CHECK_NRPE: Error – Could not complete SSL handshake

If you find this error in nagios for a particular server, this means nothing but the nrpe check from nagios server cannot able to complete the service check to client server.

You can check this through command line itself, run the following in nagios server.

# /usr/local/nagios/libexec/check_nrpe -H hostnameORclientserverIP -c check_load
CHECK_NRPE: Error – Could not complete SSL handshake.

You may need to cover different scenarios for this to troubleshoot.

1) Check if the particular check is available in client server (For example, check_load, 3ware_check, mail_count etc)

2) Check if xinetd or nrpe stopped running,otherwise try to restart it.

# /etc/init.d/xinetd restart
# /etc/init.d/nrpe restart

3) Make sure you allowed the nagios IP in /etc/xinetd.d/nrpe if nrpe is running under xinetd,like as getting in netstat result.

# netstat -plan | grep :5666
tcp 0 0* LISTEN 25022/xinetd

Check the parameter “only_from” in this file whether allowed nagios IP there.

Then restart xinetd

# /etc/init.d/xinetd restart


Make sure you allowed the nagios IP in /etc/nagios/nrpe.cfg if nrpe is not running under xinetd and as nrpe user itself, like as getting in netstat result.

# netstat -plan | grep :5666
tcp 0 0* LISTEN 248184/nrpe

Make changes to value of parameter “allowed_hosts” in /etc/nagios/nrpe.cfg to as shown below


Then restart nrpe

# /etc/init.d/nrpe restart

4) Try to whitelist nagios server IP in firewall.


nload monitoring tool

The tool nload makes it simple for us to check the incoming/outcoming traffic rate in server, it’s pretty nice and handy tool. This is very useful to check traffic stat when a server is under ddos attack.

How to install it?

Download nload source from
# tar xvf nload-0.7.4.tar.gz
# cd nload-0.7.4
# ./configure
# make
# make install

Or you can install it using rpm, download it from here

Basic Commands
$ nload
$ nload eth0
$ nload em0 em2



Once we confirm whether it is inbound or outbound, we can use further methods like iftop, tcpdump, apache status through WHM or httpd fullstatus via shell.

Manually rearrange domains due to disk space warnings

If you see home partition space warnings and you want to move high sized account from it to second home partition, you can either do it from WHM Home » Account Functions » Rearrange an Account. Doing it from WHM interface is good for accounts that have less size. Say if the account has size over 10GB or 15GB or so, go for manual move.

But please note that when moving it manually, you should make the changes in following areas. Otherwise you gonna jeopardize the account.

Suppose if you are moving a high sized account “test” from /home to  /home2

– First step move it from /home to /home2

#mv -f /home/test /home2/

Now the rest of changes in all necessary config files.

#replace /home/ /home2/ — /var/cpanel/userdata/test/*
#replace /home/ /home2/ — /etc/proftpd/test
#replace /home/test /home2/test — /etc/passwd
#replace /home/test /home2/test — /home2/test/etc/*/passwd


#/etc/init.d/httpd restart

#/etc/init.d/pure-ftpd restart

You are done 🙂

Install Skype in Ubuntu

Download debian package for Skype from the following url, from it I chose Ubuntu multi arch version.

After downloading skype-ubuntu-precise_4.3.0.37-1_i386.deb , install it with dkpg which is the package manager for Debian version.

# dpkg -i skype-ubuntu-precise_4.3.0.37-1_i386.deb

If you get an error on it

  Errors were encountered while processing:

# skype
skype: error while loading shared libraries: cannot open shared object file: No such file or directory

Now we can check its file type

# file /usr/bin/skype
/usr/bin/skype: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0xa888f203730ac8ff33ae0261a95129dbb76e1857, stripped

so it’s shared object and dynamically linked to shared libraries, and there might be problem some of is dependancies.

You can check dependant libraries of this package by using ‘ldd’ command

# ldd /usr/bin/skype =>  (0xf77b4000) => not found => not found => /lib/i386-linux-gnu/ (0xf5515000) => /lib/i386-linux-gnu/ (0xf5510000) => /usr/lib/i386-linux-gnu/ (0xf53db000) => /usr/lib/i386-linux-gnu/ (0xf53c8000) => not found => not found => not found => not found => not found => not found => /lib/i386-linux-gnu/ (0xf53ab000) => /usr/lib/i386-linux-gnu/ (0xf52c2000) => /lib/i386-linux-gnu/ (0xf527f000) => /lib/i386-linux-gnu/ (0xf5262000) => /lib/i386-linux-gnu/ (0xf50ae000)
    /lib/ (0xf77b5000) => /usr/lib/i386-linux-gnu/ (0xf508c000) => /usr/lib/i386-linux-gnu/ (0xf5088000) => /usr/lib/i386-linux-gnu/ (0xf5081000)

Here I have got many missing dependancies libraries and offcourse broken ones.

You can install broken dependancies using ‘apt-get’ command with ‘-f’ option along with it. ‘-f’ is for correcting a system with broken dependencies.

# apt-get -f install

and continue installation.

Now install debian package of skype again.

# dpkg -i skype-ubuntu-precise_4.3.0.37-1_i386.deb
(Reading database … 192226 files and directories currently installed.)
Preparing to replace skype (using skype-ubuntu-precise_4.3.0.37-1_i386.deb) …
Unpacking replacement skype …
Setting up skype ( …
Processing triggers for hicolor-icon-theme …
Processing triggers for gnome-menus …
Processing triggers for desktop-file-utils …
Processing triggers for bamfdaemon …
Rebuilding /usr/share/applications/bamf-2.index…
Processing triggers for mime-support …

You are done…. 🙂

cloudlinux: PHP selector NOT working or BROKEN

It was truly devastating and I was dismayed when I noticed the PHP selector in server got broken or stopped working since the last easy-apache. Tones of tickets were popped in when clients lost their custom php versions and its custom settings

I tried to select the php version 5.4 for the domain and set post_max_size and upload_max_filesize to 32MB each







And I checked by putting a phpinfo page in the domain, sadly the changes I made in php selector settings had no effect








Following is the solution that I could finally find out to fix it … tadaa 🙂

PHP configured as suphp in server
# /usr/local/cpanel/bin/rebuild_phpconf –current
Available handlers: suphp dso fcgi cgi none
PHP4 SAPI: none
PHP5 SAPI: suphp
SUEXEC: enabled
RUID2: not installed

We must check if is present in /opt/suphp/sbin/suphp since it is suphp compiled with lve. In this case Cagefs and PHPSelector can’t work properly. You can check this by searching file /opt/suphp/sbin/suphp . Use strings command to read it since it is a binary file.

# strings /opt/suphp/sbin/suphp | grep lve

Output should be as…

# strings /opt/suphp/sbin/suphp |grep lve
Could not resolve path “

If it is not present, then you need to run:

# /usr/sbin/

Then force update cagefsctl to update alt_php.ini of all individual users in server.

# cagefsctl –force-update

Now see my changes 🙂









This should solve your issue

/etc/resolv.conf is being overwritten everytime??? | Ubuntu work around

Yes it is true in ubuntu, even if we manually set custom nameservers in /etc/resolv.conf it will overwrite on next reboot or network restart or modem/router restart. It is really annoying once we set google nameservers or opendns or whatever in resolv.conf it goes back to default page on each instance of restart or modem reconnect. The operation of setting attribute to /etc/resolv.conf is not supported here.

root@vaiocyber:~# chattr +i /etc/resolv.conf
chattr: Operation not supported while reading flags on /etc/resolv.conf

The work around to get it permanently fixed is as follows:

Initially my resolv.conf looked like.

root@vaiocyber:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
search Home

Open file /etc/network/interfaces and add the line “dns-nameservers NS1-IP NS2-IP” to the bottom, like I wanted to add opendns IPs in my system. For that I did add “dns-nameservers” to the interfaces file. Now the file looks like in my ubuntu is.

root@vaiocyber:~# cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

Now restart network by “service networking restart” or “ifdown eth0 ; ifup eth0” or Reboot modem or Reboot the ubuntu machine itself. From now onwards the custom nameservers we set will still there be in place until we revert the changes made 😀

After restart, the resolv.conf file will automatically added with custom nameservers we set in interfaces file 🙂


root@vaiocyber:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
search Home

Enjoy fast surfing now 🙂


(For more detailed information… read “man resolvconf“)

Install Java and Enable it for Web Browsers | Linux

(Steps based on what I did in Ubuntu OS)

As you know Java is essential to be installed and should be enabled to web browsers on local machines from where the system admins access their servers. The need of Java in most cases while we access consoles like KVM switches, IPMI etc to reboot a server which is down or to check what’s happening inside the server when SSH and network is down. In such cases, Java applet programs from the server would access our local machines and needs Java present in our machine inorder to run to work with web browser.

The local machines without Java installed or Webbrowsers not enabled with Java plugins will pop up errors like as follows when you load KVM or IPMI pages:






Following are the steps to install Java and enable it for Mozilla-firefox and Chromium Web Browsers in Ubuntu OS.


1) Go here >>

Download Java source, looks like “jre-7u51-linux-x64.tar.gz”. Note to choose source package based on your machines architecture 32bit or 64bit(Run ‘arch’ or ‘uname -m’ to check it)

2) Once downloaded, move the source package to path /usr/local/java. If folder doesn’t exist create one “mkdir /usr/local/java”

(Make sure you have the power to run all commands using sudo if you are a normal user, else be logged in as root)

#mv /home/john/Downloads/jre-7u51-linux-x64.tar.gz /usr/local/java/

#cd /usr/local/java/

#tar xvf jre-7u51-linux-x64.tar.gz

(You will see it untarred and everything in a folder named ‘jre1.7.0_51’)

#chown root.root /usr/local/java/ -R

3) Now open the file “/etc/profile” and add the following on top

export JRE_HOME
export PATH

4) Now run the below commands to let OS know the path where Java JRE is located and set.

#update-alternatives –install “/usr/bin/java” “java” “/usr/local/java/jre1.7.0_51/bin/java” 1

#update-alternatives –install “/usr/bin/javaws” “javaws” “/usr/local/java/jre1.7.0_51/bin/javaws” 1

#update-alternatives –set java /usr/local/java/jre1.7.0_51/bin/java

#update-alternatives –set javaws /usr/local/java/jre1.7.0_51/bin/javaws

5) Reload your system wide PATH /etc/profile by typing the following command:

# . /etc/profile

(Sometimes you may need to reboot your ubuntu system to reload the system wide PATH in /etc/profile)

Now Java is installed, check the version by using “java -version”

For Chromium

# cd /usr/lib/chromium-browser/plugins/
# ln -s /usr/local/java/jre1.7.0_51/lib/amd64/
# root@vaiocyber:/usr/lib/chromium-browser/plugins# ll
total 8
drwxr-xr-x 2 root root 4096 Mar 30 12:48 ./
drwxr-xr-x 7 root root 4096 Mar 17 03:14 ../
lrwxrwxrwx 1 root root 49 Mar 30 12:48 -> /usr/local/java/jre1.7.0_51/lib/amd64/*

Exit and reload Chromium browser now and load the KVM or IPMI page successfully 🙂
For enabling Java plugin permanently, in the address bar type “about:plugins” or “chrome://plugins/” . Choose “Java(TM) – Version: 10.x.x”
from the plugins list and check “Always allowed”.


For Mozilla Firefox

# cd /usr/lib/mozilla/plugins
# ln -s /usr/local/java/jre1.7.0_51/lib/amd64/
root@vaiocyber:/usr/lib/mozilla/plugins# ll
total 372
drwxr-xr-x 2 root root 4096 Mar 30 12:50 ./
drwxr-xr-x 4 root root 4096 Oct 17 00:31 ../
lrwxrwxrwx 1 root root 37 Mar 2 08:06 -> /etc/alternatives/mozilla-flashplugin
lrwxrwxrwx 1 root root 49 Mar 30 12:50 -> /usr/local/java/jre1.7.0_51/lib/amd64/*
-rw-r–r– 1 root root 6088 May 16 2013
-rw-r–r– 1 root root 100720 May 26 2013
-rw-r–r– 1 root root 105440 May 26 2013
-rw-r–r– 1 root root 72048 May 26 2013
-rw-r–r– 1 root root 80576 May 26 2013

Exit and reload Firefox now and load the KVM or IPMI page successfully 🙂
For enabling Java plugin permanently, click on Tools menu >> Add-ons, select “plugins” tab and set Java plugin “Always Active”.


Login fails to Roundcube, Horde, Squirrel in Webmail

Do the solution steps as mentioned here for the following error you see in Roundcube, Horde and Squirrel mails after successfully logging in webmail.

Login failed because your username or password was entered incorrectly

#First check the domain name is there in files /etc/localdomains or /etc/remotedomains depends on its local or remote mail exchanger.

#Check the domain’s name is present in /etc/userdomains, if not run script /scripts/updateuserdomains

#Make sure the server hostname is not same as the name of problematic domain name, which would create unexpected authentication issues.
for eg: if your main domain name is then the hostname should not be the same main domain name, add a new subdomain entry like or etc

Finally you can make sure the entries in /etc/hosts are correct, especially the localhost associated with loop ip

A default hosts will look like as follows.


# cat /etc/hosts
# that require network functionality will fail.
# Do not remove the following line, or various programs        localhost server


((((replace with original server main IP and with original server hostname))))

After correcting all the above, you will be able to login into Roundcube, Horde, Squirrel successfully.

Proper Method To Change Default Mysql Engine Permanently

Here the mysql engine is set to InnoDB by default and I want to change it to MyISAM for long run. It was the old way setting parameter “skip-innodb” and commenting “innodb_file_per_table=1” in my.cnf file. Additionally we used to execute mysql query “SET storage_engine=MYISAM;”. Now a days, the above changes wont work and perhaps the mysql server doesn’t come back after initiating a restart since the changes made. The proper method is set the variable “default-storage-engine = MyISAM” like my mysql configuration as follows:

<> ~> cat /etc/my.cnf
default-storage-engine = MyISAM
#innodb_force_recovery = 4

Nothing else you need to do 🙂
Now restart mysql server and check the default engine is set to what

<> ~> /etc/init.d/mysql restart
Shutting down MySQL. [ OK ]
Starting MySQL. [ OK ]

mysql> show engines;
| Engine | Support | Comment | Transactions | XA | Savepoints |
| MyISAM | DEFAULT | MyISAM storage engine | NO | NO | NO |
| MRG_MYISAM | YES | Collection of identical MyISAM tables | NO | NO | NO |
| CSV | YES | CSV storage engine | NO | NO | NO |
| BLACKHOLE | YES | /dev/null storage engine (anything you write to it disappears) | NO | NO | NO |
| MEMORY | YES | Hash based, stored in memory, useful for temporary tables | NO | NO | NO |
| PERFORMANCE_SCHEMA | YES | Performance Schema | NO | NO | NO |
| ARCHIVE | YES | Archive storage engine | NO | NO | NO |
| FEDERATED | NO | Federated MySQL storage engine | NULL | NULL | NULL |
| InnoDB | NO | Supports transactions, row-level locking, and foreign keys | NULL | NULL | NULL |
9 rows in set (0.00 sec)

If you want to enable InnoDB as well along with default MyISAM engine, then comment out the variable skip-innodb and remove comment before variable innodb_file_per_table=1

Re-setup and configure the broken WiFi network in RHEL/CentOS/Fedora

Recently I installed CentOS on my VAIO laptop and I had to do some further up-gradation of outdated packages, but that shoved me into a real headache. The WiFi network was working good till starting the upgradation procedure, but stopped right after completing the process. I had no idea then about how this was happened. I was getting only the following information from ifconfig

wlan0 Link encap:Ethernet HWaddr A4:17:31:E0:B6:47
inet6 addr: fe80::a617:31ff:fee0:b647/64 Scope:Link
RX packets:95834 errors:0 dropped:0 overruns:0 frame:0
TX packets:73355 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:119240792 (113.7 MiB) TX bytes:9640456 (9.1 MiB)

and from iwconfig

wlan0 IEEE 802.11bgn ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=16 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off

Sadly no IP Address or anything received from the DSL Modem. I tried to restart network and NetworkManager services and the dhclient as well. But those did not change the situation. I checked /var/log/messages for system messages and dmesg for kernel messages and got the following ones.

Jan 20 12:12:29 john NetworkManager[2042]: error requesting auth for (35) Remote Exception invoking org.freedesktop.PolicyKit1.Authority.CheckAuthorization() on /org/freedesktop/PolicyKit1/Authority at name org.freedesktop.PolicyKit1: org.freedesktop.DBus.Error.Spawn

ADDRCONF(NETDEV_UP): wlan0: link is not ready

It was fully doubtful for me if the wifi device got undetected or lost its driver module itself in running kernel. But it was indeed a relaxation result from lspci and lsmod since the wifi device was already there in place and the running kernel still has the wifi adapter modules kept with it.

<> ~> lspci -v | grep -A 12 Wireless
07:00.0 Network controller: Qualcomm Atheros AR9485 Wireless Network Adapter (rev 01)
Subsystem: Foxconn International, Inc. Device e044
Flags: bus master, fast devsel, latency 0, IRQ 16
Memory at c1200000 (64-bit, non-prefetchable) [size=512K]
Expansion ROM at c1500000 [disabled] [size=64K]
Capabilities: [40] Power Management version 2
Capabilities: [50] MSI: Enable- Count=1/4 Maskable+ 64bit+
Capabilities: [70] Express Endpoint, MSI 00
Capabilities: [100] Advanced Error Reporting
Capabilities: [140] Virtual Channel
Capabilities: [160] Device Serial Number 00-00-00-00-00-00-00-00
Kernel driver in use: ath9k
Kernel modules: ath9k

<> ~> lsmod | grep ath9k
ath9k 91969 0
mac80211 552581 1 ath9k
ath9k_common 3193 1 ath9k
ath9k_hw 408176 2 ath9k,ath9k_common
ath 18078 3 ath9k,ath9k_common,ath9k_hw
cfg80211 619515 3 ath9k,mac80211,ath

Finally I did use the tool iwlist to reestablish the wifi network manually. For that, first install the tool

<> ~> yum -y install wireless-tools

<> ~> ifconfig wlan0 up

<> ~> iwlist wlan0 scan

<> ~> iwlist wlan0 scan
wlan0 Scan completed :
Cell 01 – Address: 1C:7E:E5:0B:D0:E9
Frequency:2.412 GHz (Channel 1)
Quality=33/70 Signal level=-77 dBm
Encryption key:off
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s
24 Mb/s; 36 Mb/s; 54 Mb/s
Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 48 Mb/s
Extra: Last beacon: 92ms ago
IE: Unknown: 0005444C696E6B
IE: Unknown: 010882848B962430486C
IE: Unknown: 030101
IE: Unknown: 2A0100
IE: Unknown: 2F0100
IE: Unknown: 32040C121860
IE: Unknown: 2D1A6C181BFF00000000000000000000000000000000000000000000
IE: Unknown: 3D1601000400000000000000000000000000000000000000
IE: Unknown: DD090010180202F0040000
IE: Unknown: DD180050F2020101800003A4000027A4000042435E0062322F00

Now configure wlan0 with the above information


<> ~> iwconfig wlan0 essid DLink key off

(((ESSID:”DLink” and Encryption key:off in the iwlist scan result)))

Then start the dhcpclient for wlan0

<> ~> dhclient wlan0

You are done 🙂

from dmesg

ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready

<> ~> ifconfig | grep -A 7 wlan0
wlan0 Link encap:Ethernet HWaddr A4:17:31:E0:B6:47
inet addr: Bcast: Mask:
inet6 addr: fe80::a617:31ff:fee0:b647/64 Scope:Link
RX packets:104499 errors:0 dropped:0 overruns:0 frame:0
TX packets:80783 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:126639447 (120.7 MiB) TX bytes:11239675 (10.7 MiB)

<> ~> iwconfig
wlan0 IEEE 802.11bgn ESSID:”DLink”
Mode:Managed Frequency:2.412 GHz Access Point: 1C:7E:E5:0B:D0:E9
Bit Rate=1 Mb/s Tx-Power=16 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=43/70 Signal level=-67 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:11 Missed beacon:0

If you don’t want to repeat these steps each time when you start the system, then you can set those in a single script file as follows:

<> ~> cat /root/
#This is to bring up wifi at the startup
ifconfig wlan0 up
iwconfig wlan0 essid DLink key off
sleep 5
dhclient wlan0

<> ~> chmod +x /root/

Then set the command sh /root/ in file /etc/rc.local or /etc/rc.d/rc.local inorder to establish wifi network along with all the run levels while system booting process.