I recently had a requirement to remove vmware tools manually from a windows 2003 server. This is what I had to do.

  • Remove any keys with a DisplayName of VMware Tools anywhere in the following keys:
    • HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionuninstall
    • HKEY_LOCAL_MACHINESoftwareClassesInstallerProducts

 

  • Remove the keys with a ProductName of VMware Tools in the following keys HKEY_CLASSES_ROOTInstallerProducts
  • Delete the branch named VMware Tools in HKEY_LOCAL_MACHINESoftwareVMware
  • Delete the "VMware Tools" directory within in the Vmware directory under Program Files
  • Restart the server.

Props to WarOnErrors.

After installing ConfigServer Security and Firewall, many of us try to achieve as many ‘green’ results as possible. The often tricky one (or two) options to achieve, is mounting /tmp and /var/tmp as ‘separate’ file systems. On a bare metal linux installation (no virtualisation) this is easy to achieve by creating a file system (partition or pseudo file system) and mounting it accordingly. Under virtualisation (openvz, virtuozzo etc) this is not so easy, in fact, it’s not actually supported at all. However, there are two things you can try.

  1. Nothing. Just leave it. After all, the message at the bottom of the check security page says ‘This scoring does not necessarily reflect the security of your server or the relative merits of each check’ In other words, getting all green doesn’t necessarily mean your server is secure.
  2. You can set up pretend mount points (this works on bare metal installations as well). Delete the /var/tmp directory and symlink it to /tmp (ln -s /tmp /var/tmp). Next, edit your /etc/fstab file and all the following line: /tmp /tmp   ext3    defaults,usrquota,bind,noauto,noexec,nosuid        0 0 Finally, be sure to change the permissions to 1777 (chmod -R 1777).

The second option above doesn’t really achieve anything except the green ‘OK’ from CSF. Traditionally, the /tmp and /var/tmp directory have been located on a separate file system, due to the volatile nature of the files and content that are temporarily stored there. If the server was compromised via this directory, it could be easy to stop the compromise by un-mounting the file system. Better still, if the file system itself was hacked or damaged, it would only be the /tmp and /var/tmp that was damaged, both of which are easily replaced and can be deleted, removed and recreated all while the system is still running, not to mention that no important data is ever stored in these directories either.

Click Here if You are Looking for an official ‘CentOS’ repository to perform the upgrade, instead of a compatible repository.

Upgrading PHP (from 5.1 to 5.3 for example) on a variety of common RPM based linux distributions (CentOS/RHEL, Whitebox, Fedora, etc) can be a tricky process. After some searching and playing around, I come across a simple method which should meet the needs of most. There is a fantastic repository known as the IUS Community Project.

We are committed to providing up to date and regularly maintained RPM packages for the latest upstream versions of PHP, Python, MySQL and other common software specifically for Redhat Enterprise Linux and clones.

A Word of Warning: Do not attempt the following on a server that has cPanel/WHM installed on it. You will break your server! Use the Easy Apache Updater through the WHM interface or the Easy Apache Updater script: /scripts/easyapache on the command line, to upgrade your PHP version and features.

The following process should get you were you want to be.

  1. Download and Install the IUS repositories. You can start here: http://dl.iuscommunity.org/pub/ius/stable/Redhat/. Pick your release version and architecture (execute the command 'uname -a' (as root without the quotes) on the command line if you are unsure which you version you are using).
  2. Download the two repository packages. The first package will have a file name starting with epel-release (epel-release-1-1.ius.el5.noarch.rpm at the time of writing) and the second file will have a file name starting with ius-release (ius-release-1.0-6.ius.el5.noarch.rpm at the time of writing). On the command line, as root, you could execute the following commands: wget -c http://dl.iuscommunity.org/pub/ius/stable/Redhat/5.5/x86_64/epel-release-1-1.ius.el5.noarch.rpm to download the EPEL IUS repository installer for CentOS (and variants) on the 64bit platform  and wget -c http://dl.iuscommunity.org/pub/ius/stable/Redhat/5.5/x86_64/ius-release-1.0-6.ius.el5.noarch.rpm to download the IUS repository installer for CentOS (and variants) on the 64bit platform.
  3. Install the repositories, starting with the epel-release repository first: rpm -ivh epel-release-1-1.ius.el5.noarch.rpm and then rpm -ivh ius-release-1.0-6.ius.el5.noarch.rpm.
  4. Clear the system yum cache with this command: yum clean all
  5. Make sure the version want and related components are available: yum list php5*
  6. Remove any existing php and related components: yum remove php*
  7. Install the base php version you are after: yum install php52.x86_64
  8. Install any additional components or modules you may require: yum install php53u-eaccelerator.x86_64 php53u-ioncube-loader.x86_64 php53u-mbstring.x86_64 php53u-mcrypt.x86_64 php53u-mysql.x86_64 php53u-pdo.x86_64 php53u-xml.x86_64 php53u-xmlrpc.x86_64 php53u-gd.x86_64 and any others in the list that you want.
  9. Finished!

It is worth noting at this point, that both the IUS repository and the IUS EPEL repository are still enabled. Care should be taken in leaving them enabled, especially if you have yum automatically updating your software on a regular basis. If this is the case, or you don’t want to risk breaking your system with yum late one night, disable these repositories as follows:

  1. As root on the command line, navigate to the yum repositories directory: cd /etc/yum.repos.d/
  2. Edit epel.repo file and change the 'enabled=1' line to 'enabled=0' You could use ‘nano’ (yum install nano if you don’t have it): nano epel.repo change the line and press ctrl+o and then ctrl+x to save and exit
  3. Edit the ius.repo file and change the 'enabled=1' line to 'enabled=0' Again, you could use ‘nano’: nano ius.repo change the line and press ctrl+o and then ctrl+x to save and exit.
  4. Finally type: yum clean all
  5. Finished!

Leaving the IUS repositories enabled shouldn’t really cause you any problems. Then again, waking up one morning to find MySQL 5.0.x is now 5.1.x and everything on your server is now broken or not working, may be a good enough reason to disable them until needed, avoiding any accidental upgrades.

Official CentOS Repository for PHP

There isn’t one. But there is the testing repository. Edit your /etc/yum.repos.d/CentOS-Base.repo file or create a new /etc/yum.repos.d/CentOS-Testing.repo file with the following in it:

[c5-testing]
name=CentOS-5 Testing
baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/
enabled=0
gpgcheck=1
gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing

# CentOS-Testing:
# !!!! CAUTION !!!!
# This repository is a proving grounds for packages on their way to CentOSPlus and CentOS Extras.
# They may or may not replace core CentOS packages, and are not guaranteed to function properly.
# These packages build and install, but are waiting for feedback from testers as to
# functionality and stability. Packages in this repository will come and go during the
# development period, so it should not be left enabled or used on production systems without due
# consideration.

Be sure to change the value of the line ‘enabled=0’ to ‘enabled=1’ when you want to use the repository. Change it back to ‘0’ when you are finished, to avoid any accidental upgrades.

Feel free to post your comments and feedback. If you need a little extra help, please do let me know.

I came across a conundrum some time ago. I have a CentOS Linux based VPS running a few various different ‘processes’ for different purposes. My problem was that from time to time, these processes would stop or die, for whatever reason. Given that I require absolute uptime from these processes (or at least as close as I can get) I needed a script, a way to check if the process was running, and if not, to start it, all without my manual help. Now, Before you read any further, I just want to make it clear, I am talking about uncommon processes (not system services or daemons). To name a few:

Initially, I searched and searched the internet and found all sorts of solutions dating back to the 1990’s all the way through to 2010. I even managed to cobble something together, but it was pretty terrible and failed sometimes (more often than not actually).

Some readers may have noticed that one of my examples above, already contains an almost perfectly good solution!

Services for IRC (developed primarily by Andrew Church), contains an additional script (once compiled and installed) under the file name of ircservces-chk (located here: /usr/local/sbin/ircservices-chk on most linux distributions). The contents of this file looks like this:

#!/bin/sh
#
# Script to check whether IRC Services is running, and restart it if not.
# Usage: ircservices-chk [-q] [ircservices-options]
# -q: don't write any output
# ircservices-options: options to pass to ircservices executable
# If you change PIDFile in ircservices.conf, also change PIDFILE below.
#
# IRC Services is copyright (c) 1996-2009 Andrew Church.
# E-mail:
# Parts written by Andrew Kempe and others.
# This program is free but copyrighted software; see the file GPL.txt for
# details.

PIDFILE=ircservices.pid

if [ "X$1" = "X-q" ] ; then
exec 1>/dev/null
exec 2>/dev/null
shift
fi

ok=
if [ -f "/usr/local/lib/ircservices/$PIDFILE" ] ; then
pid=`cat "/usr/local/lib/ircservices/$PIDFILE"`
if echo "0$pid" | grep -q '[^0-9]' ; then
rm -f "/usr/local/lib/ircservices/$PIDFILE"
elif kill -0 $pid ; then
ok=1
fi
fi

if [ ! "$ok" ] ; then
"/usr/local/sbin/ircservices" "$@"
fi

This script is almost perfect for my use (it does an exactly perfect job for ircservices), but not quite. This script uses the process id (PID) of ircservices to check if it is running or not. That’s ok, but not all programs output their current process ID to a file based location on the system or in any way that’s useful to the end user. I added a line to the beginning of the script, using the pgrep command to output the PID of my selected process to a file.

pgrep process-name > /home/username/a-directory-of-your-choosing/a-file-name-of-your-choosing.pid

Obviously you would replace process-name with the name of the process you want to monitor and username with your actual username.

You can use the command ps aux to list all the processes currently running on your system and locate the process you want to monitor.

The ‘.pid’ file extension isn’t really necessary, however it might be handy for identifying what the file is, should you come across it later on down the track. Here’s my example for checking that ircbot is running:

#!/bin/sh
#
# Script to check whether IRC Services is running, and restart it if not.
# Usage: ircservices-chk [-q] [ircservices-options]
# -q: don't write any output
# ircservices-options: options to pass to ircservices executable
# If you change PIDFile in ircservices.conf, also change PIDFILE below.
#
# IRC Services is copyright (c) 1996-2009 Andrew Church.
# E-mail:
# Parts written by Andrew Kempe and others.
# This program is free but copyrighted software; see the file GPL.txt for
# details.
pgrep ircbot > /home/username/ircbot/ircbot.pid
PIDFILE=ircbot.pid

if [ "X$1" = "X-q" ] ; then
exec 1>/dev/null
exec 2>/dev/null
shift
fi

ok=
if [ -f "/home/username/ircbot/$PIDFILE" ] ; then
pid=`cat "/home/username/ircbot/$PIDFILE"`
if echo "0$pid" | grep -q '[^0-9]' ; then
rm -f "/home/username/ircbot/$PIDFILE"
elif kill -0 $pid ; then
ok=1
fi
fi

if [ ! “$ok” ] ; then

"/home/username/ircbot/ircbot" "$@"
fi

Here’s my final version.

#!/bin/sh
#
# Script to check whether a process is running, and restart it if not.
# Usage: running [-q]
# -q: don't write any output
# Props to Andrew Church (http://www.ircservices.za.net) for creating
# the original script ircservices-chk of which this script you are using
# now is a slight modification by Quin Rose of Mokona Modoki
# http://www.mokonamodoki.com/

pgrep ircbot > /home/username/ircbot/ircbot.pid

PIDFILE=ircbot.pid

if [ "X$1" = "X-q" ] ; then
exec 1>/dev/null
exec 2>/dev/null
shift
fi

ok=
if [ -f "/home/username/ircbot/$PIDFILE" ] ; then
pid=`cat "/home/username/ircbot/$PIDFILE"`
if echo "0$pid" | grep -q '[^0-9]' ; then
rm -f "/home/username/ircbot/$PIDFILE"
elif kill -0 $pid ; then
ok=1
fi
fi

if [ ! "$ok" ] ; then
"/home/username/ircbot/ircbot" "$@"
fi

To use this script, just copy and past the code above into your favourite editor and be sure to save the script, and make it executable with:  chmod +x filename

Last but not least, you don’t want to have to run this script all the time, and manually by yourself do you? Wondering if you can just get put it in a cron job and let it rip? Well, Yes! You can! Add the following line to cron for automatic (once a minute) process checking goodness:

* * * * * /home/andrew/ircbot/ircbot-chk -q

There are plenty of resources on the web relating to cron, so if you would rather have cron execute the script less often, you’ll need to do a little googling.

Adding the -q sends all output from the script to /dev/null (a black hole of sorts) thus not showing any output on the screen. You can test it with or without the -q.

If you have any questions or would like for information or examples, please do let me know in the comments, and I will be only too happy to be of assistance! This certainly helped me, so I thought I would share, so that it could help you too!