How to Secure Your Linux Server With HostDeny

There are many of scripts on the internet that will block a proxy server, block web scrapers, block hack, ssh brute force attempts, well the list goes on. Though there is not one service that blocks them all including dark web visitors from visiting your site or servers. There is now an all in one solution that deny’s all security intrusive traffic from ever reaching your server. From SSH attempts all the way to email brute force attempts covers it all at the host level.

What makes so unique is that it secures your applications at the server level, not just at the application level. So no matter what type of application that you run on your server or open port. protects them all.

I have ran this software on a couple of my servers.  I can tell you that brute force attempts have decreased and bad bod traffic has decreased.  The bad bots have decreased so much, that my adsense earnings have gone up 30% by using HostDeny. WordPress failed login attempts have also decreased. I’m very impressed with this software and what it has to offer.  All sysadmins should see what HostDeny has to offer.  There is a 30 day free trial, which is what I am on, but do plan on upgrading once my free trial is over.



mkfs.ext4 /dev/sd*1 is apparently in use by the system; will not make a filesystem here

If you run accross the dreaded message

/dev/sd*1 is apparently in use by the system; will not make a filesystem here

and have recreated all raid devices. The problem is more than likely device mapper driver is still in use for the logical devices.

Run the following commands and you will then be able to run mkfs on the drive having the reported issues.

/sbin/dmsetup remove_all

Linux – HP DL380 Servers Get DIMM Serial Numbers

I’ve came across some HP servers that it is impossible to get the dimm module serial number or model. There are many tools that that work with Linux, such as “dmidecode -t 17”, lshw, lm_sensors, i2c-tools, etc.. that require you to install additional software on a server to get such information, when installing software is not always viable solution. Though sometimes, these traditional tools will not output a dimm module serial number on a HP Server. Giving the below message:

Manufacturer: Not Specified
Serial Number: Not Specified
Part Number: Not Specified

Solution is with a tool that already comes with HP servers. What we will do is get the hex data from the modules EEPROM by using HP commands.

Run -> hpasmcli

When you run SHOW DIMM SPD, there will be hex data speed bytes at the bottom of the detailed information of the memory module. A bunch of numbers and letter, around 16 rows up and down. Copy these encoded data, and use this simple tool I wrote, also giving credit to the developers over at with some of the coding.

Input the hex data and submit.  You will then have your serial, manufacturer and part number.

This tool will work with any type of server and memory as long as you can pull the speed bytes from EEPROM.

Jason Rogers
Charlotte, NC

Kloxo – LXAdmin- Qmail – Remove Spam from Users Inbox

There was a user that had accumilated a lot of spam in their inbox over the years, but never had the mail server to send it directly to the spam box directly upon receipt. The good thing is that spamassasin was installed and was marking the spam status of an email within the headers. This makes it easy to seperate the email from the good and bad emails.

The below script will find the headers marked as spam and then move the spam emails from the users inbox to the users spam folder. This is for Kloxo/qmail based systems, but can be modified for any other mail servers if needed.


## Really do not need to change this if you are moving spam from a user's inbox
spam='X-Spam-Status: Yes,'
## Change this to the user. Do not include "" at the end of the username
## The domain for the user

for u in $(grep -l "$spam" /home/lxadmin/mail/domains/$domain/$user/Maildir/cur/*); do
mv /home/lxadmin/mail/domains/$domain/$user/Maildir/cur/"$u" /home/lxadmin/mail/domains/$domain/$user/Maildir/.Spam/cur/


Satellite/Spacewalk Fix or Repair jabber_lib.main: Unable to connect to jabber servers

Seen this discussion many times, but not to much of information in regards to how to fix OSAD to communicate with the Spacewalk or Satellite server once you see this error in the osad log. To fix the error repeating in the osad log as seen below and have the client server come back online. Do the following.

jabber_lib.main: Unable to connect to jabber servers
jabber_lib.main: Unable to connect to jabber servers
jabber_lib.main: Unable to connect to jabber servers

Delete the “osad-auth.conf” normally found in the “rhn” folder of your clients install. This is to be done on the client server, not the actual spacewalk/satellite server. Once deleted, restart osad and another “osad-auth.conf” will be automatically generated. Login to your spacewalk/satellite server and ping the system that is stating offline.


Resize or Extend Linux VG or LV

If you are needing to add more space to an LV but your VG has no space left to give to the LV.  Following the below will extend or resize your VG and LV in Redhat/CentOS linux.

1) Add a new disk to linux machine.  In VMware, you would just edit the system settings and add another disk.

2) Add the new disk to the existing VG: vgextend /dev/vg01 /dev/sdc

3) Now your Volume Group has the new space added.  You can confirm by doing a vgdisplay.

4) Add space to the existing LV. In the example, I am adding 50 G to the LV from the 100 G disk I added to the VG: lvextend -L +50G /dev/lv01

5) Last thing, do an on-line resize: resize2fs /dev/vg01/lv01
You should now have extended your logical volume.


Juniper SRX220 How to Cluster Firewall – JSRP

Have a pair of SRX220 firewalls at factory setup.  Do not attempt to cluster the firewalls after any changes have been made, more than likely, they will be deleted in order to cluster the SRX220’s (JSRP).  The hardest part to cluster these firewalls is not setting up the cluster, but because of all that is setup from the factory that has to be removed or prepped in order for the cluster to be configured.

Prepping the hardware:

Plug a cat5/6 cable from port 7 on firewall one to port 7 on firewall two.

Plug a cat5/6 cable from port 5 on firewall one to port 5 on firewall two.

Do not attempt to do the below unless you are using a console connection only.  If you are not doing the below with the console port, then stop, and do not even try clustering the firewalls.

Delete all sub-interfaces that are created during the default setup of the firewalls.

delete interfaces ge-0/0/0.0

delete interfaces ge-0/0/0

Do this to all “ge” interfaces.

Now delete everything else we do not need at this point.

delete vlans
delete interfaces vlan
delete interfaces interface-range interfaces-trust
delete security zones security-zone untrust interfaces

1) Ensure that there are no Proxy Arp settings under “Nat”.

2) Ensure that are no ports configured to ethernet-switching.  If so, remove/delete.

Setting up the Cluster


– Our WAN/Uplink for this setup will be 8.8.8.x
– Our Internal network will be 192.168.2.x

We will now setup our node groups and our cluster management network.  Please note that port 6 will automatically be assigned to the fxp interface.  No way around this.  Port 7 is for H/A monitoring.  No way around this as well.

set groups node0 system host-name HOSTNAME
set groups node0 interfaces fxp0 unit 0 family inet address
set groups node1 system host-name HOSTNAME
set groups node1 interfaces fxp0 unit 0 family inet address
set apply-groups “${node}”

Create fabric links.  This is where the configuration will be monitoring and updated between both firewalls.  This is on port 5 where we already have cables going to both firewalls.

set interfaces fab0 fabric-options member-interfaces ge-0/0/5
set interfaces fab1 fabric-options member-interfaces ge-3/0/5

At this time, the cluster should already be online.  We just have to create redundancy groups and assign rethx interfaces to the physical ge-0/0/x interfaces.

set chassis cluster redundancy-group 0 node 0 priority 100
set chassis cluster redundancy-group 0 node 1 priority 1
set chassis cluster redundancy-group 1 node 0 priority 100
set chassis cluster redundancy-group 1 node 1 priority 1

Set interface monitoring on these two ports.

set chassis cluster redundancy-group 1 interface-monitor ge-0/0/0 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-3/0/0 weight 255

Set the amount of rethx interfaces we will be monitoring.  For this demo, we will be monitoring our uplink port ge-0/0/0 (reth0) and internal network ge-0/0/4 (reth1)

set chassis cluster reth-count 2

We are now going to assign virtual interfaces to our WAN/Uplink ports on both firewalls.  On Firewall 2, interfaces start at 3/0/0 for interface 0/0/0 on firewall 1.

set interfaces ge-0/0/0 gigether-options redundant-parent reth0
set interfaces ge-3/0/0 gigether-options redundant-parent reth0

Assign your uplink ip (wan) to the new reth0 interface.

set interfaces reth0 redundant-ether-options redundancy-group 1      
set interfaces reth0 unit 0 family inet address

Assign the untrust zone to reth0

set security zones security-zone trust interfaces reth0
Repeat for the internal network, but use reth1 for the virtual clustered interface.


Jason Rogers



Online Apache Virtualhost Config Generator

Was tired of manually writing config’s when standing up new apache virtualhosts at work.  So I wrote this simple tool to create Apache Virtualhosts configs.  Using the online Apache Virtualhost Config Generator will give you the basic options to stand up an Apache Virtualhost without having to write the same basic virtualhost options every time you need to stand up a new apache host.

Generator Tool is located at:


Jason Rogers

AIX How To reorgvg – INTER-POLICY Maximum

AIX has the capability to spread I/O across all disks within a Volume Group for a logical Volume.  When setting up a a logical Volume, without the Inter-Policy set to maximum.  Data writes in the order of the disk were presented within the Volume Group.  Meaning, once one disk is full with in the Volume Group, data will start writing to the second disk until full, etc…

When creating Logical Volumes that will be consuming large amounts of I/O and there are more than one disk within a Volume group, I would recommend that using the -e and ‘x’ flags being used when creating your volumes. Example, below.

mklv -t jfs2 -y LV_NAME -e ‘x’ VG_NAME 6

If your logical volumes have already been assigned to the Volume Group, you can change the Inter-Policy and do a reorgvg by issuing the following commands.

1)  Check to ensure that there is 1 PP available.

lsvg VG_NAME | grep “FREE PPs:”

2) Set the INTER-POLICY to maximum.

chlv -e x LV_NAME

3) Check to ensure that INTER-POLICY is maximum before proceeding to reorgvg.


4) Run reorgvg on the VG that you set the LV policy on.

reorgvg VG_NAME

** REMEMBER – You must have one free PP to run a reorgvg.

Simple How to Mirror rootvg on AIX

Below the following commands will help assist in mirroring the rootvg on AIX 5.x to 7.1.

Have an empty disk available to mirror the existing rootvg.  Add the empty disk to the existing vg by doing the following.

extendvg rootvg hdisk1

Now we are going to mirror the VG. This will take a while to run depending on your system.

mirrorvg rootvg

Change the bootlist so that the system can fail to hdisk1 if hdisk 0 should go offline, or in reverse order.

bootlist -o -m normal

bootlist -m normal hdisk0 hdisk1

Install the software needed for boot on both disks.

bosboot -ad hdisk0
bosboot -ad hdisk1