-keyscan sshd stat statd strace strfile strings strip stty su sudo sum swapoff swapon sync sysctl sysklogd syslogd t tac tail tailf talk talkd tar taskset tcpd tcpdump tcpslice tee telinit telnet telnetd test tftp tftpd time tload tmpwatch top touch tr tracepath traceroute troff true tset tsort tty tune2fs tunelp u ul umount uname uncompress unexpand unicode_start unicode_stop uniq uptime useradd userdel usermod users usleep uudecode uuencode uuidgen v vdir vi vidmode vim vmstat volname w w wall warnquota watch wc wget whatis whereis which who whoami whois write x xargs xinetd y yacc yes ypbind ypcat ypinit ypmatch yppasswd yppasswdd yppoll yppush ypserv ypset yptest ypwhich ypxfr z zcat zcmp zdiff zdump zforce zgrep zic zless zmore znew

--