Monitor linux services using bash script

# Vi check_httpd.sh

#!/bin/sh
run=`ps ax | grep /usr/local/apache/bin/httpd | grep -v grep | cut -c1-5 | paste -s -`
if [ "$run" ];
then
echo “apache is running” > /home/admin/check_httpd.log
else
/usr/local/apache/bin/apachectl -k restart
mail -s “Apache server restarted by check-httpd script ” admin [at]adminlogs[dot]info < /usr/local/apache/logs/error.log
fi

Or ( only for apache )

# Vi check_httpd.sh

#!/bin/sh
cd /tmp
wget adminlogs.info:80
if [ $? -gt 0 ]; then
/usr/local/apache/bin/apachectl -k restart
mail -s “Apache server restarted by check-httpd script ” admin [at]adminlogs[dot]info < /usr/local/apache/logs/error.log
fi

$? contains the return code of the last executed process. -gt means greater than. Usually programs return zero on success or something else on failure

Add the script to crontab ( It will check the status in every 5 minutes )

*/5 * * * * /bin/bash check_httpd.sh

Its worked fine and now I have no worry about that website and getting good sleep :)

Posted in Apache, Linux, Optimize | Leave a comment

CentOs Fix for Bash Bug ( CVE-2014-6271 & CVE-2014-7169 )

Bash, aka the Bourne-Again Shell, has a newly discovered security hole which has been officially documented as CVE-2014-6271 & CVE-2014-7169. And, for many Unix or Linux Web servers, it’s a major problem.

The flaw involves how Bash evaluates environment variables. With specifically crafted variables, a hacker could use this hole to execute shell commands. This, in turn, could render a server vulnerable to ever greater assaults.

 

After couple of days trouble today we got a fix from Centos for the so famous bash security issue ( For known loop holes

CVE-2014-6271 & CVE-2014-7169 )

CentOS 5 Fix :-

* i386:

( sha256sum ) 9755e86ad8536c908f95340be308190b52989bfa0d9268a461c40a3f0d493bc7 : bash-3.2-33.el5_10.4.i386.rpm

* x86_64:

( sha256sum) b1e14edd0d675c6fb0be64cb875fbd9fac208a58e427ea32f373c9359b35642c : bash-3.2-33.el5_10.4.x86_64.rpm

CentOS 6 Fix: -

* x86_64:

http://mirror.centos.org/centos/6/updates/x86_64/Packages/bash-4.1.2-15.el6_5.2.x86_64.rpm

* i386:

http://mirror.centos.org/centos/5/updates/i386/RPMS/bash-3.2-33.el5_10.4.i386.rpm

Test Output : -

[root@ ~]# rpm -qa | grep bash

bash-3.2-32.el5

[root@ ~]# env X='() { (a)= >\’ bash -c “echo date”;

bash: X: line 0: syntax error near unexpected token `=’

bash: X: line 0: `X () { (a)= >\’

bash: error importing function definition for `X’

date

[root@ ~]#

* After updating to latest bash rpm.

[root@ ~]# rpm -qa | grep bash

bash-3.2-33.el5_10.4

[root@ ~]#

[root@ ~]# env X='() { (a)= >\’ bash -c “echo date”;

date

[root@ ~]#

 

Posted in Linux | Leave a comment

shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory

Today I saw an interesting error ,while restarting apache
=======
]# /etc/init.d/httpd restart
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
Stopping httpd: [ OK ]
Starting httpd: shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
[ OK ]
]#
===========
may be you also face this or already faced.
Don’t surprise …Just do a  ” cd  / ”   , or  cd  to any direcotry ..  it will fix the error !!

This happen as the current working directory from which the command was fired does not exits on the server.

Posted in Linux | Leave a comment

Heart Bleeding

One of the Google Security Engineer ( Thanks for Neel Mehta of Google Security and team of security engineers (Riku, Antti and Matti) at Codenomicon for discovering the bug)  reported a serious bug with current openssl  on 3rd of April 2014 . ( TLS heartbeat read overrun (CVE-2014-0160) )

As per openssl , Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. And its advised to upgrade to OpenSSL 1.0.1g ( https://www.openssl.org/source/openssl-1.0.1g.tar.gz )  to fix this issue or recompile affected versions with the option -DOPENSSL_NO_HEARTBEATS.

You may need to recompile other services which are associated with openssl like Apache , nginx , php etc . Also its better to renew your ssl cert’s to make sure everything is safe/fine.

How to Check Whether your server/website is affected or not ?

http://possible.lv/tools/hb

Posted in Linux | Leave a comment

POODLE: SSLv3.0 vulnerability

What is POODLE ?

POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack.

How to Fix ?

At present there is no working patch for this bug . So that Admin needs to manually disable SSLv3 on their servers .

Disable SSLv3 – Apache

1) Add ” SSLProtocol All -SSLv2 -SSLv3 ” to httpd.conf

2) Restart apache service .

Disable SSLv3 – Nginx

1) Add ” ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ” to nginx.conf under ssl section .

2) Restart nginx service .

Disable SSLv3 – PostFix

1) change smtpd_tls_mandatory_protocols to ” smtpd_tls_mandatory_protocols =!SSLv2,!SSLv3 ”

2) Restart postfix server .

Disable SSLv3 - Weblogic

Start weblogic with the following JVM option ” -Dweblogic.security.SSL.protocolVersion=TLS1 ”

How to Diagnose ?

# openssl s_client -connect localhost:443 -ssl3

==> If you have already disabled sslv3 , then the output will be as follows

CONNECTED(00000003)

20888:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1053:SSL alert number 40

20888:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:

==> If you are not disabled the sslv3 and you are getting the following output , then your server is vulnerable to POODLE !!.

CONNECTED(00000003)

depth=0 /C=SomeCountry/ST=SomeState/L=Some Place/O=Example Pte Ltd/OU=Systems/CN=453232-example/emailAddress=info@example.com

verify error:num=18:self signed certificate

verify return:1

depth=0 /C=SomeCountry/ST=SomeState/L=Some Place/O=Example Pte Ltd/OU=Systems/CN=453232-example/emailAddress=info@example.com

verify return:1

Certificate chain

0 s:/C=SomeCountry/ST=SomeState/L=Some Place/O=Example Pte Ltd/OU=Systems/CN=453232-example/emailAddress=info@example.com

i:/C=SomeCountry/ST=SomeState/L=Some Place/O=Example Pte Ltd/OU=Systems/CN=453232-example/emailAddress=info@example.com


 

If you manage an entire data center or a corporate intranet, the problem is a little harder to solve than disabling SSL 3.0 in a browser. Regardless of the mitigation strategy you choose, you need to know which of your servers are currently running SSL 3.0. To that end, here a couple of quick scripts based on open source tools that will help you take control of the situation.

The first script, ssl3_cipher_check.sh, checks a single target for the presence of SSL 3.0 ciphers. The results will be similar to the following:

# ssl3_cipher_check.sh 192.168.1.51 443

Testing 192.168.1.51:443 for support of SSL3.0 ciphers…

NULL-MD5…NO (ssl handshake failure)

NULL-SHA…NO (ssl handshake failure)

EXP-RC4-MD5…NO (ssl handshake failure)

RC4-MD5…NO (ssl handshake failure)

RC4-SHA…NO (ssl handshake failure)

EXP-RC2-CBC-MD5…NO (ssl handshake failure)

IDEA-CBC-SHA…NO (no cipher match)

EXP-DES-CBC-SHA…NO (ssl handshake failure)

DES-CBC-SHA…NO (ssl handshake failure)

DES-CBC3-SHA…YES – SSL 3.0 cipher detected

EXP-DH-DSS-DES-CBC-SHA…NO (no cipher match)

DH-DSS-DES-CBC-SHA…NO (no cipher match)

DH-DSS-DES-CBC3-SHA…NO (no cipher match)

EXP-DH-RSA-DES-CBC-SHA…NO (no cipher match)

DH-RSA-DES-CBC-SHA…NO (no cipher match)

DH-RSA-DES-CBC3-SHA…NO (no cipher match)

EXP-DHE-DSS-DES-CBC-SHA…NO (no cipher match)

DHE-DSS-CBC-SHA…NO (no cipher match)

DHE-DSS-DES-CBC3-SHA…NO (no cipher match)

EXP-DHE-RSA-DES-CBC-SHA…NO (no cipher match)

DHE-RSA-DES-CBC-SHA…NO (no cipher match)

DHE-RSA-DES-CBC3-SHA…NO (no cipher match)

EXP-ADH-RC4-MD5…NO (ssl handshake failure)

ADH-RC4-MD5…NO (ssl handshake failure)

EXP-ADH-DES-CBC-SHA…NO (ssl handshake failure)

ADH-DES-CBC-SHA…NO (ssl handshake failure)

ADH-DES-CBC3-SHA…NO (ssl handshake failure)

SSL3 ciphers were detected on server 192.168.1.51:443

The second script, ssl3_scan.sh, allows you to test an entire network range. Using a network range specified in CIDR notation or a format compatible with nmap, the script detects and checks the standard and alternate ports commonly used for HTTPS on all hosts in the network range. Results will be similar to the following:

# ./ssl3_scan.sh 192.168.1.0/24

Beginning test… please be patient…

192.168.1.17:443 – SSL3.0 ciphers NOT supported

192.168.1.35:443 – SSL3.0 ciphers NOT supported

192.168.1.34:443 – SSL3.0 ciphers NOT supported

192.168.1.51:443 – SSL3.0 ciphers supported

192.168.1.58:443 – SSL3.0 ciphers supported

How you decide to mitigate the risk is a decision you will have to make.

http://www.symantec.com/connect/sites/default/files/ssl3_check_scripts.tar.gz

Posted in Linux | Leave a comment

Setup mysql master slave replication over ssl

Master Server : 10.10.1.1

Slave Server : 10.10.1.2

Confirm your mysql server is compiled/enabled to support ssl connections using the following command

# mysql -u root -p

mysql > show variables like ‘%ssl%’ ;

If you are getting an output some thing like as follows then you can confirm mysql is compiled to support ssl connections

mysql> show variables like ‘%ssl%’;

| have_openssl | DISABLED |

| have_ssl | DISABLED |

The above shows that mysql is compiled with ssl support but it not enabled in the configuration .

Create Certificates

# cd /var/lib/mysql

# mkdir ssl

>>> Create CA Certificate

# openssl genrsa 2048 > ca-key.pem
# openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem

>>> Create Server Certificate

# openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem
# openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem

>>> Create Client Sertificate .

# openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem > client-req.pem
# openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem

Copy the keys to Slave server

# scp ca-cert.pem client-cert.pem client-key.pem root@10.10.1.2:/var/lib/mysql/ssl

Master Side configuration

# vi /etc/my.cnf

#bind-address = 127.0.0.1

ssl

ssl-ca=/var/opt/mysql/ssl/ca-cert.pem

ssl-cert=/var/opt/mysql/ssl/server-cert.pem

ssl-key=/var/opt/mysql/ssl/server-key.pem

binlog-do-db=mydatabase

server-id = 1

log_bin = /var/lib/mysql/mysql-bin.log

Note that server id should be unique here for master its 1.

Restart mysql and confirm now ssl values are showing properly in ” mysql > show variables like ‘%ssl%’ ; ”

# mysql –u root –p

GRANT all privileges ON *.* TO replication@'10.10.1.2' IDENTIFIED BY 'password' REQUIRE SSL;

Slave Side Configuration

# vi /etc/my.cnf

bind-address = 0.0.0.0

server-id=2

master-host=10.10.1.1

master-connect-retry=60

replicate-do-db=mydatabase

replicate_ignore_db=dataold

replicate_ignore_db=data_duplicate

slave-skip-errors=all

relay-log=mysql-relay-bin.log

check master status on the master node

mysql > show master status ;

| File | Position | Binlog_do_db | Binlog_ignore_db | +

| mysql-bin.002 | 80600 | mydatabase | | +

 

Update the log location and Position on Slave

Msql > slave stop;

Mysql > CHANGE MASTER TO MASTER_HOST='10.10.1.1', MASTER_USER='replication', MASTER_PASSWORD='password', MASTER_LOG_FILE=' mysql-bin.002', MASTER_LOG_POS=80600, MASTER_SSL=1, MASTER_SSL_CA = '/var/opt/mysql/ssl/ca-cert.pem', MASTER_SSL_CERT = '/var/opt/mysql/ssl/client-cert.pem', MASTER_SSL_KEY = '/var/opt/mysql/ssl/client-key.pem';

Mysql > slave start ;

Mysql > show slave status \G ;

*************************** 1. row ***************************

Slave_IO_State: Waiting for master to send event

Master_Host: 10.10.1.1

Master_User: replication

Master_Port: 3306

Connect_Retry: 60

Master_Log_File: mysql-bin.000003

Read_Master_Log_Pos: 12345100

Relay_Log_File: mysql-relay-bin.000002

Relay_Log_Pos: 11381900

Relay_Master_Log_File: mysql-bin.000003

Slave_IO_Running: Yes

Slave_SQL_Running: Yes

Replicate_Do_DB: mydatabase

Replicate_Ignore_DB:

The above lines which are marked in green shows that replication is working fine from master to slave.

Posted in Linux, MySQL | Leave a comment

SPAM Whitelisting

Whitelisting can help you to get your emails reach inbox instead of spam folder,

i will teach you now how to whitelist your self on some spam filter systems and some email providers.

First of all you must have a domain which have valid rDNS with your server, and you must have a web site on your domain. This may takes you some time, but i highly recommend you to make a fake marketing agency web site, i know this may sounds unethical and, maybe even, illegal ( okay, it’s hard to believe it could illegal since there is tons of hosting companies, web design agency and so on, which are not registered anywhere ), and you can make some simple looking web site explaining that you are providing email marketing services to your clients. Make sure you make it clear that you have a ZERO tolerance to spam and that all emails you have in your lists are generated by you, bla bla, opt in, bla bla, cpan spam, bla bla, just google some email marketing agency and see what they say :-). This will helps you A LOT to get whitelisted almost anywere.

Deciphering SMTP Errors

The SMTP errors that Gmail provides are key to mapping your path to getting off of Gmail’s blacklist.

For email delivery, the two main error codes are 421 and 550 errors.

421 Errors

421 errors are often temporary blocks. Most email servers will attempt to resend the email if they get a 421 error. If you quickly correct a spam or email flood issue, these blocks may resolve automatically. Left unchecked, Google may decide to block your email entirely.

550 Errors

550 errors are permanent failures. If you scan your logs for 550 errors from Gmail, they will often include links and additional information.

If you have 550 errors, you will likely need to take action before Gmail will remove your server IP address.

Requesting Blacklist Removal

If you do not fix the problem first, your removal request will likely be ignored. You don’t want to give the Gmail team any reason not to approve your request. So make sure everything is in order.

Just so you know …  Google does not want you to contact them.

Their forms are buried behind a series our questions that typically lead nowhere. Most of the time you will start with Gmail’s “My domain is having delivery problems with Gmail” form. As you answer the questions, you will typically end up in a dead-end.

However, with the right sequence of answers, you can eventually wind your way to:

Report a delivery problem between your domain and Gmail.

This is where the action happens.   Complete the form in detail but do not be overly verbose.

Once submitted, you can expect it to take 3-7 days to process. Often, you will not hear back from Gmail. Your email will simply start flowing again – provided you fixed the reason you were blacklisted in the first place.

Bulk Senders

Sometimes you have a lot of email – legitimate email – to send. Google does not clearly define what is bulk email. Typically, you will see an SMTP error code in the 400 series, such as:

421, "4.7.0", Our system has detected an unusual rate of unsolicited mail originating from your IP address. 

To protect our users from spam, mail sent from your IP address has been temporarily blocked. 

Review our Bulk Email Senders Guidelines.

 

If you receive this message, be sure to review Google’s Bulk Sender Guidelines and then complete the Bulk Sender Contact Form.

– AOL WHITELISTENING

URL : http://postmaster.aol.com/cgi-bin/wh…list_guides.pl

It’s very easy to get on their whitelist, but if they get tons of spam complains about your message, you will be removed to blacklist list very fast ^^

– YAHOO WHITELISTENING

URL : http://help.yahoo.com/l/us/yahoo/mai…er/bulkv2.html

It’s hard to get whitelisted on Yahoo, but give it a try.

HOTMAIL WHITELISTENING

URL : https://support.msn.com/eform.aspx?p…rpp&ct=eformts

SPAM FILTERS WHERE YOU CAN ASK FOR WHITELISTENING

http://v4bl.org/

http://www.spamhauswhitelist.com/en/ – only with invite, so it’s almost impossible to get there, but it’s worth if you can

Basically here is the list of, almost, all spam filter systems, so Google their unblacklistening or whitelistening pages :

AHBL
ASPEWS
BACKSCATTERER
BARRACUDA
BBFHL2
BLOCKLIST.DE
BSB
BURNT-TECH
CASA-CBL
CASA-CBLPLUS
CBL
CHOON
DNS-SERVICIOS
EFnet RBL
IMP-SPAM
INPS_DE
INTERSERVER
ivmSIP
ivmSIP24
JIPPG
LASHBACK
MAILSPIKE-BL
MAILSPIKE-Z
NIXSPAM
NOMOREFUNN
PSBL
RATS-Dyna
RATS-NoPtr
RATS-Spam
REDHAWK
SEM-BACKSCATTER
SEM-BLACK
SORBS-DUHL
SORBS-SPAM
SORBS-WEB
SPAMCOP
Spamhaus-ZEN
UCEPROTECTL1
UCEPROTECTL2
UCEPROTECTL3
WPBL
BBFHL1
SWINOG

Tricks to Getting Removed

We work on email delivery issues nearly daily. In our experience, if you do not fix these issues, your chances of getting removed from Gmail or any other blacklist is minimal.

  • Reverse DNS Must Resolve to a Valid Hostname
  • Your Server’s Hostname Must Have a DNS ‘A’ Record
  • Do not blindly forward email to Gmail
  • Make Sure DKIM/SPF are correct
  • Stop the spamming!

You must make sure that whatever triggered the listing in the first place is stopped. If you  do not, you will simply be re-listed.

Posted in Exim, Mail server, Postfix | Leave a comment

How To Rotate IP Address Pool In Linux (Redhat / Centos / Ubuntu / Debian)

You can rotate your Server IP address pool in Linux server by using iptable NAT Postrouting.

I assume you have 8 public IP addresses (x.x.x.1 TO x.x.x.8) configure on Linux postfix server.

Now we rotate only SMPT (port no. 25) traffic, every time SMTP services use different IP address. All 8 IP rotate automatically when your mail server send mail to other user, Every time Linux mail server generate different source address.

 

# iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 8 --packet 0 -j SNAT --to-source  x.x.x.1

# iptables -t nat -I POSTROUTING -m state –state NEW -p tcp –dport 25 -o eth0 -m statistic –mode nth –every 8 –packet 0 -j SNAT –to-source x.x.x.2

# iptables -t nat -I POSTROUTING -m state –state NEW -p tcp –dport 25 -o eth0 -m statistic –mode nth –every 8 –packet 0 -j SNAT –to-source x.x.x.3

# iptables -t nat -I POSTROUTING -m state –state NEW -p tcp –dport 25 -o eth0 -m statistic –mode nth –every 8 –packet 0 -j SNAT –to-source x.x.x.4

# iptables -t nat -I POSTROUTING -m state –state NEW -p tcp –dport 25 -o eth0 -m statistic –mode nth –every 8 –packet 0 -j SNAT –to-source x.x.x.5

# iptables -t nat -I POSTROUTING -m state –state NEW -p tcp –dport 25 -o eth0 -m statistic –mode nth –every 8 –packet 0 -j SNAT –to-source x.x.x.6

# iptables -t nat -I POSTROUTING -m state –state NEW -p tcp –dport 25 -o eth0 -m statistic –mode nth –every 8 –packet 0 -j SNAT –to-source x.x.x.7

# iptables -t nat -I POSTROUTING -m state –state NEW -p tcp –dport 25 -o eth0 -m statistic –mode nth –every 8 –packet 0 -j SNAT –to-source x.x.x.8

So as per requirement of services you can rotate your whole IP address pool or multiple ip address with different different service port number.

Now if you send 8 mail then all 8 mail have different source address and then it roll over again in the sequence of 1 to 8.

 

Posted in Exim, Linux, Mail server, Plesk, Postfix | Leave a comment

Install FFmpeg on CentOS or RedHat EL 6.x

Install FFmpeg on CentOS or RedHat EL 6.x

If you are upgrading from a previous version of Razuna you should always update your ImageMagick, Exiftool and  Ffmpeg installation!

 

The following install steps have been proven to work on RedHat Enterprise Linux 6.2 and 6.5. You can check which version you are running with

cat /etc/redhat-release

Additionally, we assume that you are connected and registered with the Red Hat network and/or updated the system with the latest updates from the repositories.

Follow this guide step by step!

Install the additional repo

rpm -Uhv http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

Update repository

yum -y update

Install all necessary packages

yum install glibc gcc gcc-c++ autoconf automake libtool git make nasm pkgconfig
yum install SDL-devel a52dec a52dec-devel alsa-lib-devel faac faac-devel faad2 faad2-devel
yum install freetype-devel giflib gsm gsm-devel imlib2 imlib2-devel lame lame-devel libICE-devel libSM-devel libX11-devel
yum install libXau-devel libXdmcp-devel libXext-devel libXrandr-devel libXrender-devel libXt-devel
yum install libogg libvorbis vorbis-tools mesa-libGL-devel mesa-libGLU-devel xorg-x11-proto-devel zlib-devel
yum install libtheora theora-tools
yum install ncurses-devel
yum install libdc1394 libdc1394-devel
yum install amrnb-devel amrwb-devel opencore-amr-devel 

Install xvid

cd /opt
wget http://downloads.xvid.org/downloads/xvidcore-1.3.2.tar.gz
tar xzvf xvidcore-1.3.2.tar.gz
cd xvidcore/build/generic
./configure --prefix="$HOME/ffmpeg_build"
make
make install

Install LibOgg

cd /opt
wget http://downloads.xiph.org/releases/ogg/libogg-1.3.1.tar.gz
tar xzvf libogg-1.3.1.tar.gz
cd libogg-1.3.1
./configure --prefix="$HOME/ffmpeg_build" --disable-shared
make
make install

Install Libvorbis

cd /opt
wget http://downloads.xiph.org/releases/vorbis/libvorbis-1.3.4.tar.gz
tar xzvf libvorbis-1.3.4.tar.gz
cd libvorbis-1.3.4
./configure --prefix="$HOME/ffmpeg_build" --with-ogg="$HOME/ffmpeg_build" --disable-shared
make
make install

Install Libtheora

cd /opt
wget http://downloads.xiph.org/releases/theora/libtheora-1.1.1.tar.gz
tar xzvf libtheora-1.1.1.tar.gz
cd libtheora-1.1.1
./configure --prefix="$HOME/ffmpeg_build" --with-ogg="$HOME/ffmpeg_build" --disable-examples --disable-shared --disable-sdltest --disable-vorbistest
make
make install

Install Aacenc

cd /opt
wget http://downloads.sourceforge.net/opencore-amr/vo-aacenc-0.1.2.tar.gz
tar xzvf vo-aacenc-0.1.2.tar.gz
cd vo-aacenc-0.1.2
./configure --prefix="$HOME/ffmpeg_build" --disable-shared
make
make install

Install Yasm

yum remove yasm
cd /opt
wget http://www.tortall.net/projects/yasm/releases/yasm-1.2.0.tar.gz
tar xzfv yasm-1.2.0.tar.gz
cd yasm-1.2.0
./configure --prefix="$HOME/ffmpeg_build" --bindir="$HOME/bin"
make
make install
export "PATH=$PATH:$HOME/bin" 

Install Libvpx

cd /opt
git clone http://git.chromium.org/webm/libvpx.git
cd libvpx
git checkout tags/v.1.3.0
./configure --prefix="$HOME/ffmpeg_build" --disable-examples
make
make install

Install X264

cd /opt
git clone git://git.videolan.org/x264.git
cd x264
./configure --prefix="$HOME/ffmpeg_build" --bindir="$HOME/bin" --enable-static 
make
make install

Note: (Sometimes the network might be down. Then you can also grab it via wget at ftp://ftp.videolan.org/pub/videolan/x264/snapshots/last_stable_x264.tar.bz2) and then use “tar xvjf last_xxx” to extract.

Configure Libraries

export LD_LIBRARY_PATH=/usr/local/lib/
echo /usr/local/lib >> /etc/ld.so.conf.d/custom-libs.conf
ldconfig

Compile FFmpeg (the configure options have to be on one line)

cd /opt
git clone git://source.ffmpeg.org/ffmpeg.git
cd ffmpeg
git checkout release/2.2
PKG_CONFIG_PATH="$HOME/ffmpeg_build/lib/pkgconfig"
export PKG_CONFIG_PATH
./configure --prefix="$HOME/ffmpeg_build" --extra-cflags="-I$HOME/ffmpeg_build/include" --extra-ldflags="-L$HOME/ffmpeg_build/lib" --bindir="$HOME/bin" \
--extra-libs=-ldl --enable-version3 --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libvpx --enable-libfaac \
--enable-libmp3lame --enable-libtheora --enable-libvorbis --enable-libx264 --enable-libvo-aacenc --enable-libxvid --disable-ffplay \
--enable-gpl --enable-postproc --enable-nonfree --enable-avfilter --enable-pthreads
make
make install

(The –arch=x86_64 option should only be used if you are on a 64Bit System!)

You can also use their Github repository at https://github.com/FFmpeg/FFmpeg.git.

That’s it. This should give you a full functional FFMpeg installation for Razuna. Test it now with;

ffmpeg

This should give you the following back (yours might vary a bit);

ffmpeg version 2.2 Copyright (c) 2000-2014 the FFmpeg developers
  built on Mar 28 2014 01:28:21 with gcc 4.4.7 (GCC) 20120313 (Red Hat 4.4.7-4)
  configuration: --enable-version3 --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libvpx --enable-libfaac --enable-libmp3lame --enable-libtheora --enable-libvorbis --enable-libx264 --enable-libvo-aacenc --enable-libxvid --disable-ffplay --enable-shared --enable-gpl --enable-postproc --enable-nonfree --enable-avfilter --enable-pthreads --extra-cflags=-fPIC
  libavutil      52. 66.100 / 52. 66.100
  libavcodec     55. 52.102 / 55. 52.102
  libavformat    55. 33.100 / 55. 33.100
  libavdevice    55. 10.100 / 55. 10.100
  libavfilter     42.100 42.100
  libswscale      25.102 25.102
  libswresample   0. 18.100 0. 18.100
  libpostproc    523.100 / 523.100
Hyper fast Audio and Video encoder
usage: ffmpeg [options] [[infile options] -i infile]... {[outfile options] outfile}...

Try to convert a movie with;

ffmpeg -i movie.mov -vcodec libx264 -vpre hq -acodec libfaac movie.mp4

Troubleshoot

It could be that you run into issues with a message of “ffmpeg: error while loading shared libraries….:. This simply means that it can’t find the required libraries, in short you need to add them to the linked library configuration.

Check what libraries are missing with:

ldd `which ffmpeg`

This will give you a list of libraries ffmpeg is using. If any of them are marked with “not found” then search for the missing library in question, e.g. “libswresample.so.0″ with:

find / -name libswresample.so.0

Once you have the path simply add it to /etc/ld.so.conf and issue a “ldconfig”.

This should get you ffmpeg up and running.

 

If you have problems with swscale while compiling
Try to get swscale sperate from svn tree

cd ffmpeg
cd libswscale
svn switch svn://svn.ffmpeg.org/mplayer/trunk/libswscale -r 29857

than just try to compile ffmpeg again

You can also try to

git clone https://github.com/FFmpeg/FFmpeg.git ffmpeg

wget http://www.mplayerhq.hu/MPlayer/releases/codecs/all-20110131.tar.bz2

wget ftp://ftp.videolan.org/pub/videolan/x264/snapshots/x264-snapshot-20120412-2245.tar.bz2

cd ffmpeg
./configure –enable-gpl –enable-nonfree –enable-postproc –enable-avfilter –enable-pthreads –enable-libxvid –enable-libx264 –enable-libmp3lame –enable-libfaac –disable-ffserver –disable-ffplay –enable-libvorbis –disable-ffplay –enable-shared –arch=x86_64

 

 

Posted in Apache, Linux | Leave a comment