You can follow the instructions below to set a custom php.ini file per user when using FastCGI with cPanel on your server.

Step 1 – Make a backup copy of your cPanel PHP wrapper script:

cp -frp /usr/local/cpanel/cgi-sys/php5 /usr/local/cpanel/cgi-sys/php5.bk

Step 2 – Edit the cPanel PHP wrapper script:

vim /usr/local/cpanel/cgi-sys/php5

Add the following line above exec /usr/bin/php:

[[ -f ~/public_html/php.ini ]] && exec /usr/bin/php -c ~/public_html/php.ini

The file should now look like:


# If you customize the contents of this wrapper script, place
# a copy at /var/cpanel/conf/apache/wrappers/php5
# so that it will be reinstalled when Apache is updated or the
# PHP handler configuration is changed

[[ -f ~/public_html/php.ini ]] && exec /usr/bin/php -c ~/public_html/php.ini
exec /usr/bin/php

Step 3 – Now you will want to copy the PHP wrapper script to a more permanent location. This will ensure the settings are saved if you ever recompile Apache.

Continue reading

If you have to dig in to logs files to investigate a problem, 1: you have failed straight away but i won’t go in to that now, 2: if you have to look at them it helps if the log files are readable.

The icinga.log file has a lot of data and unfortunately the timestamps are in epoch time format.

[1411724135] SERVICE ALERT: monitor1.gb1;IOSTAT_BUSY;WARNING;HARD;5;WARNING:sda=O:5,W:0,C:0: sdb=O:4,W:1,C:0: 

Using a little perl command line magic we can convert that ugly timestamps into something more readable.

[Fri Sep 26 09:35:35 2014] SERVICE ALERT: monitor1.gb1;IOSTAT_BUSY;WARNING;HARD;5;WARNING:sda=O:5,W:0,C:0: sdb=O:4,W:1,C:0:

Just use…

perl -pe 's/(\d+)/localtime($1)/e' icinga.log |grep monitor1.gb1


tail -f icinga.log | perl -pe 's/(\d+)/localtime($1)/e'

While trying to clear up an unused Logical Volume i came across this error:

#lvremove /dev/datavol/testbuild
Can't remove open logical volume "testbuild"

After a little investigation i could see the Open status for this LV was set to 2:

#dmsetup info -c  /dev/datavol/testbuild
Name              Maj Min Stat Open Targ Event  UUID                                                                
datavol-testbuild 252   2 L--w    2    1      0 LVM-6d36fbop48S1KvuFtoUnn8vFJyoRSKANfX5ViDNAl3h2d3WiAIcou4oprHDRJpvB

I had 2 patitions setup in this LV so i removed them using the commands below

#dmsetup remove /dev/mapper/datavol-testbuild2

#dmsetup remove /dev/mapper/datavol-testbuild1

The open status was now 0 so i could remove the LV.

  --- Logical volume ---
  LV Name                /dev/datavol/testbuild
  VG Name                datavol
  LV UUID                fX5ViD-NAl3-h2d3-WiAI-cou4-oprH-DRJpvB
  LV Write Access        read/write
  LV Status              available
  # open                 0
  LV Size                40.00 GiB
  Current LE             10240
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           252:2

Remove the LV:

# lvremove /dev/datavol/testbuild
Do you really want to remove active logical volume testbuild? [y/n]: y
  Logical volume "testbuild" successfully removed

On each renewal of our ssl cert i always forget how i manage to get openfire to read a new certificate. Finally found some notes which seems to just work – Credit to The_Spider on forum for providing clear instructions.

Stop Openfire then merge your root CA with your certificate:

cat >

Convert your existing Private Key and new merged certificate to the pkcs12 format. (This step requires you create a password, I am going to use the default password for simplicity. “changeit”)

openssl pkcs12 -export -in -inkey -out -name

Merge your private key and cert to OpenFire’s private Keystore.

keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore /opt/openfire/resources/security/keystore -srckeystore -srcstoretype PKCS12 -srcstorepass changeit -alias

Start OpenFire

Sometimes it is helpful to be able to mount an image under the host system. If you wish to mount a QEMU / KVM disk image you could use qemu-nbd.

First you need to load the module:

 sudo modprobe nbd max_part=8

Then you can share the disk on the network and create the device entries:

 sudo qemu-nbd --connect=/dev/nbd0 file.qcow2

Then you mount it:

 mount /dev/nbd0 /mnt

When done, unmount and unshare it:

 umount /mnt/kvm
 nbd-client -d /dev/nbd0

NB: never mount a QEMU image while QEMU is using it (unless -snapshot is used), or you are likely to corrupt the filesystem on the image.

Google engineering intern Andrew Munn has launched into a detailed explanation on Google+ as to why many Android devices are significantly more sluggish and less responsive in terms of user interface and experience than comparable iOS and Windows Phone 7 devices. The root of the problem? Inoptimal priority queuing on Android OS. On one side, iOS has graphics rendering queued as a real-time priority, thereby letting users self-manage which priorities are to be rendered in the background. On the flip side, Android views graphics rendering as a normal priority. As a result, Android devices tend to become more sluggish when they’re trying to perform other tasks simultaneously.


Continue reading

Following a recent upgrade of cacti from 0.8.7g to 0.8.7h i noticed a problem with the poller output. When the poller attempts to parse the output in order to generate rrdtool update command, the output is incorrectly interpreted as a hexadecimal number and the resulting update command looks like this:

11/16/2011 08:55:35 AM – POLLER: Poller[0] CACTI2RRD: /usr/bin/rrdtool update /var/lib/cacti/rra/server_520_333.rrd –template 1321433734:2.0177678937406E+118
Continue reading

Servers by default display information via Apache and PHP that makes them vulnerable. With Apache, the version number and installed module versions are listed at the bottom of 404 error pages and on HEAD requests. With PHP, because it runs on our servers as CGI, when it processes php scripts, it adds the “X-Powered By” and displays the version number. In both cases this is not desirable as attackers can use such information to compromise the server.
Continue reading