Category Archives: Tutorials

HOWTO: Upgrade Debian Lenny (5.0) to Debian Squeeze (6.0) on

Here are the working upgrade instructions from Lenny to Squeeze (Debian 6) on

Disclaimer: please test this yourself first on a NON PRODUCTION SERVER. this may or may not work with other server providers but is specifically tailored to the system, I do not guarantee its results outside of my tested system (OnApp Cloud – LON-I from a stock Debian Lenny install).

UPDATE: have now released Debian 6 templates on there clouds however upon testing this i have noted several issues with it and as such although it makes the install of debian 6 easier on i am not however recommending using the Debian 6 templates that until they fix the bugs with them – the biggest problem so far is that you cant update the kernel without a fatal error which will occure everytime you use apt to run any updates (which you should be doing regularly), there are also issues with sub-optimal mirrors being selected and at least from what i can see wrong timezone by default in LON clouds. At this time because of the kernel update issue you cannot install ksplice and possibly any program that uses a shell script that interacts with apt for installing.

Other notes: Ksplice is known to work with Debian Squeeze, also despite having success on the older clouds (eg LON-C) I havent been able to document possible pitfalls with non OnApp based clouds therefore its recommended to first TEST your upgrade in any instance and/or migrate to the newer clouds if you can. I assume you can SSH in as root to your server and can handle basic file editing with nano (substitute your preferred text editor as neccesary)

Here goes:

Fully update your lenny system (recommended to avoid some possible gpg errors).

apt-get update && apt-get upgrade

I recommend rebooting here just as a safety measure.


Reconnect to your server then update your apt sources list.

nano /etc/apt/sources.list

Your sources list should look not to different to the following (for UK servers) update the references appropriately to get the closest mirrors to you:

deb squeeze main
deb-src squeeze main

deb squeeze/updates main
deb-src squeeze/updates main

deb squeeze-updates main
deb-src squeeze-updates main

Update the package lists.

apt-get update

Install locales update (to stop lots of annoying errors while upgrading).

apt-get install locales

Update the kernel and install udev first.

apt-get install linux-image-`uname -r|sed 's,[^-]*-[^-]*-,,'` udev


When asked for change to UUID’s – select NO

Now edit your /boot/grub/menu.lst and edit any reference of sda1 to xvda1 (should be 3 of them).

also edit your /etc/fstab file and change an references from sdaX to xvdaX  (should only be 2 items)

Then reboot again.


Reconnect to your server and check your kernel version.

uname -r

Should return something starting with 2.6.32 similar to:


Then the final upgrade.

apt-get dist-upgrade

When you are asked for options.

Change to dash – doesnt matter which is chosen this can be whatever you prefer.

Chainload grub 2 – NO.

Change to dependancy based sequencing (i selected both and its fine).

Restart services just hit enter.

Reboot for good luck (isnt actually needed because kernel is already up to date but better to eliminate issues ahead of crunch time).


Sit back and Enjoy!

Email alerts whenever someone logs into root via SSH

Want to be notified instantly when someone logs into your server as root? No problem. there was recently a discussion over on the forums after an incident where a user had had several of there servers logged into as root by an unknown source (since resolved) a helpful user (R4Z0R49) posted this helpful guide and I have cleaned it up and added some further notes and caveats.

While I wouldn’t recommend allowing root logins over SSH and prefer to setup non root accounts with sudo access, sometimes for one reason or another, root over ssh is needed. This guide should also log su logins to root as well, because by using su you login to that users enviroment and it loads the users environment which then calls the same file that loads stuff like variables and paths when you login over ssh so you should also get an email in this instance too.

Check out this nice tutorial on email notification for root logins. Keeping track of who logs into your server and when is very important, especially when you’re dealing with the super user account. We recommend that you use an email address not hosted on the server your sending the alert from.

To carry out this tutorial you need to have root level access to your server in some form or another, I assume you have already logged in as root or otherwise escalated your privileges to root level, I will also assume you use the nano text editor, feel free to use any other editor you are comfortable with such as vi or otherwise.

It is recommended to have mailx installed to send the emails, depending on your system you can install it with either one of the following commands on debian/ubuntu (apt) or centos(yum) systems respectively.

apt-get install mailx
yum install mailx

Now we need to make sure we are in root’s home directory (this should be the same on all linux systems)

cd /root

We now want to edit the .bashrc file to add some code to do the emailing this file is the environment file and pretty much all servers use bash for the root user by default. This file will set local environment variables for the user and can also perform some other cool login tasks like we are going to do below – NOTE: .bashrc is a hidden file so you wont normally see this by doing a normal ls command in this directory, if you want to see it on ls you need to use the -a flag to view all files.

nano .bashrc

At the bottom of the file we want to add the following line, replacing YourserverName with a suitable name for your server (I find the system hostname is often the easiest to distinguish particularly if you have several servers) and change [email protected] to a suitable email address – I would recommend using an email address not hosted on the server as it could be intercepted by someone if they were aware of such a system being in place (now is a great time to use google apps!)

echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" [email protected]

Save and exit the file by pressing Crtl + X and then Y, then hitting Enter

Now logout of SSH, close the connection and log back in! You should receive an email address of the root login alert a few minutes afterwards.


You can do this for any user you want to get email alerts on login for, assuming they are assigned the bash shell then edit there .bashrc file which should be found in /home/username/.bashrc.

If you want to do this for all users you have 2 options. either edit /etc/profile instead of .bashrc or install CSF & LFD and set it up as it has an SSH and SU login detection system that will email upon login without having to make these profile changes. I shall put up a post on how to install and setup CSF & LFD in a further blog post.

DotDeb updates: Repo now GPG signed!

i know its actually slightly older news but its worth sharing anyway, the DotDeb repositories are now GPG signed so you can be more assured that the mirrors are as safe and secure as the central mirror and you also dont have to worry about the this repository is not encrypted/signed error any more. am writing an update from my old tutorial which can be found here basically because i have fielded quite a few questions from people wondering if the uk mirror was broke or something because it needed the gpg key now. as always latest instructions for the DotDeb mirrors can be found over at below is a tutorial for debian users to add the UK mirrors into your system, it is totally interchangeable with the other dotdeb mirrors, just switch the URL’s for your required mirror. In other related news, over the weekend I successfully moved the UK mirror over onto the new SAN 2.0 infrastructure at so it should be twice as redundant now!

for this guide i am assuming you are logged in to ssh at root level or ssh’ed in and using sudo su to operate at root level and have nano installed on debian (any debian image works)

first off you need to edit your sources list

nano /etc/apt/sources.list

in this file you will see lots of lines beginning in deb or deb-src these are the other repositories your server will connect to for updates, you do not need to touch these. press the down arrow until you get to the bottom, for ease of reading create a new line and then either type or copy and paste in the following code to add the dotdeb repositories to apt

deb stable all
deb-src stable all

note if you are outside the UK you may experience better results by using another mirror repo of which the listing can be found at :

once that is done press control-x to exit and say y to save changes

and hit enter to save as the same file name, this should send you back to the shell

you will then need to fetch the GPG key and add it into the apt system

gpg --keyserver --recv-key 89DF5277

gpg -a --export 89DF5277 | apt-key add -

NOTE: if you use a firewall like CSF and it also blocks outgoing ports, be sure to trust the server or allow the tcp outgoing port of: 11371 through the firewall

now type

apt-get update

this will update apt with all the package lists and tell it about the new packages available

now you can type

apt-get upgrade

for me and i suspect for all users it will update all your php packages with the latest 5.2.14 (at time of writing) from dotdeb
but not mysql. i am not quite sure why this is the case but it may be because the virtual packages are already installed so you have to “reinstall” them to update them to the new ones.

BEFORE you do this however, if like me you like to retain your current config files and then merge changes down to it rather than make your tweaks to a new file you will hit a bug, the latest version of mysql has now fully stopped supporting Berkeley databases, in the 5.0.51a release with debian this support is disabled which is fine but if you try to update, mysql will fail to start and therefore error out your upgrade/install because it reads an invalid configuration (but it doesnt tell you this when it happens). all you have to do is edit your mysql config file (most commonly found on debian in /etc/mysql/my.cnf) and comment out the line


as the latest version of mysql doesnt support it, now you should be able to run

apt-get install mysql-server mysql-client

to reinstall the packages from the new 5.1 branch from dotdeb with no problems at all

some quirks from this though

in order to prevent against segfaults with apache the php5-mysql module has been compiled against the old mysql libraries this means that php will report your mysql client as 5.0.51a where it is actually 5.1.50 (at time of writing) this shouldnt cause any problems and i have only seen so far that phpmyadmin complains but doesnt have any problems.

also apache is not yet included in the repository, neither is lighttpd or nginx, hopefully this will change soon and the above quirk will no longer be seen

if you want php5.3 its currently stored in a seperate repository because the author thinks that its still too early days to be using php 5.3 widely on production servers personally i think this a good call but if you want to use php 5.3 you will need to add the following repos as well as the basic ones

deb stable all
deb-src stable all

for more info regarding php5.3 and dotdeb check here: but they are now at php 5.3.3 which also includes php-FPM 🙂