Wednesday, December 31, 2014

Determine if a disk is SSD or HDD

Read full details here: Determine if a disk is SSD or HDD

This is one of those random things I do and decided to put it in the website. I know that my personal computer is running on HDD, but when I am logged into a remote Linux system and suddenly I started wondering about how to determine if the underlying disk is SSD or HDD, I wasn’t too sure what to look for. A quick Google search returned the best possible solution and I thought, hey maybe I should…

Read the rest of it here: Determine if a disk is SSD or HDD

Friday, December 19, 2014

darodar.com referrer spam and What to do?

Read full details here: darodar.com referrer spam and What to do?

I had some interesting traffic showing up in my Google Analytics today. So far I’ve seen 21 referral traffic from forum.topic55798995.darodar.com to my home page http://www.blackmoreops.com/.

What is more scary?

You know what? I am not worried about this darodar.com referral spam / referrer spam. The worst that can happen is you see some funny links in your Google Analytics. Just don’t browse to those sites.
But the part that’s more disturbing is that anyone with some programming skill can actually create a tool to randomize Google Analytics code and send Fake visiting info back to Google. Followings are the implications:

You can target a legit website and spam others using them as referrer. The result? Google demotes a perfetly good website because someone else spammed forged their GA code to spam others.
You can target a website and spam using their GA code. The result? That website appears in millions of GA users and if even 5% of them visit that website, it might just overload their server and create a DDoS situation for them. I tested a tool named GoldenEye which was able to create 100’s of legit connections from same IP and GA thought they were real users. There’s obviously some more fine tuning required on Google’s behalf.
Someone exploits your GA code and Google can just BAN your GA account, no explanations will be given. Your AdSense account can be exploited and banned in similar ways.

Open question to everyone

Anyone assessed this referrer spam on Bing/Alexa/Yandex?
This spam is too broad scale to be useful for BlackHAT SEO but if someone manages to do it carefully on Bing/Alexa/Yandex/DuckDuckGo or other search engines, then those sites will be ranked high on those services. Google unknowingly will pick up those search results and automatically give that website a higher ranking.

Note: Piwik doesn’t report this SPAM which confirms that this is again just GA code abuse.

What do you do in the meantime?

Few options, some are just to make you sleep well!

You can block their IP – pointless, IP’s are dime a dozen.
You can block them as a referrer – maybe good for your GA. See links above for the guides.
You can filter them in your GA Account – Possibly a good idea.

Just wait a few days and Google will take care of it in Google Analytics. It will not hurt your Analytics account or your website standings in anyway. Lastly, if it makes you happier and you’re a WordPress user who enabled JetPack, just check JetPack statistics. JetPack didn’t see this referrer.
You know what? Someone is having a lot of fun and laughing at us all!!!

Update 20141219:1340: I just saw make-money-online.7makemoneyonline.com popping up in my referrers list. Use Google Analytics Filter to remove them from your reports. You can also apply the filter above to ban them if you feel like.

Read the rest of it here: darodar.com referrer spam and What to do?

Tuesday, December 16, 2014

Random quotes and creatures using fortune and cowsay in Linux terminal

Read full details here: Random quotes and creatures using fortune and cowsay in Linux terminal

Fortune and Cowsay - random quotes and animals

Normally all the guides using fortune and cowsay uses the default creatures (a.k.a Cow!) to show different quotes. There's plenty of guides on that. However, I wanted to show a random creature saying different fortune quotes on my terminal.I could find random figment of instructions in different forums and decided to write a small guide on how to do it properly. Few lines of codes, and my Linux terminal becomes more alive!

If you're not familiar with fortune and cowsay then keep reading for details otherwise you can just jump into the code section.

Read the rest of it here: Random quotes and creatures using fortune and cowsay in Linux terminal

Fixing error: Package packagename is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package 'packagename' has no installation candidate

Read full details here: Fixing error: Package packagename is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package 'packagename' has no installation candidate

A very common error in Linux; well, most Debian based Linux distributions such as Debian itself, Ubuntu, Kali, Linux Mint has this error when trying to install a package/application

"Package packagename is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source. E: Package 'packagename' has no installation candidate"

Package somePackage is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package somePackage has no installation candidate

Extremely annoying and useless error that doesn't tell you much on how to fix it.

Read the rest of it here: Fixing error: Package packagename is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package 'packagename' has no installation candidate

Fixing ProxyChains ERROR: ld.so: object 'libproxychains.so.3' from LD_PRELOAD cannot be preloaded: ignored.

Read full details here: Fixing ProxyChains ERROR: ld.so: object 'libproxychains.so.3' from LD_PRELOAD cannot be preloaded: ignored.

Nullsec posted on – November 29, 2014 at 7:53 pm regarding ProxyChains giving an error: ERROR: ld.so: object ‘libproxychains.so.3′ from LD_PRELOAD cannot be preloaded: ignored.

Essentially, this might expose you. Following fix was also posted by NullSec, ‘Thank you‘.

(I’ve only formatted his comment to make it more user-readable!)

Read the rest of it here: Fixing ProxyChains ERROR: ld.so: object 'libproxychains.so.3' from LD_PRELOAD cannot be preloaded: ignored.

Monday, December 8, 2014

Reset root password in Ubuntu, Debian, Kali, CentOS or pretty much any Linux distributions

Read full details here: Reset root password in Ubuntu, Debian, Kali, CentOS or pretty much any Linux distributions

Forgetting root password is an hassle. We try to be vigilant with our security and set a complex root password. We also try not to login using directly into root account (in most production boxes) and use sudo instead. So it's not very unlikely to loose your root password and depending on how you've setup your access, your just might not be able to reset it using sudo passwd root/someusername. Following post shows you two different ways to reset root password in Ubuntu, Debian, Kali, CentOS or pretty much any Linux distributions.

Read the rest of it here: Reset root password in Ubuntu, Debian, Kali, CentOS or pretty much any Linux distributions

Tuesday, December 2, 2014

Fixing There are unfinished transactions remaining. You might consider running yum-complete-transaction first to finish them in CentOS

Read full details here: Fixing There are unfinished transactions remaining. You might consider running yum-complete-transaction first to finish them in CentOS

http://www.blackmoreops.com/wp-content/uploads/2014/12/Fixing-There-are-unfinished-transactions-remaining.-You-might-consider-running-yum-complete-transaction-first-to-finish-them-in-CentOS-blackMORE-Ops-3.jpg
Tried to install atop in one of the CentOS servers. Due to the fact this server is locked down, the install process failed. Next thing I know yum is giving me grief with the following error
There are unfinished transactions remaining. You might consider running yum-complete-transaction first to...

Read the rest of it here: Fixing There are unfinished transactions remaining. You might consider running yum-complete-transaction first to finish them in CentOS

14 top data recovery softwares - Data rescue tools

Read full details here: 14 top data recovery softwares - Data rescue tools

http://www.blackmoreops.com/wp-content/uploads/2014/11/Linux-recovery-software-–-Data-rescue-tools-blackMORE-Ops.png
Data recovery is the process of salvaging and handling the data through the data from damaged, failed, corrupted, or inaccessible secondary storage media when it cannot be accessed normally. Often the data are being salvaged from storage media such as internal or external hard disk drives,...

Read the rest of it here: 14 top data recovery softwares - Data rescue tools

Tuesday, November 25, 2014

Regin: Top-tier espionage tool enables stealthy surveillance

Read full details here: Regin: Top-tier espionage tool enables stealthy surveillance

An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals.
It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.
It’s unknown exactly when the first samples of Regin were created. Some of them have timestamps dating back to 2003.
The victims of Regin fall into the following categories:

Telecom operators
Government institutions
Multi-national political bodies
Financial institutions
Research institutions
Individuals involved in advanced mathematical/cryptographical research

So far, we’ve observed two main objectives from the attackers:

Intelligence gathering
Facilitating other types of attacks

While in most cases, the attackers were focused on extracting sensitive information, such as e-mails and documents, we have observed cases where the attackers compromised telecom operators to enable the launch of additional sophisticated attacks. More about this in the GSM Targeting section below.
Perhaps one of the most publicly known victims of Regin is Jean Jacques Quisquater (https://en.wikipedia.org/wiki/Jean-Jacques_Quisquater), a well-known Belgian cryptographer. In February 2014, Quisquater announced he was the victim of a sophisticated cyber intrusion incident. We were able to obtain samples from the Quisquater case and confirm they belong to the Regin platform.
Another interesting victim of Regin is a computer we are calling “The Magnet of Threats“. This computer belongs to a research institution and has been attacked by Turla, Mask/Careto, Regin, Itaduke, Animal Farm and some other advanced threats that do not have a public name, all co-existing happily on the same computer at some point.

Contents [hide]

Read the rest of it here: Regin: Top-tier espionage tool enables stealthy surveillance

Saturday, November 22, 2014

DoS website with GoldenEye – Layer 7 DoS tool with KeepAlive NoCache

It takes 15 seconds to bring down a web server! Tested GoldenEye Layer7 #DoS tool with KeepAlive NoCache. http://www.darkmoreops.com/?p=326

I’ve talked about testing few DoS too tools that can put heavy load on HTTP servers in order to bring them to their knees by exhausting the resource pool. GoldenEye is the first of those tools and it is one of the newest I discovered in GitHub. You can DoS website with GoldenEye and bring it down almost within 30 seconds depending on how big their memory pool is. Of course, it wont work on protected servers and servers behind a proper WAF, IDS, but this is a great tool to test your own Web Server for load testing and amend your iptables/Firewall rules accordingly. I will put several warnings and disclaimers in this post so that even the most feeble minds wont be able to deny reading those.

Tuesday, November 11, 2014

Hack website password using WireShark

Read full details here: Hack website password using WireShark

Did you knew every time you fill in your username and password on a website and press ENTER, you are sending your password. Well, of course you know that. How else you’re going to authenticate yourself to the website?? But, (yes, there’s a small BUT here).. when a website allows you to authenticate using HTTP (PlainText), it is very simple to capture that traffic and later analyze that from any machine over LAN (and even Internet). That means someone can hack website password for any site that is using HTTP protocol for authentication.

Well, to do it over Internet, you need to be able to sit on a Gateway or central HUB (BGP routers would do – if you go access and the traffic is routed via that).

But to do it from a LAN is easy and at the same time makes you wonder, how insecure HTTP really is. You could be doing to to your roommate, Work Network or even School, College, University network assuming the network allows broadcast traffic and your LAN card can be set to promiscuous mode.
So lets try this on a simple website.

I will hide part of the website name (just for the fact that they are nice people and I respect their privacy.). For the sake of this guide, I will just show everything done on a single machine. As for you, try it between two VirtualBox/VMWare/Physical machines.
p.s. Note that some routers doesn’t broadcast traffic, so it might fail for those particular ones.

Read the rest of it here: Hack website password using WireShark

Wednesday, November 5, 2014

No internet for me!

Read full details here: No internet for me!

No Internet for me!!!

I am moving to a much faster Fibre connection, so temporarily living on a Mobile Internet.

This was me for first few hours:

Then this happened!

BoooYaaaa

Feel free to comment via my Facebook or Twitter account in the meantime.

Enjoy and stay safe everyone.

Read the rest of it here: No internet for me!

Wednesday, October 29, 2014

IPv6 issues: Localized Denial-of-service caused by incorrect NXDOMAIN responses from AAAA queries

Read full details here: IPv6 issues: Localized Denial-of-service caused by incorrect NXDOMAIN responses from AAAA queries

This is an unusual situation and a misconfiguration on DNS servers that can be exploited using a simple AAAA DNS query. This causes a localized Denial-of-service situation where users behind a specific resolver will get:

Read the rest of it here: IPv6 issues: Localized Denial-of-service caused by incorrect NXDOMAIN responses from AAAA queries

Tuesday, October 28, 2014

Delete clean cache to free up memory on your slow Linux server, VPS

Read full details here: Delete clean cache to free up memory on your slow Linux server, VPS

Many Linux systems, servers and VPS’s run on low memory and over time you will see a degradation of speed and responsiveness. By default, Linux got excellent Memory Management and it knows when to clean up cache to free up enough Memory to execute the next command. However, saying that, more new features being added to Linux everyday and when you are playing games, running a Web Server, a Database (i.e. MySQL, PostgreSQL, MariaDB etc.), Network Storage (NAS / SAN ), you will see there’s a drop on speed and responsiveness. By deleting and cleaning pagecache, dentries and inodes related cache data from Memory, you can get free up some of your Memory (RAM) which then makes rest of system work bit faster. This article will show you 3 different options to delete and clean cache to free up memory on your slow Linux server and small VPS’s.

Using drop_caches to clean cache to free up memory

Starting Linux Kernel v2.6.16 ono we have a new mechanism to have the kernel drop the page cache and/or inode and dentry caches on command, which can help free up a lot of memory. However, before we do that, we need to discuss about clean and dirty caches.

Clean and dirty caches

When you run something on a Linux system or server, Kernel will try to cache the response for a period of time so that the next time the same request is made, instead of running a complex lookup in disk/process, it can just fetch that info directly from Memory/RAM and send back a response. This is one of the main reasons Linux systems are so much faster and responsive. Alternatively, Linux systems will store data/info in Memory first before writing it to disk. So it goes both ways. Ideally, the data in Disk/database should be the same in Memory. But when you’re playing games, or it’s a busy Linux server, there will be some delay before these two (disk-data and memory-data) can sync up.
Cleaning cache is easy. But in Linux we have what we call clean and dirty cache.Let’s have a quick look at the definition of these two types of caches and later I will discuss why they are important when you clean cache.

Dirty Cache

Dirty Cache refers to data which has not yet been committed to the database (or disk), and is currently held in computer memory. In short, the new/old data is available in Memory and it is different to what you have in database/disk.

Clean Cache

Clean cache refers to data which has been committed to database (or disk) and is currently held in computer memory. This is what we desire where everything is in sync.

Read the rest of it here: Delete clean cache to free up memory on your slow Linux server, VPS

Monday, October 27, 2014

Fixing resolution problem on Linux after locking workstation

Read full details here: Fixing resolution problem on Linux after locking workstation

This is a pesky and annoying problem. I often lock my Kali workstation and when I try to log back in the next time, the resolution changed to 640x480 instead of my standard resolution of 1280x1024. This is very simple way without changing any system files for fixing resolution problem on Linux after locking workstation. I am almost certain Debian flavored Linux distros all have similar issues (i.e. Ubuntu, Linux Mint etc.).

Incorrect resolution

It’s very hard to show resolution issues using screenshots, but I took a screenshot of my whole desktop when the resolution was incorrect.
See image properties:

Width: 640 pixels
Height: 480 pixels

Fixing resolution problem on Linux after locking workstation - blackMORE Ops - 1

And here is the actual screenshot:

Not sure how much of it is clean from the screenshot, but I had humongous icons all over the place and a tiny display. You can actually get a feeling of it by comparing the cursor and text size.

Fixing resolution problem on Linux

I tried doing this an that, but in most cases they were too complicated. Few ways I could fix it:

Restarting my Linux (duh!, it’s a no brainer)
Restarting gdm3 (in Ubuntu or similar, it would be lightdm) – service gdm3 restart or sudo service lightdm restart
Logoff and relogin (which essentially re-initiates display manager – i.e. gdm3 or lightdm).
Shaking my monitor really hard – well, it used to work on my old CRT monitor!! but that was a different issue…

But the next one was the QUICKEST fix for sorting out incorrect resolution on my Linux after locking it.

Read the rest of it here: Fixing resolution problem on Linux after locking workstation

Tuesday, October 21, 2014

How to view Bash history without line numbers?

Read full details here: How to view Bash history without line numbers?

bash history command is very useful. It gives you an complete view of what commands you ran. By default bash historycommand will give you all your previous commands with Line numbers. It’s the default behavior. However when you’re trying to copy-paste those commands again, you have to manually remove those Line numbers. This becomes rather annoying when you are trying to copy paste a lot of commands at the same time. This is very simple guide on how to view bash history without line numbers.

Contents [hide]

bash history with line numbers

When you type in history in your bash terminal, following what you see.

root@kali:~# history 
-------snip------------
 2002  clear
 2003  ls
 2004  cd
 2005  top
 2006  nethogs wlan0
 2007  htop
 2008  sar -r
 2009  free -m
 2010  pstree
 2011  pgrep gdm3
 2012  w
 2013  who
 2014  last | head
-------snip------------

This is very normal behavior.

Read the rest of it here: How to view Bash history without line numbers?

Saturday, September 27, 2014

Check for Shellshock Bash Vulnerability and how to fix it

Read full details here: Check for Shellshock Bash Vulnerability and how to fix it

A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. In this guide we will show how to check for Shellshock Bash Vulnerability and how to fix it in multiple Linux Operating systems such as Debian based Ubuntu, Linux Mint and Red Hat Based CentOS, Fedora distributions.

The GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux. Red Hat (and rest of the open source community) would like to thank Stephane Chazelas for reporting this issue.

All bash users are advised to upgrade to these updated packages, which contain a back-ported patch to correct this issue.

The Shellshock vulnerability can be exploited on systems that are running Services or applications that allow unauthorized remote users to assign Bash environment variables. Examples of exploitable systems include the following:

Apache HTTP Servers that use CGI scripts (viamod_cgi and mod_cgid) that are written in Bash or launch to Bash sub-shells
Certain DHCP clients
Open SSH servers that use the ForceCommandcapability
Various network-exposed services that use Bash

For additional information on the CVE-2014-6271 and CVE-2014-7169. flaw, refer to the Knowledge base article athttps://access.redhat.com/articles/1200223

Contents [hide]

How to check for Shellshock Bash Vulnerability?

Read the rest of it here: Check for Shellshock Bash Vulnerability and how to fix it

Thursday, September 25, 2014

Find number of unique IP's and active connections to Web server

Read full details here: Find number of unique IP's and active connections to Web server

In computing, netstat (network statistics) is a command-line tool that displays network connections (both incoming and outgoing), routing tables, and a number of network interface (network interface controller or software-defined network interface) and network protocol statistics. It is available on Unix-like operating systems including OS X, Linux, Solaris, and BSD, and is available on Windows NT-based operating systems including Windows XP, Windows Vista, Windows 7 and Windows 8.
It is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement.
netstat is the most frequent tool used for monitoring network connections on a Linux servers. netstat returns a variety of information on active connections such as their current status, what hosts are involved, and which programs are involved. You can also see information about the routing table and even get statistics on your network interfaces. netstat is a good all-around utility and it is an essential tool for the Linux administrators.
If you just type netstat, it would display a long list of information that’s usually more than you want to go through at any given time. The trick is that how to keeping the information useful and what you’re looking for and how to tell netstat to only display that information.

Users can also use man netstat command to get detailed netstat help and manual where there are lots of configurable options and flags to get meaningful lists and results.

Contents

Read the rest of it here: Find number of unique IP's and active connections to Web server

Tuesday, September 23, 2014

Attack a website using slowhttptest from Linux and MAC

Read full details here: Attack a website using slowhttptest from Linux and MAC

SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks. It works on majority of Linux platforms, OSX and Cygwin – a Unix-like environment and command-line interface for Microsoft Windows.
It implements most common low-bandwidth Application Layer DoS attacks, such as slowloris, Slow HTTP POST, Slow Read attack (based on TCP persist timer exploit) by draining concurrent connections pool, as well as Apache Range Header attack by causing very significant memory and CPU usage on the server.
Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service. This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server.
Slow Read DoS attack aims the same resources as slowloris and slow POST, but instead of prolonging the request, it sends legitimate HTTP request and reads the response slowly.

Read the rest of it here: Attack a website using slowhttptest from Linux and MAC

Monday, September 22, 2014

Linux Kernel panic issue: How to fix hung_task_timeout_secs and blocked for more than 120 seconds problem

Read full details here: Linux Kernel panic issue: How to fix hung_task_timeout_secs and blocked for more than 120 seconds problem

Linux Kernel panic issue

Short description: This guide shows how to fix hung_task_timeout_secs and blocked for more than 120 seconds problem in Linux.

Background

My server became unresponsive today (around 15:38hrs)

I’ve collected following logs that shows Memory and CPU usage and narrowed down /var/log/messages.

After doing a hard reboot, it came back online but I was unable to access it via VNC or SSH.

VNC connection showed an error (many errors but all contained /proc/sys/kernel/hung_task_timeout_secs“)

INFO: task jbd2/vda3-8:250 blocked for more than 120 seconds.
 Not tainted 2.6.32-431.11.2.el6.x86_64 #1
 kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

Step by step troubleshooting data and logs

Check Memory usage

Following log shows server memory usage

someuser@servercore [/var/log]# sar -r

15:00:01 kbmemfree kbmemused %memused kbbuffers kbcached kbcommit %commit
15:20:01 476604 1396772 74.56 110140 707116 1201652 30.64
15:30:02 526240 1347136 71.91 110412 710536 1165148 29.71

15:55:53 LINUX RESTART

16:00:01 kbmemfree kbmemused %memused kbbuffers kbcached kbcommit %commit
16:10:01 517168 1356208 72.39 136040 588964 1196724 30.52
16:20:01 510580 1362796 72.75 137488 596560 1191664 30.39

As you can see, it’s not that high and I had plenty of free Memory.

Check CPU usage

Following log shows CPU usage.

someuser@servercore [/var/log]# sar -u
15:00:01 CPU %user %nice %system %iowait %steal %idle
15:20:01 all 6.01 0.04 1.74 1.59 0.14 90.48
15:30:02 all 4.97 0.04 1.54 7.87 0.15 85.44
Average: all 7.20 0.06 2.19 2.69 0.26 87.60

15:55:53 LINUX RESTART

16:00:01 CPU %user %nice %system %iowait %steal %idle
16:10:01 all 9.13 0.04 2.78 6.98 0.31 80.76
16:20:01 all 4.21 0.04 1.39 3.49 0.15 90.73

Again, CPU wasn’t at 100%. This is now getting annoying that I can’t explain why I am getting into s**tstorm for nothing.

Let’s check //var/log/messages to find all the error logs related this this kernel panic

Check Kernel Panic Logs

Now I am getting somewhere …

someuser@servercore [/var/log]# grep 'Aug 22 15' messages | grep -v Firewall | grep -v blackmore | grep -v operational | grep -v ec2
Aug 22 15:38:05 servercore kernel: INFO: task jbd2/vda3-8:250 blocked for more than 120 seconds.
Aug 22 15:38:05 servercore kernel: Not tainted 2.6.32-431.11.2.el6.x86_64 #1
Aug 22 15:38:05 servercore kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Aug 22 15:38:05 servercore kernel: jbd2/vda3-8 D 0000000000000000 0 250 2 0x00000000
Aug 22 15:38:06 servercore kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Aug 22 15:38:06 servercore kernel: Call Trace:
Aug 22 15:38:06 servercore kernel: INFO: task rs:main Q:Reg:1035 blocked for more than 120 seconds.
Aug 22 15:38:06 servercore kernel: Not tainted 2.6.32-431.11.2.el6.x86_64 #1
Aug 22 15:38:06 servercore kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Aug 22 15:38:06 servercore kernel: rs:main Q:Reg D 0000000000000000 0 1035 1 0x00000080
Aug 22 15:38:06 servercore kernel: Call Trace:
Aug 22 15:38:06 servercore kernel: INFO: task queueprocd - qu:1793 blocked for more than 120 seconds.
Aug 22 15:38:06 servercore kernel: Not tainted 2.6.32-431.11.2.el6.x86_64 #1
Aug 22 15:38:06 servercore kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Aug 22 15:38:06 servercore kernel: queueprocd - D 0000000000000000 0 1793 1 0x00000080
Aug 22 15:38:06 servercore kernel: Call Trace:
Aug 22 15:38:06 servercore kernel: Not tainted 2.6.32-431.11.2.el6.x86_64 #1
Aug 22 15:38:06 servercore kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Aug 22 15:38:06 servercore kernel: Call Trace:
Aug 22 15:38:06 servercore kernel: INFO: task httpd:30439 blocked for more than 120 seconds.
Aug 22 15:38:06 servercore kernel: Not tainted 2.6.32-431.11.2.el6.x86_64 #1
Aug 22 15:38:07 servercore kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Aug 22 15:38:07 servercore kernel: httpd D 0000000000000000 0 30439 2223 0x00000080
Aug 22 15:38:07 servercore kernel: Call Trace:
Aug 22 15:38:11 servercore kernel: INFO: task httpd:30482 blocked for more than 120 seconds.
Aug 22 15:38:11 servercore kernel: Not tainted 2.6.32-431.11.2.el6.x86_64 #1
Aug 22 15:38:11 servercore kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Aug 22 15:38:11 servercore kernel: httpd D 0000000000000000 0 30482 2223 0x00000080
Aug 22 15:38:11 servercore kernel: Call Trace:
Aug 22 15:39:54 servercore kernel: INFO: task jbd2/vda3-8:250 blocked for more than 120 seconds.
Aug 22 15:39:54 servercore kernel: Not tainted 2.6.32-431.11.2.el6.x86_64 #1
Aug 22 15:39:54 servercore kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Aug 22 15:39:54 servercore kernel: jbd2/vda3-8 D 0000000000000000 0 250 2 0x00000000
Aug 22 15:39:54 servercore kernel: Call Trace:
Aug 22 15:39:54 servercore kernel: INFO: task flush-253:0:263 blocked for more than 120 seconds.
Aug 22 15:39:54 servercore kernel: Not tainted 2.6.32-431.11.2.el6.x86_64 #1
Aug 22 15:39:54 servercore kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Aug 22 15:39:54 servercore kernel: flush-253:0 D 0000000000000000 0 263 2 0x00000000
Aug 22 15:39:54 servercore kernel: Call Trace:
Aug 22 15:39:56 servercore kernel: INFO: task rs:main Q:Reg:1035 blocked for more than 120 seconds.
Aug 22 15:39:56 servercore kernel: Not tainted 2.6.32-431.11.2.el6.x86_64 #1
Aug 22 15:39:56 servercore kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Aug 22 15:39:56 servercore kernel: rs:main Q:Reg D 0000000000000000 0 1035 1 0x00000080
Aug 22 15:39:56 servercore kernel: Call Trace:
Aug 22 15:42:11 servercore kernel: Clocksource tsc unstable (delta = -8589964877 ns)

15:55:53 LINUX RESTART

As you can see all the errors contained “echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.” and “blocked for more than 120 seconds” somewhere.

Now let’s fix this problem once and for all..

Read the rest of it here: Linux Kernel panic issue: How to fix hung_task_timeout_secs and blocked for more than 120 seconds problem

Thursday, September 18, 2014

How to check loaded and compiled modules in HTTPD in Linux?

Read full details here: How to check loaded and compiled modules in HTTPD in Linux?

This is a very common question and sometimes hard to find answer. How do you check which Apache modules are loaded in your HTTP / Apache server? The second part is, how do you check which modules are compiled and ready to be loaded? Following two commands will show you you can easily check loaded and compiled modules in HTTPD or Apache2 in any flavour of Linux such as CentOS, Ubuntu, Fedora, RedHat etc.

Find list of loaded modules in HTTPD Apache

Use the following command to list Loaded modules in your Apache/HTTPD server in Linux

root@centos [~]# httpd -D DUMP_MODULES
(or)
user@centos [~]# sudo httpd -D DUMP_MODULES
(or)
user@ubuntu [~]# sudo apache2 -D DUMP_MODULES

Depending on your Linux distro, you need to use either httpd or apache2. Also use ‘sudo’ if you’re not logged in as root user.

Sample loaded modules in Apache

Loaded Modules:
 core_module (static)
 include_module (static)
 proxy_module (static)
 proxy_connect_module (static)
 http_module (static)
 autoindex_module (static)
 info_module (static)
 cloudflare_module (shared)
 php5_module (shared)
 reqtimeout_module (shared)
 pagespeed_module (shared)
Syntax OK

Read the rest of it here: How to check loaded and compiled modules in HTTPD in Linux?

Connect to WiFi network from command line in Linux

Read full details here: Connect to WiFi network from command line in Linux

How many of you failed to connect to WiFi network in Linux? Did you bumped into issues like the followings in different forums, discussion page, blogs? I am sure everyone did at some point. Following list shows just the results from Page 1 of a Google search result with “Unable to connect to WiFi network in Linux” keywords.

Following guide explains how you can connect to a WiFi network in Linux from command Line. This guide will take you through the steps for connecting to a WPA/WPA2 WiFi network.

Contents [hide]

WiFi network from command line – Required tools

Following tools are required to connect to WiFi network in Linux from command line

Before we jump into technical jargons let’s just quickly go over each item at a time.

Linux WPA/WPA2/IEEE 802.1X Supplicant

wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). It is suitable for both desktop/laptop computers and embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver.

iw – Linux Wireless

iw is a new nl80211 based CLI configuration utility for wireless devices. It supports all new drivers that have been added to the kernel recently. The old tool iwconfing, which uses Wireless Extensions interface, is deprecated and it’s strongly recommended to switch to iw and nl80211.

ip – ip program in Linux

ip is used to show / manipulate routing, devices, policy routing and tunnels. It is used for enabling/disabling devices and it helps you to find general networking informations. ip was written by Alexey N. Kuznetsov and added in Linux 2.2. Use man ip to see full help/man page.

ping

Good old ping For every ping, there shall be a pong …. ping-pong – ping-pong – ping-pong … that should explain it.

BTW man ping helps too …

Step 1: Find available WiFi adapters – WiFi network from command line

This actually help .. I mean you need to know your WiFi device name before you go an connect to a WiFi network. So just use the following command that will list all the connected WiFi adapters in your Linux machines.

root@kali:~# iw dev
phy#1
    Interface wlan0
        ifindex 4
        type managed
root@kali:~#

Let me explain the output:
This system has 1 physical WiFi adapters.

Designated name: phy#1
Device names: wlan0
Interface Index: 4. Usually as per connected ports (which can be an USB port).
Type: Managed. Type specifies the operational mode of the wireless devices. managed means the device is a WiFi station or client that connects to an access point.

Read the rest of it here: Connect to WiFi network from command line in Linux