Linux Kernel Flaw
Feb 23, 2008Do we have to be concerned with this issue?
[url]
Is Centox 4x system included in the Kernel Flaw above?
Are all Linux servers at risk now?
ADVERTISEMENT
Plesk Security Flaw
Jan 17, 2007I just discovered something on my Plesk 8.1 server:
I'm the server admin and I host my domain name: mydomain.com. in the Plesk CP.
I have other "clients". Those clients are allowed to create subdomains.
The problem is, if the customer wants to, they can go to the subdomains settings in their client CP and insert a subdomain such as support.mydomain.com(yes a sub domain on my domain name) and then they could redirect it to another site or upload their own personal files.
This is a huge security issue. Has anyone delt with this?
Compiled Linux Kernel With ICC
Jun 16, 2008Programs compiled with the Intel C++ compiler run 20-30% (up to 450% in some rare cases) faster than their GCC counterparts.
I have successfully compiled MySQL 5, PHP 5, eAccelerator and nginx with ICC 10.1.015. I was wondering, if anyone has compiled the linux kernel with icc? There are some linux vendors who supply icc compiled kernels, and there are some docs on intels site about compiling the kernel with icc... so it's doable.
But I want to know if anyone has done it on a VPS? What was your experience? Did the system run faster than before? Or did you face some weird situations?
Linux Kernel Optimization
Sep 12, 2007starting a GSP (Game Server Provider) within the next 4-6 months.
One big factor I will need to tackle is optimizing the linux kernel on CentOS for game servers.
This entails accelerating the kernel to allow for 1000fps in Counter strike and Counter Strike Source, as well as tailoring the kernel to provide very reliable server side fps.
My question is, what would be some good sources about possibly doing this, also how would I go about rebuilding the kernel, and is it worth learning how to do myself even though my knowledge is fairly minimal in Linux?
Also does anyone know of specifics about what I need to modify in order to do this.
Patching The Linux Kernel
Mar 7, 2007I have followed the process below:
Fedora Core 6
In a first step, the yum repository must be configured. The .repo file is available in Ingo Molnar's project directory [url].
# cd /etc/yum.repos.d
# wget http://people.redhat.com/mingo/realtime-preempt/rt.repo
Only the first time, yum must be called in installation mode:
# yum install kernel-rt
Later on, the command
# yum update kernel-rt
will update the kernel patch, should a more recent version be available. By default, the newly installed kernel is made the default boot kernel. The realtime-enabled kernel is, therefore, immediately active after the system has been restarted.
To check if enabled type:
# cat /proc/sys/kernel/kernel_preemption
1
Then this:
# cat /proc/sys/kernel/preempt_max_latency
39
As an debugging aid, the condition that led to this latency is also available:
# cat /proc/latency_trace
preemption latency trace v1.1.5 on 2.6.19-1.rt10.0001
--------------------------------------------------------------------
latency: 39 us, #2/2, CPU#0 | (M:rt VP:0, KP:0, SP:1 HP:1 #P:1)
-----------------
| task: posix_cpu_timer-3 (uid:0 nice:0 policy:1 rt_prio:99)
-----------------
_------=> CPU#
/ _-----=> irqs-off
| / _----=> need-resched
|| / _---=> hardirq/softirq
||| / _--=> preempt-depth
|||| /
||||| delay
cmd pid ||||| time | caller
/ ||||| | /
<...>-3 0...1 39us : __schedule (__schedule)
As a role of thumb, the maximum (worst-case) latency amounts to approximately 105 / clock frequency on an idle system. For example, a maximum latency of about 100 microseconds can be expected in a 1 GHz-CPU. If the value displayed is off by more than one order of magnitude, something is not working correctly.
Totally lost here! can someone explain this latency figure of 39, how do I know if this is good or bad figure?
Any Way To Fix Iowait Problem? [Linux Kernel Bug]
May 30, 2009Few weeks ago my customer began to notice problem with server load.
I look to munin graphs and see this:
http://dl.getdropbox.com/u/252944/iowait/iowait-hr.png
iowait creates high performance degradation. There was no changes in server software & configuration. Sometimes server work very slow, count of apache processes is high - there is no any processes and scripts who can use a lot of hdd resources.
Sites located on customer server does not create high load, and not subjected to any attacks.
I received response from DC:
I did some research for this and it seems that other people has experienced similar issues and is reporting that it is a kernel bug have you ran yum update to receive the latest kernel if not you can try and update and see if that may resolve your issue.
CENTOS 5.2
Cpanel / WHM
Linux *** 2.6.18-92.1.22.el5PAE #1 SMP Tue Dec 16 12:36:25 EST 2008 i686 i686 i386 GNU/Linux
I try to run "yum update kernel" but it seems installed kernel is up to date.
Linux Kernel Virtual Machine (KVM) Vs Xen
Dec 12, 2008I am currently researching the options open to me for Virtualisation, the two main ones I have seen are Xen or KVM.
I mainly use CentOS (RHEL), but have read that the version of Xen with it is very old, broken and unstable. KVM isn't included in the kernel that ships with CentOS, as it is too old, apparently it was first featured in Kernel v2.6.20. There isn't likely to be an update till RHEL6, which is due for release first quarter of 2010. I can't wait over a year, so need to find another Distro for use as the Host OS/Hypervisor.
I have built a pretty powerful server, it has an Intel Xeon 3230 which has VT - so I might be better off using KVM over Xen. I am going to collocate this server, so realistically I can make this decision only once - as it would be a PITA to re-install a host Linux distro remotely.
I did a search on distrowatch for distros with the latest version of the kernel, and Slackware came up as being just one minor version behind the most current (v2.6.27.7).
Now this distro is very mature, so should be a fairly safe bet, but it is a 32bit version and can't host 64bit VMs. I have 8GB of ram so want to be able to use it all, and offer the choice of 32/64bit VMs. So that's that out of the window.
I have used Arch Linux on and off for a couple of years as a workstation OS, but because it is so bleeding edge, when pacman updates it can break itself. But I suppose if I just use it as the Host OS, and never let it update/reboot, then it won't break. It should be fairly lightweight and stable, as I will be installing the bare minimum packages. I have a management card, so if the server fails to boot, then I can still remote in to fix it.
If I do want to update the kernel, is it possible to update without rebooting? I think it is somehow... unless I can just reboot during an unused time at 3am or something.
As you can tell I am leaning towards KVM on Arch Linux (x86_64). Is this a good plan?
Latest Linux Kernel Version
Jan 19, 2007Is it safe to upgrade to the latest Linux kernel version 2.6.19.2 (released on January 10th, 2007) ? Is there any reported problems or have anyone faced issues after upgrading?
View 8 Replies View Related[kernel: Kernel BUG At Mm/rmap.c:479] Any Idea What This Is?
Mar 29, 2007we have one box in hivelocity.net that has been down so many times this month that we were forced to remove links to siteuptime where we were once so proud of having a 99.7% uptime for 3 years in theplanet.
syslog shows that just before crashing, these entries were made:
kernel: kernel BUG at mm/rmap.c:479
kernel: invalid operand:0000 [#1]
dmesg also shows this:
...
Brought up 2 CPUs
zapping low mappings.
checking if image is initramfs... it is
Freeing initrd memory: 482k freed
NET: Registered protocol family 16
PCI: PCI BIOS revision 2.10 entry at 0xf9f20, last bus=1
PCI: Using configuration type 1
mtrr: v2.0 (20020519)
mtrr: your CPUs had inconsistent fixed MTRR settings
mtrr: probably your BIOS does not setup all CPUs.
mtrr: corrected configuration.
...
i've googled these messages and they point to ram problems.
hivelocity.net claims to have done diagnostics on the box and that there were no problems reported.
they said this is a result of a sys configuration problem made by us.
any ideas?
Kernel Headers For Virtuozzo Kernel
May 20, 2009running centos/virtuozzo 2.6.18-028stab062.3
when i configure vmware it asks at one point for kernel header files. where would i find them to match the current kernel?
i asked at parallels forums but help there is very scarce. i checked openVZ repositories and they dont yet have headers for this version.
what are my options? i have one last windows machine left and want to run it in VMware.
Centos + Kernel 2.6.9-34.0.2- How To Upgrade Kernel
Apr 29, 2007Last year I ordered a new server with Centos 4.3 and it had the kernel kernel 2.6.9-34.0.2ELsmp installed. It runned fine and I didn't update any packages since then.
Today I started getting a problem where both mysqld and kswapd0 uses very high amounts of CPU, spiking up to 100% and my memory usage is at 99% all the time. The problem seems exactly the same as the one mentioned in this thread.
In that thread the exact same kernel is said to be insecure and to cause this problem. I also came across a centOS bug that reports this problem with high cpu, mem usage and mysql & kswapd0 consuming all resources.
In the linked thread the person solved the problem by upgrading to kernel 2.6.9-42 using rpms but others recommended a newer kernel or a custom compiled kernel for CentOS.
Apparently when they used yum it said 34.0.2 was the latest kernel.
What should I do to upgrade the kernel, which version should i upgrade to, and where do I get it from? I won't be able to compile a custom kernel and I've only installed basic rpm packages before.
Kernel Source Install Help Needed On Fc6 X64I Am Trying To Install The Kernel Source.
May 13, 2007I am trying to install the kernel source.
I have downloaded kernel-2.6.20-1.2948.fc6.src.rpm
I am using fedora 6 64bit.
here are my current kernels:
kernel-headers-2.6.20-1.2948.fc6
kernel-devel-2.6.20-1.2944.fc6
yum-kernel-module-1.0.3-1.fc6
kernel-2.6.20-1.2944.fc6
kernel-devel-2.6.20-1.2948.fc6
kernel-2.6.20-1.2948.fc6
here is what I seen when I installed kernel-2.6.20-1.2948.fc6.src.rpm
rpm -ivh kernel-2.6.20-1.2948.fc6.src.rpm
1:kernel warning: user brewbuilder does not exist - using root
warning: group brewbuilder does not exist - using root
warning: user brewbuilder does not exist - using root
########################################### [100%]
warning: user brewbuilder does not exist - using root
warning: group brewbuilder does not exist - using root
then when I ran:
rpmbuild -bp --target=$(uname -m) /usr/src/redhat/SPECS/kernel-2.6.spec
I seen this error:
+ Arch=x86_64
+ make ARCH=x86_64 nonint_oldconfig
In file included from /usr/include/sys/socket.h:35,
from /usr/include/netinet/in.h:24,
from /usr/include/arpa/inet.h:23,
from scripts/basic/fixdep.c:117:
/usr/include/bits/socket.h:310:24: error: asm/socket.h: No such file or directory
make[1]: *** [scripts/basic/fixdep] Error 1
make: *** [scripts_basic] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.93770 (%prep)
I need to have this installed to get a app installed etc...
suggestions or ideas?
thanks
Xen Kernel
Apr 4, 2009I have a Xen VPS. I started with a Debian 4 image and have since upgraded to Debian 5. Firstly was this advisable? Secondly what Kernel version should I be running, or rather is it set by my installation or by the Xen server?
View 3 Replies View RelatedNew Kernel 2.6
Feb 15, 2007Does it take 2 hours to have a new kernel up and running? The tech is taking forever to finish.
View 11 Replies View RelatedKernel Tuning
Apr 24, 2009as part of a project I have lately been looking into various aspects of kernel tuning. Most notably lately tuning the TCP stack for more efficient memory usage/throughput.
Thought I would start this thread to mention some of the tools I'd found for doing testing and see what anyone else had to recommend.
So far my favorite of the bunch is nuttcp. Its easy to use and gives a very good idea of how much of your bandwidth you are able to utilize.
A few interesting web pages are as follows for anyone interested in the topic:
[url]- Tuning TCP for High Bandwidth Delay networks
[url]- TCP Tuning Cook book, some interesting information in there as well
[url]...formanceTuning - Performance Tuning TWiki. Has a list of useful tools, flags for existing tools and ways to monitor network performance from a system level, along with some suggestions of things to correct
Kernel Drives
Aug 4, 2009What is the best way to find out which filesystems and harddrive drivers you can remove? Obviously, i need ext2,3 but how do you find which HD you only need?
View 1 Replies View RelatedKernel: Ata1.00
Jun 15, 2009recently,my dedicated server down frequently,
i can not find any important info from /var/log/messages
but i find some records many time on it,those like
----------------------------------
Jun 15 05:30:40 server kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
Jun 15 05:30:40 server kernel: ata1.00: (irq_stat 0x40000001)
Jun 15 05:30:40 server kernel: ata1.00: cmd 25/00:08:42:23:d2/00:00:2c:00:00/e0 tag 0 cdb 0x0 data 4096 in
Jun 15 05:30:40 server kernel: res 51/40:00:42:23:d2/00:00:2c:00:00/e0 Emask 0x9 (media error)
Jun 15 05:30:40 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:30:40 server kernel: ata1: EH complete
Jun 15 05:30:42 server kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
Jun 15 05:30:42 server kernel: ata1.00: (irq_stat 0x40000001)
Jun 15 05:30:42 server kernel: ata1.00: cmd 25/00:08:42:23:d2/00:00:2c:00:00/e0 tag 0 cdb 0x0 data 4096 in
Jun 15 05:30:42 server kernel: res 51/40:00:42:23:d2/00:00:2c:00:00/e0 Emask 0x9 (media error)
Jun 15 05:30:42 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:30:42 server kernel: ata1: EH complete
Jun 15 05:30:44 server kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
Jun 15 05:30:51 server kernel: ata1.00: (irq_stat 0x40000001)
Jun 15 05:30:51 server kernel: ata1.00: cmd 25/00:08:42:23:d2/00:00:2c:00:00/e0 tag 0 cdb 0x0 data 4096 in
Jun 15 05:30:51 server kernel: res 51/40:00:42:23:d2/00:00:2c:00:00/e0 Emask 0x9 (media error)
Jun 15 05:30:51 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:30:51 server kernel: ata1: EH complete
Jun 15 05:30:51 server kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
Jun 15 05:30:51 server kernel: ata1.00: (irq_stat 0x40000001)
Jun 15 05:30:51 server kernel: ata1.00: cmd 25/00:08:42:23:d2/00:00:2c:00:00/e0 tag 0 cdb 0x0 data 4096 in
Jun 15 05:30:51 server kernel: res 51/40:00:42:23:d2/00:00:2c:00:00/e0 Emask 0x9 (media error)
Jun 15 05:30:51 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:30:51 server kernel: ata1: EH complete
Jun 15 05:30:51 server kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
Jun 15 05:30:51 server kernel: ata1.00: (irq_stat 0x40000001)
Jun 15 05:30:51 server kernel: ata1.00: cmd 25/00:08:42:23:d2/00:00:2c:00:00/e0 tag 0 cdb 0x0 data 4096 in
Jun 15 05:30:51 server kernel: res 51/40:00:42:23:d2/00:00:2c:00:00/e0 Emask 0x9 (media error)
Jun 15 05:30:51 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:30:52 server kernel: ata1: EH complete
Jun 15 05:31:26 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:31:30 server kernel: sd 0:0:0:0: SCSI error: return code = 0x08000002
Jun 15 05:31:33 server kernel: sda: Current [descriptor]: sense key: Medium Error
Jun 15 05:31:36 server kernel: Add. Sense: Unrecovered read error - auto reallocate failed
Jun 15 05:31:36 server kernel:
Jun 15 05:31:39 server kernel: Descriptor sense data with sense descriptors (in hex):
Jun 15 05:31:46 server kernel: 72 03 11 04 00 00 00 0c 00 0a 80 00 00 00 00 00
Jun 15 05:31:51 server kernel: 2c d2 23 42
Jun 15 05:31:56 server kernel: end_request: I/O error, dev sda, sector 751969090
Jun 15 05:31:57 server kernel: ata1: EH complete
Jun 15 05:31:57 server kernel: SCSI device sda: 976773168 512-byte hdwr sectors (500108 MB)
Jun 15 05:31:58 server kernel: sda: Write Protect is off
Jun 15 05:31:58 server kernel: SCSI device sda: drive cache: write back
Jun 15 05:31:59 server kernel: SCSI device sda: 976773168 512-byte hdwr sectors (500108 MB)
Jun 15 05:32:03 server kernel: sda: Write Protect is off
Jun 15 05:32:04 server kernel: SCSI device sda: drive cache: write back
-------------------
is it safe ? or any hardware error?
How Update Kernel
Jul 7, 2009can i upgrade my kernel?
yum cant find any new update but my kernel version is 2.6.18-128.1.1.el5.028stab062.3PAE
Kernel Update With Yum
Jun 13, 2009I have following error in kernel update with yum:
Downloading Packages:
Running rpm_check_debug
ERROR with rpm_check_debug vs depsolve:
Package kernel conflicts with ecryptfs-utils < 44.
Complete!
So kernel not updated yet.
Kernel Compile
Jun 20, 2009I copied the default config file and renamed it as .config but I get this:
Code:
WARNING: No module dm-mem-cache found for kernel 2.6.27.10-grsec, continuing anyway
WARNING: No module dm-region_hash found for kernel 2.6.27.10-grsec, continuing anyway
WARNING: No module dm-message found for kernel 2.6.27.10-grsec, continuing anyway
WARNING: No module dm-raid45 found for kernel 2.6.27.10-grsec, continuing anyway
Which Kernel To Upgrade?
Jul 20, 2009My current kernel version is "2.6.9-42.0.10.ELsmp #1 SMP Fri Feb 16 17:17:21 EST 2007 i686 athlon i386 GNU/Linux". I want it to be upgraded since it is old. I have been told by our server management company that the latest kernel distributed from yum is kernel.i686 0:2.6.9-78.0.22.E. Can anyone tell me if this version is safe and secure enough? It is a CentOS release 4.7 (Final) server with cPanel installed.
View 2 Replies View RelatedYum Install Kernel-PAE
Aug 1, 2009i have a dedicated server with Centos 5.2 32bit.
my cpu is 64bit but for some software, datacenter install 32bit for me.
i need more ram and order to datacenter, before my ram was 4 Gig and now my ram is 6 gig . but cpu just use 3 gig of ram.
i install kernel-PAE with "yum install kernel-PAE " command and my ram down to 2.5 Gig. now my server used just 2.5 gig of ram.
i can not reformat server because of i have some vps in this server ( Xen vps )
2 Kernel Compile
Jul 12, 2009when doing 2.6.26+ or w/e it is, how do you enable conntrack, what options do i need to enable under make menuconfig?
net.netfilter.nf_conntrack_acct = 1
net.netfilter.nf_conntrack_generic_timeout = 120
error: "net.netfilter.nf_conntrack_icmp_timeout" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_close" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_time_wait" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_last_ack" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_close_wait" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_fin_wait" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_established" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_syn_recv" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_syn_sent" is an unknown key
error: "net.netfilter.nf_conntrack_udp_timeout" is an unknown key
error: "net.netfilter.nf_conntrack_udp_timeout_stream" is an unknown key
net.netfilter.nf_conntrack_max = 262144
and how do i know which hardware/devices that i can remove?
Troubleshooting Kernel
Jul 24, 2009I have a FreeBSD server crashing a few times per week sometimes 2 or 3 times in one day, then 3 days fine sometimes each other day...
/var/log/messages shows nothing related to the reboot when looking at the server screen after a crash, it showed kernel panic
any ideas on how to troubleshoot that with the minimum downtime possible? DC already tried swapping memory, but it didn't solve
How To Upgrade Kernel
May 12, 2008I am using centos 4.6 on 2.6.9-67smp kernel
I need to update the kernel to 2.6.25.3
is that possible ?
Kernel Compiling
Dec 24, 2008I've never actually compiled a kernel before, and wanted to know the basics when it comes to compiling for a standard CPanel/Centos 32bit system.
View 10 Replies View RelatedGrub And Kernel
Jul 9, 2008i compiled my kernel and i have problem.. i dont have lilo on my server so i dont know how to change the grub.conf file to boot my new kernel..
View 7 Replies View RelatedKernel Exploit
Jun 28, 2008How Can i translate An Kernel Exploit to secure my server like that
[url]
how can i now what i do to my server if i see any exploit
Compiling RHE 5 Kernel
Apr 26, 2008I have always used RPM kernels from the RedHat Network, in this time I need to compile an SMP kernel in a server that is used to serve common webhosting traffic (web, ftp, email, etc) with cPanel.
I have compiled kernels from source in desktops stations, but never in remote servers.. do you have any recommendations to do this at a Dual Xeon 3.2 RHE 5 + cPanel server? Oh.. almost forgot.. I will also compile it with GRsecurity.
Should I use a src kernel from RedHat, or a kernel.org latest kernel?
Kernel Update
May 8, 2008I installed CentOS 5 on a server with 2 quad core CPU's and 4GB of RAM. After the installation is done and during boot I see a warning that says "Warning only 3GB will be used".
So, just to check, I installed CentOS 4.4 and it sees all 4GB of RAM.
Are there any memory limitations on the distro? or could it be that the desktop kernels made their way into the iso's from upstream?
Recompiling Kernel
Feb 20, 2008I am recompiling the kernel with the src rpm. I haven't been able to get any kernel to boot properly since i got this server.
I really could use some help, below i posted lspci, lsmod and cat interrupts. What I really need help with is which kernel modules are necessary for my server.
lspci: [url]
lsmod: [url]
interrupts: [url]
I have already tried a kernel with ext3, and sata support compiled in but it never boots.