All posts by ServerAdmin

SSH2 extension for PHP on CentOS 6

Before we can build and install ssh2 extension, we’ll need a few packages

yum install gcc php-devel php-pear libssh2 libssh2-devel make

Install the extension via pecl

pecl install -f ssh2

On CentOS, PHP will not load extension automatically. To “fix” this, create ssh2.ini file inside /etc/php.d/ and add


Restart apache (service httpd restart) and test PHP with

php -m | grep ssh2

As response, you should get ssh2.

MyDumper – CentOS HowTo

Mydumper – MySQL backup tool created by Domas Mituzas and later supported by several other devs.

The main benefits are multi-threaded and fast backups with almost no locking (if not using non innodb tables), built-in compression, separate files for each table, making it easy to restore single tables or schema. It also has support to hard link files which can reduce the space needed for history of backups. Much faster than mysqldump. The main benefit for separate files is the ability to create backups in multiple threads (the same works for restoring process)

In short – Mydumper is how MySQL DBA and support engineer would imagine mysqldump.

To install mydumper follow the next steps

Install necessary devel libs and cmake

yum install glib2-devel mysql-devel zlib-devel pcre-devel openssl-devel cmake

Download mydumper – (or directly here

Extract the tar.gz archive with

tar -xvzf mydumper-0.6.2.tar.gz
cd mydumper-0.6.2
cmake .

Creating backup


Note: My advice is to create separate dir for every database.

Restore from backup


GNU bash Environment Variable Command Injection

You can test your server for bash command injection with

[root@ss ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
this is a test

Update bash with

# yum -y update bash

and you’ll get

[root@ss ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test


XSS (Cross-Site Scripting) attack is a type of injection, in which malicious scripts are injected into trusted web sites. Your browser has no way to know that the script should not be trusted, and will execute the script. In this case, the script can access any cookies, session tokens, or other sensitive information which can be passed to the attacker.

The golden rule “Do not trust user input” seems forgotten in some cases. The guy succeeded to inject malicious script via TXT record on his domain and the script is promptly executed when you check his domain via Whois services.

The vulnerable sites:

Some of them are already patched but the taste remains 🙂

The ycombinator discussion:

The exact TXT content:

comp@comp ~ $ dig txt
; <<>> DiG 9.9.5-3-Ubuntu <<>> txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24931
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 3
; EDNS: version: 0, flags:; udp: 4096
;; ANSWER SECTION:	300	IN	TXT	"google-site-verification=nZUP4BagJAjQZO6AImXyzJZBXBf9s1FbDZr8pzNLTCI"	300	IN	TXT	"<iframe width='420' height='315' src='//' frameborder='0' allowfullscreen></iframe>"	300	IN	TXT	"v=spf1 ?all"	300	IN	TXT	"<script src='//'></script>"
;; ADDITIONAL SECTION:	11832	IN	A	11832	IN	AAAA	2400:cb00:2049:1::adf5:3b74
;; Query time: 81 msec
;; WHEN: Thu Sep 18 23:21:30 CEST 2014
;; MSG SIZE  rcvd: 481

Samsung printer on Linux – rastertosplc – No such file or directory

If you try to install Samsung printer (in my case ML1675) on Ubuntu 14.04 or Mint 17, you’ll may have some problems with missing file – rastertosplc.

If you added printer via web (http://localhost:631/) or via printer wizard, delete installed printer and follow the next instructions

Download drivers from this page:, extract them and install drivers with:

sudo ./

(follow the wizard to complete process)

cd into /usr/lib/cups/filter and check the existence of rastertosplc file.

If this file doesn’t exist add symbolic link to /opt/smfp-common/printer/bin/rastertospl with

sudo ln -s /opt/smfp-common/printer/bin/rastertospl rastertosplc

after you should have something like

bla@bla-178 /usr/lib/cups/filter $ ls -la
lrwxrwxrwx  1 root root     40 Aug 23 13:39 rastertospl -&gt; /opt/smfp-common/printer/bin/rastertospl
lrwxrwxrwx  1 root root     40 Aug 23 13:51 rastertosplc -&gt; /opt/smfp-common/printer/bin/rastertospl

The first file is probably created via install script while the second one is “fix” to “File “/usr/lib/cups/filter/rastertosplc” not available: No such file or directory” problem.

After you did this, add printer via wizard and try to print test page.


CentOS server – NFS client/server howto

NFS stands for Network File System and through NFS, a client can read and/or write a remote share on an NFS server (like on local hard disk)

The first step to set up NFS client/server is to install nfs-utils and nfs-utils-lib packages on both systems (server and client)

yum install nfs-utils nfs-utils-lib
chkconfig --levels 235 nfs on 
service nfs start

For example, the server IP is and the client

I’d like to use /test and /var/test directories from the client system. To make them accessible we must “export” them on the server.

From the client system, the NFS share is usually accessed as the user “nobody”. If the directory isn’t owned by nobody, the read/write access from NFS client should be made as root.
In this howto, the /test dir will be used as root while the /var/test will be used as “nobody”. If /var/test directory doesn’t exist, create the dir and change the ownership to the user/group 65534 (nonexistant user/group).

mkdir /var/test
chown 65534:65534 /var/test

The next step (on the server side) is to modify /etc/exports

nano /etc/exports

and add the next lines

/test ,sync,no_root_squash,no_subtree_check)

The no_root_squash parameter means access dir as root (all files copied/created from client will be owned by root).

After you modify /etc/exports, run exportfs -a to make the changes effective.

exportfs -a

The next step (on the client side) is to create the directories where you want to mount the NFS shares

mkdir -p /mnt/test
mkdir -p /mnt/var/test

Mount NFS shares with

mount /mnt/test
mount /mnt/var/test

Verify the settings with:

df -h

The result should be something like

[root@client ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
....    100G  25G   75G  25% /mnt/test
                       100G  25G   75G  25% /mnt/var/test



The result should be something like

[root@client ~]# mount
.... on /mnt/test type nfs (rw,addr= on /mnt/var/test type nfs (rw,addr=

To mount the NFS shares at boot time, add the next lines in /etc/fstab file  /mnt/test   nfs      rw,sync,hard,intr  0     0  /mnt/var/test   nfs      rw,sync,hard,intr  0     0

Don’t forget to check the settings after reboot