This is a guest post by forum user @alexxgg,

Hi there!

These days when the internet shares things in milliseconds, who of you have needed to share a file quickly? I bet some of you remember at least one time one of those cases.

As you probably know, in terms of web servers, we can share files with popular software like Apache, Nginx, and Lighttpd but this software need basic configuration, also they consume server resources as long as they’re active.

What if you could set up a basic HTTP web server without installing Apache, Nginx, or Lighttpd? Well, that’s sounds kind of impossible, and even more unbelievable is that you can kill it with Ctrl^C. Thanks to Python3 we can do that with its HTTP server module.

This module will deploy an HTTP server in any directory of the server, even in the root directory and that sounds ridiculously dangerous, fortunately, the default port of this HTTP server isn’t 80. Instead, it will use port: 8000 but you can assign a custom port, very convenient for NAT environment instances.

Now you can deploy a basic HTTP server -in the current directory with the default port- by typing this single command line:

python3 -m http.server

Starting HTTP Server

Killing HTTP Server

HTTP Server as Shown in Browser

You can change the default port (example port: 32085) and specify a directory (example directory: /tmp/) with:

python3 -m http.sever 32085 --directory /tmp/

More information about Python3 httpserver module is available here

Also, there is a github page here

Note: of course, you will need to install Python3 in order to use these post example command lines.
Leave a comment to let me know any questions or suggestions.

This is a really QUICK TIP!

When you run any command as root, using sudo, the password is remembered for 15 minutes by default.
If you want to change the time that the password is cached, open the terminal (as root) and run:

editor /etc/sudoers 

Find this line in the file:

defaults env_reset

And change it into:

defaults env_reset , timestamp_timeout=x

where “x” is the time in minutes that the password will be cached.

Save and exit and work is done!

When installing software on your VPS you will end up with both empty files and empty directories, often these are used as placeholders/lock files/socket files for communication.

This short guide will give you some examples on how to find those empty files/directories.

The command we are going to use is the “find” command. To find empty directories/files in the current directory, you use the parameter “-empty“.

You also have to use the parameter “-type” to define if you are looking for directories (d) or files (f).

Examples

Here is the command to find empty directories in the current directory:

find ./ -type d -empty

And here is the command to find empty files in the current directory:

find ./ -type f -empty

If you need to know how many empty files you have in the current directory, pipe the find command to “wc -l“:

find ./ -type f -empty | wc -l

Similarly, to recursivly count how many how many files are located under the current directory and sub-directories,  you can use the following command:

find ./ -type f -not -empty | wc -l 

To remove all empty directories in the current directory, the command you can use is:

find ./ -type d -empty -exec rmdir {} \;

– In all the commands above, the  (./) means the current directory or folder, if you want to perform actions in other directories, just replace the  (./) with the path to the new directory.

– In system directories such as /etc/, there are many empty files and directories.

But it is strongly recommended to not remove them.

In the LowEndSpirit, we tend to look for resource-efficient alternatives. Here is an alternative to use instead of Postfix, Sendmail, or Exim.

Often when installing and running a web application or script you need an SMTP server to send an email, rarely there is the need to receive any email. It works equally well using ssmtp, which also is simple and fast to install. It takes two minutes to install and configure.

RedHat, CentOS7, Fedora

yum install ssmtp

If you receive a “Package ssmtp is not available” error, you’ll need to install EPEL on your machine with the following command:

yum --enablerepo=extras install epel-release

Once done, you’ll be able to install ssmtp using the above command.

Ubuntu, Debian

apt-get install ssmtp

The configuration is done in the /etc/ssmtp/ssmtp.conf and there is only a couple of settings to change:

Mailhub
The mail server you must send mail through (relay). In this guide we will use GMail smtp Server.
From Line Override
Set to YES to allow the use of others choose from addresses other than the system itself.
AuthUser
The username or email adress on the account used to login to gmail.
AuthPass
The password for above account
UseSTARTTLS
Set to Yes to use TLS when connecting to the SMTP server.

## Config file for sSMTP sendmail
## The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=postmaster
# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
mailhub=smtp.gmail.com:587
AuthUser=name@gmail.com
AuthPass=YourtopSecretPassw0rd!
UseSTARTTLS=YES 
# Where will the mail seem to come from?
#rewriteDomain= 
# The full hostname
hostname=debianVPS.local 
# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: 
addressFromLineOverride=YES

No reboots required.

To use ssmtp with the PHP mail() function, you have to edit the sendmail_path parameter in php.ini to something like this:

sendmail_path = /usr/sbin/ssmtp -t

You have no open ports, everything just works!

Following up on the bonus tip posted on Resize your KVM VPS disk partition, 2 methods and bonus tip to reclaim disk space – Easy mode, here is a longer explanation and guide how to reclaim your reserved disk space.

Joe Dougherty from SecureDragon.net (great guy running a great company) sent me a tip about this thread and asked if I could write something about this “weird trick”. Actually it’s not a wierd trick, it’s a built in security feature. The information in this post will only work on dedicated servers or Virtual Servers that utilize full virtualization, meaning that this won’t work on OpenVZ.

On a newly created filesystems (Ext [2/3/4]) some of the space will be allocated for the system superuser (root) as “system reserved”. The default of 5% is meant for system partitions. If something goes wrong and your server consumes all its free disk space, the root user could still log in and check logs/crashdumps/etc and generally fix the situation.

For example, if your disk space fills up, the system logs (/var/log) and root’s mailbox (/var/mail/root) can still receive important information. For a /home or general data storage partition, there’s no need to leave any space for root. For very special needs, you can even change the user that gets this emergency space.

There’s another reason to not allow an ext[23] filesystem to get full, which is fragmentation. Ext4 should be better at this, as explained by Linux filesystem developer/guru Theodore Ts’o:

If you set the reserved block count to zero, it won't affect performance much except if you run for long periods of time (with lots of file creates and deletes) while the filesystem is almost full (i.e., say above 95%), at which point you'll be subject to fragmentation problems.  Ext4's multi-block allocator is much more fragmentation resistant, because it tries much harder to find contiguous blocks, so even if you don't enable the other ext4 features, you'll see better results simply mounting an ext3 filesystem using ext4 before the filesystem gets completely full.If you are just using the filesystem for long-term archive, where files aren't changing very often (i.e., a huge mp3 or video store), it obviously won't matter.

Theodore Tso

If you have a VPS with small disk size the 5% won’t mean much but if you have a 100GB drive or bigger, it quickly adds up to a vaste amount of unused space. In those cases we could lower the amount of reserved space in order to claim and use a few more GB.

At the time of writing the original post, I actually had an unused XEN VPS so lets have a look at what we can do about this by using that as a real life example.

first we confirm the filesystem parameters by running this command:

# tune2fs -l /dev/xvda1

it will list all information about the disk. This is the output I got from my server:

tune2fs 1.42.5 (29-Jul-2012)
Filesystem volume name:   <none>
Last mounted on:          <not available>
Filesystem UUID:          50fd54e4-7740-4683-b1e5-64e93d6d1e92
Filesystem magic number:  0xEF53
Filesystem revision #:    1 (dynamic)
Filesystem features:      has_journal ext_attr resize_inode dir_index filetype needs_recovery sparse_super large_file
Filesystem flags:         signed_directory_hash 
Default mount options:    (none)
Filesystem state:         clean
Errors behavior:          Continue
Filesystem OS type:       Linux
Inode count:              9830400
Block count:              39321600
Reserved block count:     1966080
Free blocks:              38473681
Free inodes:              9799099
First block:              0
Block size:               4096
Fragment size:            4096
Reserved GDT blocks:      1014
Blocks per group:         32768
Fragments per group:      32768
Inodes per group:         8192
Inode blocks per group:   512
RAID stride:              1
RAID stripe width:        80
Filesystem created:       Mon Nov 10 19:05:08 2014
Last mount time:          Sun Dec 14 17:25:37 2014
Last write time:          Sun Dec 14 17:25:13 2014
Mount count:              12
Maximum mount count:      34
Last checked:             Mon Nov 10 19:05:08 2014
Check interval:           15552000 (6 months)
Next check after:         Sat May  9 19:05:08 2015
Reserved blocks uid:      0 (user root)
Reserved blocks gid:      0 (group root)
First inode:              11
Inode size:               256
Required extra isize:     28
Desired extra isize:      28
Journal inode:            8
Default directory hash:   half_md4
Directory Hash Seed:      e2ccf267-28ea-4e34-9df0-a349d06f0247
Journal backup:           inode blocks

The ineresting part from the output above:

Reserved block count:     1966080
Reserved blocks uid:      0 (user root)
Reserved blocks gid:      0 (group root)

Before we move on to the amount of reserved space, take a moment to reflect on what user who is allowed to use the reserved space. By default it is root unless changed by the system administrator.

if you multiply the Reserved Block Count with the current Block Size (also found in the tune2fs output above)

Block size:               4096

we get how much space in bytes that is reserved by the system:

Doing the same operation using the Block Count value:

Block count:              39321600

will give you the Total Disk space of the drive

As you can see (7,5GB out of 150GB) exactly 5% of the disk is reserved space.

As previously mentioned, if you don’t have a large disk it would be wise to not change that 5% value since it could mean that you wont have enough “system reserved space” to recover from a full disk problem.

In my case, 7,5 GB of reserved space is a bit much and I would benefit if this was available for me to store my backups instead. So, how do we change the amount of reserved space?

Since my disk is in total 150GB each percentage is 1,5GB and I think that 1,5GB will be enough for this server, the command to set the reserved space to 1 percent would therefor look like this:

# tune2fs -m 1 /dev/xvda1

The returned result :

Setting reserved blocks percentage to 1% (393216 blocks)

Keeping in mind that each block is 4096 bytes the above result means the reserved space is:

393216 * 4096 = 1,5 GB

Before you jump of joy I would like to end this article with a few words of caution;

While this is a nice way to get some extra space on your server TAKE EXTREME CARE if you decide to change the settings on the drive that has the / volume or you could end up with a server that even root can’t save when the disk runs out of space. If you have a secondary drive that only holds data, may it be your mp3 collection or family photos, you can set the reserved space to 0percent on that drive. As long as it is NOT the system drive.

Following up on the post on how to loop thru a file and perform an action per line, which you can find here

https://lowendspirit.com/how-to-loop-through-a-file-and-perform-an-action-per-line/

There is a case when this is useful, adding IPs from a text file into iptables and block their access to your VPS or dedicated server.

if you break down this command with its parameters (iptables being the command)

iptables -A INPUT -s XXX.XXX.XXX.XXX -p udp -m udp --dport 28960:28965 -j DROP

Parameter: Explanation
-A: Append this to existing rules
INPUT: The chain where the rule should be added into
-s XXX.XXX.XXX.XXX: -s Sets the source for a particular packet, in this case the ip of XXX.XXX.XXX.XXX
-p udp: -p = Sets the IP protocol for the rule, which can be either icmp, tcp, udp, or all, to match every possible protocol. If this option is omitted when creating a rule, the all option is the default.
-m udp: -m = match option Different network protocols provide specialized matching options which may be set in specific ways to match a particular packet using that protocol. Of course, the protocol must first be specified in the iptables command, such as using -p tcp , to make the options for that protocol available.
–dport 28960:28965: –dport Specifies the destination port of the UDP packet, using the service name, port number, or range of port numbers. The –destination-port match option may be used instead of –dport. To specify a specific range of port numbers, separate the two numbers with a colon (:), such as our example. You may also use an exclamation point character (!) as a flag after the –dport option to tell iptables to match all packets which do not use that network service or port.
-j DROP: -j Tells iptables to jump to a particular target when a packet matches a particular rule. Valid targets to be used include the standard options, ACCEPT, DROP, QUEUE, and RETURN, as well as extended options that are available through modules loaded, such as LOG, MARK, and REJECT, among others. If no target is specified, the packet moves past the rule with no action taken. However, the counter for this rule is still increased by 1, as the packet matched the specified rule. in our example we use DROP — The system that sent the packet is not notified of the failure. The packet is simply removed from the rule checking the chain and discarded.

This command will DROP connections from IP XXX.XXX.XXX.XXX on udp port 28960:28965

If you want to block all connections from a specific IP, no matter what port it tries to connect to, omit the -p -m and --dport parameters. This will look like this

iptables -A INPUT -s XXX.XXX.XXX.XXX -j DROP

You might ask when are we going to loop thru the file?

#!/bin/sh

# This will loop thru the file /ban/banip.txt and add every IP in that 
# file with a DROP to the INPUT chain in iptables.
#
# change the path and file name if required

# you can re-run this file if you are not saving your iptables config 
# between reboots. 
while read blist
do
/sbin/iptables -A INPUT -s $blist -j DROP && sleep 2
echo $blist has been added to your iptables

done < /ban/banip.txt

To add a single IP to the block list in iptables and add the IP to your text file, you could use a simple shell script like this

#!/bin/sh
# Script to add ip
echo -n "Enter the IP to BAN and press [ENTER]:"
read ip
/sbin/iptables -A INPUT -s $ip -j DROP

#keep a record of the banned IP's if you want or comment out
echo $ip >> /ban/banip.txt
# Make sure you use the same path and filename as in the loop script

This is a quick and dirty way to keep a list of IPs you would like to block access from.

I'm sure that the readers have more sophisticated and innovative ways to add their own list of IPs to iptables.

Comment with how you do it and why you do it the way you do.