Testing Reverse DNS Lookup

[dlopez@hostname ~]$ *dig mail-relay.prod.domain.com. +nocomments | egrep “NS|A”*
;mail-relay.prod.domain.com. IN A
mail-relay.prod.domain.com. 6 IN A IPAddress
domain.com. 86138 IN NS pdns1.ultradns.net.
domain.com. 86138 IN NS pdns5.ultradns.info.
domain.com. 86138 IN NS pdns2.ultradns.net.
domain.com. 86138 IN NS pdns4.ultradns.org.
domain.com. 86138 IN NS pdns6.ultradns.co.uk.
domain.com. 86138 IN NS pdns3.ultradns.org.
pdns1.ultradns.net. 1360 IN A
pdns1.ultradns.net. 1360 IN AAAA 2001:502:f3ff::1
pdns2.ultradns.net. 772 IN A
pdns3.ultradns.org. 3252 IN A
pdns4.ultradns.org. 3252 IN A
pdns4.ultradns.org. 3252 IN AAAA 2001:502:4612::1
pdns5.ultradns.info. 2412 IN A
pdns6.ultradns.co.uk. 120 IN A
;; WHEN: Mon Apr 9 20:00:02 2012
[bfisher@hostname ~]$ *dig -x IPAddress +nocomments | egrep “NS|PTR”*
;IPAddress.in-addr.arpa. IN PTR
IPAddress.in-addr.arpa. 65939 IN PTR mail-relay.prod.domain.com.
IPAddress.in-addr.arpa. 65939 IN NS pdns4.ultradns.org.
IPAddress.in-addr.arpa. 65939 IN NS pdns1.ultradns.net.
IPAddress.in-addr.arpa. 65939 IN NS pdns3.ultradns.org.
IPAddress.in-addr.arpa. 65939 IN NS pdns6.ultradns.co.uk.
IPAddress.in-addr.arpa. 65939 IN NS pdns5.ultradns.info.
IPAddress.in-addr.arpa. 65939 IN NS pdns2.ultradns.net.
[dlopez@hostname ~]$

You can also check http://www.mxtoolbox.com/SuperTool.aspx and type in IPAddress

Check for Blacklisting

Check http://www.mxtoolbox.com/SuperTool.aspx click the Blacklists tab and enter IP address.

ssh works, scp fails

I recently ran across this and found this very helpful post: http://lists.freebsd.org/pipermail/freebsd-questions/2004-February/035618.html

> Are you using bash ?
> If ~/.bashrc generates ANY output, it WILL break the scp and rcp commands.

And there’s nothing about this specific to bash, either; on any shell,
producing output
from the startup scripts
in a non-interactive shell
WILL break the scp and rcp commands.

Turns out if /etc/bashrc outputs anything either this will cause scp to fail as well!  We have a password expiry that is showed if a users password is going to expire within 30 days.  Commented out the warning in /etc/bashrc and scp worked like a charm!

Multiple instances of mysql same version

# mkdir /etc/mysql

# /etc/mysql/dev.cnf (Instance name)

bind-address = IP Address
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).


# Make a datadir and /etc/mysql/dev .cnf file for all instances you would like such as stg and prod etc.

# Edit default mysql init script with the following differences

> conffile=dev.cnf
> confdir=/etc/mysql
< datadir=

> datadir=/data/mysql-dev/
> mysqld_pid_file_path=/data/mysql-dev/mysqld.pid
< mysqld_pid_file_path=
< $bindir/mysqld_safe –datadir=”$datadir” –pid-file=”$mysqld_pid_file_path” $other_args >/dev/null 2>&1 &

> $bindir/mysqld_safe –defaults-file=$confdir/$conffile –datadir=”$datadir” –pid-file=”$mysqld_pid_file_path” $other_args >/dev/null 2>&1 &

# touch /var/log/mysqld_dev; chown mysql:mysql /var/log/mysqld_dev

# mkdir /data/mysql-dev; chown -R mysql:mysql /data/mysql-dev

# Run: /usr/bin/mysql_install_db –datadir=/data/mysql-dev

# chown -R mysql:mysql /data/mysql-dev/

# Create the necessary binaries

# vi /usr/bin/mysql-dev

# Insert: /usr/bin/mysql -S /data/mysql-dev/mysql.sock $@

# vi /usr/bin/mysqldump-dev

# Insert: /usr/bin/mysqldump -S /data/mysql-dev/mysql.sock $@

Cacti not graphing, snmpwalk works

So I recently ran into an issue where I was upgrading Cacti and ran into this issue.  I was able to snmpwalk with my credentials and get a response but when I entered those same credentials adding a device to Cacti, there was an SNMP error.

Turns out Cacti is very sensitive to the version of PHP you are using and whether you are using SNMP v2 or v3.

I upgraded PHP to version 5.3.x and all was right with the world for the newer version of Cacti, 0.8.7g

Note: A collegue of mine noticed that Cacti 0.8.7a didn’t work well with PHP 5.3 and he was able to get working with PHP 5.2.x

scponly on RHEL5


  1. Downloaded scponly from here: http://sourceforge.net/projects/scponly/files/
  2. Copy it over to the server: scp scponly-YYYYMMDD.tgz username@serverName:~/
  3. On the SFTP server untar the tarball in /usr/local:
    1. cd /usr/local
    2. cd scponly-YYYYMMDD
    3. ./configure –enable-chrooted-binary
    4. make
    5. sudo make install
  4. This will create the necessary files for scponly under /usr/local

Add SFTP chrooted user

  1. I downloaded the make_chroot_jail.sh script from here: http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/ and modified it for our environment.
  2. Run the make_chroot_jail.sh script. This will create the user if one doesn’t exist, create the directory structure and make a writeable directory for the user to upload files or pull files from.
  3. Add SFTP user to sshd_config AllowUsers, restart SSHD
  4. Test with a SFTP client NOTE: You will not be able to test with SSH!!