phpMyAdmin – Error: Token Mismatch

phpMyAdmin isn’t quite helpful when it comes to error management and outputs, however if you hit into phpMyAdmin – Error: Token Mismatch, like in the screenshot below:

phpMyAdmin Error Token Mismatch

The solution is quite easy and it’s usually related to quota. The same solution applies for a 401 – Access Denied(if it’s a cPanel 11.44+ server):


401 - Access Denied

Access Denied
Unable to establish a PHP session.
If you believe that this is in error or inadvertent, contact your system administrator and ask them to review your server settings.

Verify the account’s quota and make sure it hasn’t reached the limit.

If there’s no problem with the quota you should check /tmp partition and make sure it’s not full along with the session.save_path variable in PHP:


session.save_path = /tmp

If /tmp has enough disk space you should check its permissions and make sure the account in question is allowed to create session files in that folder.

Tweak Swap on CentOS 7

Swap is quite important on a small virtual machine but also on large servers. If you haven’t enabled Swap yet you should check the following guide here. This article should provide you some information about swap and how you can tweak swap on CentOS 7.

Pre-flight checks

We’ll check if swap is enabled using swapon -s which should output something similar to this:

[root@web ~]# swapon -s
Filename Type Size Used Priority
/swap file 1048572 16 -1

This means we currently have a 1GB swap and we can confirm that it’s enabled by running free -m.

We’ll be touching two variables here: Swappiness and Cache Pressure.

Swappiness

Swappiness is a Linux kernel parameter that controls the relative weight given to swapping out runtime memory, as opposed to dropping pages from the system page cache. This parameter can be set to values from 0 to 100 inclusive. A low value instructs the kernel to avoid swapping, a higher value causes the kernel to try to use swap space as much as possible. The default value is 60 which works on most systems.

vm.swappiness = 0 – The kernel will swap only to avoid running out of memory
vm.swappiness = 60 – The default value
vm.swappiness = 100 – The kernel will swap aggressively, consuming a lot of the disk I/O

If we want a fast machine and we don’t want to hammer disk I/O we’ll need to lower this value. You can check the value for the current setting using cat:

[root@web ~]# cat /proc/sys/vm/swappiness
60

If we want to temporary change this value we can do it using a simple echo:

[root@web ~]# echo 10 > /proc/sys/vm/swappiness

or by using the sysctl tool:

[root@web ~]# sysctl vm.swappiness=10

This setting is not permanent unless we add it to /etc/sysctl.conf. If the value isn’t defined there you can simply add this line at the bottom of the file:

vm.swappiness = 10

After saving the file and exiting the editor the setting is permanent and it should be seen after reboot as well.

Cache Pressure

Another setting the can help your machine to perform better is vfs_cache_pressure. This setting controls the tendency of the kernel to reclaim the memory which is used for caching of directory and inode objects.

vfs_cache_pressure = 0 – The kernel will never reclaim dentries and inodes due to memory pressure and this can easily lead to out-of-memory situations
vfs_cache_pressure = 100 – The kernel will attempt to reclaim dentries and inodes at a “fair” rate
vfs_cache_pressure > 100 – The kernel will prefer to reclaim dentries and inodes which is not recommended and can have a bad impact on the machine’s perfromance

Default value on CentOS is 100 and it can be adjusted in the same way as vm.swappiness.

[root@web ~]# sysctl vm.vfs_cache_pressure=50
[root@web ~]# cat /proc/sys/vm/vfs_cache_pressure
50

You can also make it permanent by adding it to /etc/sysctl.conf.

How To Add swap on CentOS 7

What is swap?

Swap space on Linux is an area on the machine’s hard drive where the operating system will write data that cannot be held in the memory. Swap is usually used when the amount of physical memory (RAM) is full. If the system needs more memory resources and the RAM is full, inactive pages in memory are moved to the swap space. While swap space can help machines with a small amount of RAM, it should not be considered a replacement for more RAM. Swap space is located on the hard drives, which have a slower access time than physical memory. Due to these factors, relying on swap all the times isn’t recommended and it should be limited.

Pre-flight checks

After installing the OS(in this case CentOS 7) we’ll need to log in to the machine from console or SSH. Before doing anything we should check a few things in order to make sure we have enough room for swap and if swap isn’t already enabled. This can be done using swapon utility, using the -s flag that will print the status:

[root@web ~]# swapon -s

If this returns no output then it means we don’t have swap. Next we’ll check RAM usage using the free utility and the -m parameter:

[root@web ~]# free -mo
total used free shared buffers cached
Mem: 994 851 142 6 39 218
Swap: 0 0 1023

Since swap will be written on the disk we’ll need to check that we have enough disk space available. In order to do so df and the -h parameter(human-friendly reading format) will be used:

[root@web ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 30G 2.7G 26G 10% /
devtmpfs 490M 0 490M 0% /dev
tmpfs 498M 0 498M 0% /dev/shm
tmpfs 498M 6.5M 491M 2% /run
tmpfs 498M 0 498M 0% /sys/fs/cgroup

We have plenty of disk space for this task as such we can proceed to the next step.

How to enable swap on CentOS 7

We’ll create a 1GB swap file called swap in the / location. In order to do this we’ll use fallocate

fallocate -l 1G /swap

The swap file should be created almost instantly and you should see the command prompt again. We can check that the swap file was created using ls

[root@web ~]# ls -lh /swap
-rw------- 1 root root 1.0G Jan 18 03:22 /swap

Before proceeding we’ll need to secure it, in order to make sure only root can read/write on it by using chmod

chmod 600 /swap

We have the file that will be used as swap and we’ll need to instruct the operating system to use it. In order to do so we’ll use mkswap which should return something similar to this:

root@web ~]# mkswap /swap
Setting up swapspace version 1, size = 1048572 KiB
no label, UUID=df691846-69f2-4157-86a6-4002cadef825

We now have a swap space and we can enable it using swapon:

swapon /swap

swapon -s should reflex this change along with free -m:

[root@web ~]# swapon -s
Filename Type Size Used Priority
/swap file 1048572 0 -1
[root@web ~]# free -m
total used free shared buffers cached
Mem: 994 851 142 6 40 219
-/+ buffers/cache: 592 401
Swap: 1023 0 1023

This means that we have successfully enabled swap on the machine, however we’ll need to make sure it starts on reboot. In order to do so we’ll edit /etc/fstab using your favorite editor(vi in this case):

vi /etc/fstab

and add the following line:

/swap swap swap sw 0 0

We have successfully enabled swap on CentOS 7 which should start on reboot.

Exim Cheatsheet

I’m gathering a list of useful commands to use on an Exim 4.x server(with cPanel). Exim is the default Mail Transfer Agent on cPanel servers and you should have at least a small idea on how it works before using them.

File locations and Message-IDs

Exim uses Message-IDs to refer to messages in the queue. These IDsare are mixed-case alpha-numeric, and take the form of: XXXXXX-YYYYYY-ZZ(e.g. 1YDDgQ-000Cjf-CS). Most commands interact with the queue based on these IDs if you chose to use exim or exim’s tools to manage them. These messages are stored in files which are located under the following default paths in your system and there are three files for each message. If your queue has 10.000 emails you’re looking at 30.000 used Innodes on your system.

/var/spool/exim/msglog
Contains logging information for each message, files have the same name as the message-ID
/var/spool/exim/input
Contains header and data files the same name the message-ID along with a suffix to determine if this is a header file (-H) or a data one (-D)

The msglog and input folders contain multiple subfolders that help dealing with large mail queues and avoid causing problems due to high number of files in a single folder.

Basic Queue information

Print the amount of messages in the queue:
root@mail [~]# exim -bpc

Print more details from the queue like time in the queue, size of the message, message-ID, sender, recipient along with status:
root@mail [~]# exim -bp

Print stats based on the latest mail log:
root@mail [~]# eximstats /var/log/exim_mainlog

Print exim’s configuration:
root@mail [~]# exim -bP

Print what exim’s doing:
root@mail [~]# exiwhat

View headers for one message:
root@mail [~]# exim -Mvh [message ID]

View body for one message:
root@mail [~]# exim -Mvb [message ID]

Using exiqgrep to search the queue

Search for messages sent from sender at domain.com:
root@mail [~]# exiqgrep -f [sender]@domain.com

Search for messages sent TO recipient at domain.com:
root@mail [~]# exiqgrep -r [recipient]@domain.com

Print all message IDs from the queue:
root@mail [~]# exiqgrep -i

Search for messages older than 12 hours:
root@mail [~]# exiqgrep -o 43200

Search for messages newer than 12 hours:
root@mail [~]# exiqgrep -y 43200

Manage the queue

Start a queue run:
root@mail [~]# exim -q -v

Force a queue run:
root@mail [~]# exim -qff

Force a queue run for local email delivery:
root@mail [~]# exim -q1 -v

Remove a(multiple) message(s) from the queue:
root@mail [~]# exim -Mrm [message ID1] [message ID2] [message ID3]

Remove messages sent by jonathan@domain.com:
root@mail [~]# exiqgrep -i -f 'jonathan@domain.com' | xargs exim -Mrm

Remove all frozen messages from the queue:
root@mail [~]# exiqgrep -z -i | xargs exim -Mrm

Remove all messages from the queue:
root@mail [~]# exiqgrep -i | xargs exim -Mrm

If you have 999999999 emails in the queue due to an account compromise or a problem with your mailing system the above method might be slow. You can remove the queue content manually, including folders and files and re-create new ones, with minimal downtime to the mail service:
root@mail [~]# mv /var/spool/exim /var/spool/exim.OLD
root@mail [~]# mkdir -p /var/spool/exim/input
root@mail [~]# mkdir -p /var/spool/exim/msglog
root@mail [~]# mkdir -p /var/spool/exim/db
root@mail [~]# chown -R exim:exim /var/spool/exim/
root@mail [~]# /etc/init.d/exim restart
root@mail [~]# rm -rf /var/spool/exim.OLD

Documentation:

Exim Internet Mailer – Exim Homepage
Exim Utilities
Exim Command Line

Install CSF on CentOS with cPanel/WHM

We’ve just finished installing cPanel/WHM on a CenOS machine so the next logical step would be to install some security protection. The tool of choice nowadays is CSF(ConfigServer Security & Firewall) which is an SPI iptables firewall developed by Way to the Web Limited. This is a short guide which describes how to install CSF on CentOS and verify that is working properly.

The first step would be to download CSF from their site using wget. The output should be something similar to this:

[root@web ~]# wget http://www.configserver.com/free/csf.tgz
--2015-01-25 02:34:51-- http://www.configserver.com/free/csf.tgz
Resolving www.configserver.com (www.configserver.com)... 85.13.195.235
Connecting to www.configserver.com (www.configserver.com)|85.13.195.235|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://download.configserver.com/csf.tgz [following]
--2015-01-25 02:34:51-- http://download.configserver.com/csf.tgz
Resolving download.configserver.com (download.configserver.com)... 85.10.199.177
Connecting to download.configserver.com (download.configserver.com)|85.10.199.177|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 601886 (588K) [application/x-gzip]
Saving to: ‘csf.tgz’
100%[==================================================================================================================>] 601,886 489KB/s in 1.2s
2015-01-25 02:34:52 (489 KB/s) - ‘csf.tgz’ saved [601886/601886]

It’s a small file so the download should finish immediately. Next we’ll extract the archive using tar, change directory and install CSF on CentOS :

[root@web ~]# tar -xzf csf.tgz
[root@web ~]# cd csf
[root@web csf]# sh install.sh

We will edit the configuration file located under /etc/csf/csf.conf and add your SSH port to the exceptions list(In case we’re using something else than the default 22). Once that’s done and we’ve went through all the options in the configuration file we can adjust the following variable:

TESTING = "0"

and restart the service using csf -r. This would disable testing mode and the firewall is ready for use.

There are many options and we can also configure alerts and messages content that we receive in your email by altering the template files that exist within /etc/csf/ folder.