Hardening your TCP/IP Stack Against SYN Floods

Denial of service (DoS) attacks launch via SYN floods can be very problematic for servers that are not properly configured to handle them. Proper firewall filtering policies are certainly usually the first line of defense, however the Linux kernel can also be hardened against these types of attacks. This type of hardening is useful for SYN floods that attempt to overload a particular service with requests (such as http) as opposed to one that intends to saturate the server’s network connection, for which a firewall is needed to guard against.

Definition of a SYN Flood

TCP connections are established using a 3-way handshake. Attackers desiring to start a SYN flood will spoof their IP address in the header of the SYN packet sent to the server, so that when the server responds with it’s SYN-ACK packet, it never reaches the destination (from which an ACK would be sent and the connection established). The server leaves these unestablished connections in a queue for a pre-determined period of time after which they are simply discarded. However if enough of these “fake” connections gum up the queue (backlog) , it can prevent new, legitimate requests from being handled. Linux has a relatively small backlog queue by default, and keeps half-open requests in the queue for up to 3 minutes! Thus the need for tweaking the way the Linux kernel handles these requests is born.

Protecting your Server

First, we’ll set the variables to be active immediately:

echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 3 > /proc/sys/net/ipv4/tcp_synack_retries

This sets the kernel to use the SYN cookies mechanism, use a backlog queue size of 2048 connections, and the amount of time to keep half-open connections in the queue (3 equates to roughly 45 seconds).

Making the Changes Persist

To make these changes persist over consecutive reboots, we need to tell the sysctl system about these modified parameters. We use the /etc/sysctl.conf file to do so. We will add the following lines to the bottom of the file:

# TCP SYN Flood Protection
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 3

Source : http://www.servernoobs.com/hardening-your-tcpip-stack-against-syn-floods/

Call “HostStorageSystem.ComputeDiskPartitionInfo” for object “storageSystem” on ESXi failed

On an internal VMware server we have for development machines we increased storage using a spare disk, but shortly after rebooting we received the following error: Call "HostStorageSystem.ComputeDiskPartitionInfo" for object "storageSystem" on ESXi "192.168.xxx.xxx" failed. It appears from searching around that ESXi is not correctly wiping the disk when it says it does.

Step 1 is to enable SSH access through theESXi console so that you can remotely access the server using something like PuTTY.

Step 2: Now try and find the name of the local disk:

~ # esxcfg-scsidevs -l

mpx.vmhba1:C0:T0:L0
   Device Type: CD-ROM
   Size: 0 MB
   Display Name: Local LG CD-ROM (mpx.vmhba1:C0:T0:L0)
   Multipath Plugin: NMP
   Console Device: /vmfs/devices/cdrom/mpx.vmhba1:C0:T0:L0
   Devfs Path: /vmfs/devices/cdrom/mpx.vmhba1:C0:T0:L0
   Vendor: LG        Model: CD-ROM CRD-8521B  Revis: 1.03
   SCSI Level: 5  Is Pseudo: false Status: on
   Is RDM Capable: false Is Removable: true
   Is Local: true  Is SSD: false
   Other Names:
      vml.0005000000766d686261313a303a30
   VAAI Status: unsupported
t10.ATA_____ST31000520AS________________________________________9VX0JTG0
   Device Type: Direct-Access
   Size: 953869 MB
   Display Name: Local ATA Disk (t10.ATA_____ST31000520AS________________________________________9VX0JTG0)
   Multipath Plugin: NMP
   Console Device: /vmfs/devices/disks/t10.ATA_____ST31000520AS________________________________________9VX0JTG0
   Devfs Path: /vmfs/devices/disks/t10.ATA_____ST31000520AS________________________________________9VX0JTG0
   Vendor: ATA       Model: ST31000520AS      Revis: CC32
   SCSI Level: 5  Is Pseudo: false Status: on
   Is RDM Capable: false Is Removable: false
   Is Local: true  Is SSD: false
   Other Names:
      vml.0100000000202020202020202020202020395658304a544730535433313030
   VAAI Status: unknown
t10.ATA_____WDC_WD2500JS2D75NCB3__________________________WD2DWMANK6029875
   Device Type: Direct-Access
   Size: 238418 MB
   Display Name: Local ATA Disk (t10.ATA_____WDC_WD2500JS2D75NCB3__________________________WD2DWMANK6029875)
   Multipath Plugin: NMP
   Console Device: /vmfs/devices/disks/t10.ATA_____WDC_WD2500JS2D75NCB3__________________________WD2DWMANK6029875
   Devfs Path: /vmfs/devices/disks/t10.ATA_____WDC_WD2500JS2D75NCB3__________________________WD2DWMANK6029875
   Vendor: ATA       Model: WDC WD2500JS-75N  Revis: 10.0
   SCSI Level: 5  Is Pseudo: false Status: on
   Is RDM Capable: false Is Removable: false
   Is Local: true  Is SSD: false
   Other Names:
      vml.0100000000202020202057442d574d414e4b36303239383735574443205744
   VAAI Status: unknown

Then you can see the partitions (the first line shows disk information rather than being the first partition):

# partedUtil get /dev/disks/t10.ATA_____WDC_WD2500JS2D75NCB3__________________________WD2DWMANK6029875

30394 255 63 488281250
1 63 488281247 165 128

("1" is partition number)

Now you should be able to delete the partition using: (important thing… you need to put partition # that you going to delete)

# partedUtil delete /dev/disks/t10.ATA_____WDC_WD2500JS2D75NCB3__________________________WD2DWMANK6029875 1

You can double check its been deleted by running the partedUtil command again:

~ # partedUtil get /dev/disks/t10.ATA_____WDC_WD2500JS2D75NCB3__________________________WD2DWMANK6029875
30394 255 63 488281250

Now when you run the VSphere Client the disk should be successfully created.

Source this post : http://daniel-farm.com/call-hoststoragesystem-computediskpartitioninfo-object-storagesystem-esxi-failed/

How to Setup a Firewall with UFW

Introduction

---

One of the first lines of defense in securing your cloud server is a functioning firewall. In the past, this was often done through complicated and arcane utilities. There is a lot of functionality built into these utilities, iptables being the most popular nowadays, but they require a decent effort on behalf of the user to learn and understand them. Firewall rules are not something you want yourself second-guessing. To this end, UFW is a considerably easier-to-use alternative.

What is UFW?

---

UFW, or Uncomplicated Firewall, is a front-end to iptables. Its main goal is to make managing your firewall drop-dead simple and to provide an easy-to-use interface. It’s well-supported and popular in the Linux community—even installed by default in a lot of distros. As such, it’s a great way to get started securing your sever.

Before We Get Started

---

First, obviously, you want to make sure UFW is installed. It should be installed by default in Ubuntu, but if for some reason it’s not, you can install the package using aptitude or apt-get using the following commands:

sudo aptitude install ufw

or

sudo apt-get install ufw

Check the Status

---

You can check the status of UFW by typing:

sudo ufw status

Right now, it will probably tell you it is inactive. Whenever ufw is active, you’ll get a listing of the current rules that looks similar to this:

Status: active

To               Action      From

--               ------      ----

22               ALLOW       Anywhere

Set Up Defaults

---

One of the things that will make setting up any firewall easier is to define some default rules for allowing and denying connections. UFW’s defaults are to deny all incoming connections and allow all outgoing connections. This means anyone trying to reach your cloud server would not be able to connect, while any application within the server would be able to reach the outside world. To set the defaults used by UFW, you would use the following commands:

sudo ufw default deny incoming

and

sudo ufw default allow outgoing

Note: if you want to be a little bit more restrictive, you can also deny all outgoing requests as well. The necessity of this is debatable, but if you have a public-facing cloud server, it could help prevent against any kind of remote shell connections. It does make your firewall more cumbersome to manage because you’ll have to set up rules for all outgoing connections as well. You can set this as the default with the following:

sudo ufw default deny outgoing

Allow Connections

---

The syntax is pretty simple. You change the firewall rules by issuing commands in the terminal. If we turned on our firewall now, it would deny all incoming connections. If you’re connected over SSH to your cloud server, that would be a problem because you would be locked out of your server. Let’s enable SSH connections to our server to prevent that from happening:

sudo ufw allow ssh

As you can see, the syntax for adding services is pretty simple. UFW comes with some defaults for common uses. Our SSH command above is one example. It’s basically just shorthand for:

sudo ufw allow 22/tcp

This command allows a connection on port 22 using the TCP protocol. If our SSH server is running on port 2222, we could enable connections with the following command:

sudo ufw allow 2222/tcp

Other Connections We Might Need

---

Now is a good time to allow some other connections we might need. If we’re securing a web server with FTP access, we might need these commands:

sudo ufw allow www or sudo ufw allow 80/tcp

sudo ufw allow ftp or sudo ufw allow 21/tcp

You mileage will vary on what ports and services you need to open. There will probably be a bit of testing necessary. In addition, you want to make sure you leave your SSH connection allowed.

Port Ranges

---

You can also specify port ranges with UFW. To allow ports 1000 through 2000, use the command:

sudo ufw allow 1000:2000/tcp

If you want UDP:

sudo ufw allow 1000:2000/udp

IP Addresses

---

You can also specify IP addresses. For example, if I wanted to allow connections from a specific IP address (say my work or home address), I’d use this command:

sudo ufw allow from 192.168.255.255

Denying Connections

---

Our default set up is to deny all incoming connections. This makes the firewall rules easier to administer since we are only selectively allowing certain ports and IP addresses through. However, if you want to flip it and open up all your server’s ports (not recommended), you could allow all connections and then restrictively deny ports you didn’t want to give access to by replacing “allow” with “deny” in the commands above. For example:

sudo ufw allow 80/tcp

would allow access to port 80 while:

sudo ufw deny 80/tcp

would deny access to port 80.

Deleting Rules

---

There are two options to delete rules. The most straightforward one is to use the following syntax:

sudo ufw delete allow ssh

As you can see, we use the command “delete” and input the rules you want to eliminate after that. Other examples include:

sudo ufw delete allow 80/tcp

or

sudo ufw delete allow 1000:2000/tcp

This can get tricky when you have rules that are long and complex. A simpler, two-step alternative is to type:

sudo ufw status numbered

which will have UFW list out all the current rules in a numbered list. Then, we issue the command:

sudo ufw delete [number]

where “[number]” is the line number from the previous command.

Turn It On

---

After we’ve gotten UFW to where we want it, we can turn it on using this command (remember: if you’re connecting via SSH, make sure you’ve set your SSH port, commonly port 22, to be allowed to receive connections):

sudo ufw enable

You should see the command prompt again if it all went well. You can check the status of your rules now by typing:

sudo ufw status

or

sudo ufw status verbose

for the most thorough display.

To turn UFW off, use the following command:

sudo ufw disable

Reset Everything

---

If, for whatever reason, you need to reset your cloud server’s rules to their default settings, you can do this by typing this command:

sudo ufw reset

Conclusion

---

You should now have a cloud server that is configured properly to restrict access to a subset of ports or IP addresses.

Source : https://www.digitalocean.com/community/articles/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server

Update BIOS Motherboard GA-H61M-D2-B3

1. @BIOS Introduction2. @BIOS download (For X79 Chipset motherboards)     @BIOS download 3.Before you start.....   I. If your system supports Intel Hyper-Threading technology, please kindly disable the function in the BIOS.   II. Please close all applications and TSR (such as anti-virus program) under Windows to avoid unexpect error whiling BIOS update. 4.Methods and steps :     I. Save BIOS In the very beginning, there is "Save Current BIOS" icon shown in dialog box. It means to save the current BIOS version.     II. Update BIOS through Internet a. Click "Internet Update" icon b. Click "Update New BIOS" icon c. Select @BIOS sever ( "GIGABYTE @BIOS server 1 in Taiwan" , "GIGABYTE @BIOS server 2 in Taiwan" , "GIGABYTE @BIOS server in China" , "GIGABYTE @BIOS server in Japan" , "GIGABYTE @BIOS server in USA" are available for now, the others will be completed soon) d. Select the exact model name on your motherboard e. System will automatically download and update the BIOS.     III. Update BIOS NOT through Internet : a. Do not click "Internet Update" icon b. Click "Update New BIOS" c. Please select "All Files" in dialog box while opening the old file. d. Please search for BIOS unzip file, downloading from internet or any other methods (such as: 6OXM7E.F1). e. Complete update process following the instruction. 5. Note :  a. In method I, if it shows two or more motherboard's model names to be selected, please make sure your motherboard's model name again. Selecting wrong model name will cause the system unbooted. b. In method II, be sure that motherboard's model name in BIOS unzip file are the same as your motherboard's. Otherwise, your system won't boot. c. In method I, if the BIOS file you need cannot be found in @BIOS server, please go onto GIGABYTE's web site for downloading and updating it according to method II. d. Please note that any interruption during updating will cause system unbooted. e. GIGABYTE Technology Co., Ltd is not responsible for damages of system because of non-correct process of updating FlashBIOS" to avoid any claims from end-users. Download BIOS file update in here = http://www.gigabyte.com/products/product-page.aspx?pid=3773#bios

Activating Swap Failed on Debian

Recently, on a very fresh install of Debian Squeeze I’ve noticed that on boot, the log said “Activating Swap… FAILED“.

A look into /etc/fstab brought up nothing helpful: UUID=xyz none  swap    sw 0 0 seemed okay. So as it seems there was an error with the volume that was listed as swap.

Then, listing partitions with fdisk -l showed that there was no swap.

swapon -a -v gave me:

swapon on /dev/sda5
swapon: /dev/sda5: found swap signature: version 1, page-size 4, same byte order
swapon: /dev/sda5: pagesize=4096, swapsize=3016753152, devsize=3007315968
swapon: /dev/sda5: last_page 0xb3d00000 is larger than actual size of swapspace
swapon: /dev/sda5: swapon failed: Invalid argument

Looks like something corrupted my swap. Or the swap might not be formatted. Thus, I created/formatted it anew with:

mkswap /dev/sda5

which gave the device a new UUID. After adding the new UUID to /etc/fstab the swapon command worked and swap was there. Looking at the boot sequence is a todo.
All this might have resulted from a strange hiccup before I possibly never will find out about.
 

Source : http://linux.goeszen.com/activating-swap-failed-on-debian-squeeze.html

How to set up Munin Server Monitoring

Munin is an excellent tool for monitoring the status of your server. Munin highlighted it's usefulness to us when trying to diagnose a recent problem with one of our servers.

There are two components to Munin, Munin Server and Munin Node. The Munin Server stores all of the data and presents it for viewing as a web page as well as keeping a track of which nodes are being monitored. The Munin Node runs as a service on the server that is being monitored, collects all of the required data and sends it back to the server.

In this article I am going to assume that we are running 2 servers, both Ubuntu 12.04.

Munin Server - munin-server.example.com
Munin Node - munin-node.example.com
Setting up Munin Server (munin-server.example.com)

First of all you will need to be running Apache so that the results pages can be viewed. All commands in the article should be run as the root user.

apt-get install apache2

Now we can install the munin server:

apt-get install munin

Now we need to configure apache to serve up the reports. You can add these directives to your global apache config file found at /etc/apache2/apache2.conf or if you only want munin to be accessible on a single virtual host you can add these directives to that single virtual host config. We will also configure the reports to be protected from public reading using basic HTTP Authentication.

Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/www>
       Order allow,deny
       Allow from all
       Options None
       AllowOverride None

       AuthUserFile /etc/munin/munin-htpasswd
       AuthName "Munin"
       AuthType Basic
       require valid-user

       <ifmodule mod_expires.c="">
               ExpiresActive On
               ExpiresDefault M310
      </ifmodule>
</Directory>

The Expires rules are set to make sure that your browser doesn't cache any of the images that are generated so that you are always viewing up to date data.

Finally we need to create a user (munin) to view the Munin reports pages with:

htpasswd -c /etc/munin/munin-htpasswd munin

After you are prompted to enter your password then restart apache and the server is configured.

service apache2 restart

You can access the stats by going to http://munin-server.example.com/munin but first we need to set up a node so that we actually have some statistics to view.

Setting up Munin Node

First we need to make the Munin Server aware of the node so add the following to /etc/munin/munin.conf on the Munin Server

[munin-node.example.com]
    address munin-node.example.com
    use_node_name yes

You can add as many of these entries as you like for each server you wish to monitor.

No we need to install Munin Node on the server we wish to monitor. The following configuration is all done on the Munin Node server.

apt-get install munin-node

Then we must allow the server to connect and get results so add the following line to /etc/munin/munin-node.conf

allow ^123\.123\.123\.123$

Where the IP address of the Munin Server is 123.123.123.123. You will also need to make sure that your firewall is also permitting connections from the server on port 4949.

Now restart the node and after a few minutes you should start to see your stats appearing on the server report pages.

service munin-node restart

Reference : http://superrb.com/blog/2013/08/01/how-to-set-up-munin-server-monitoring-on-ubuntu

IT Link

How_to_splunk_log_analyzer_tutorial

http://mewbies.com/how_to_splunk_log_analyzer_tutorial.htm

Install OpenVZ Web Panel

OpenVZ Web Panel is a GUI web-based frontend for controlling of the hardware and virtual servers with the OpenVZ.

 Install OpenVZ Web Panel  on Debian:

wget http://ovz-web-panel.googlecode.com/svn/installer/ai.sh
chmod +x ai.sh
./ai.sh

Now the web panel will install automatically on your server:

Installation finished.
Product was installed into: /opt/ovz-web-panel/
Starting services…
Starting OpenVZ Web Panel
Starting watchdog daemon…
=> Booting WEBrick…
=> Rails 2.2.2 application started on http://0.0.0.0:3000
[2012-03-02 17:57:30] INFO  WEBrick 1.3.1
[2012-03-02 17:57:30] INFO  ruby 1.8.7 (2010-08-16) [i486-linux]
Syncing physical servers state…
Place hardware daemon on machine with OpenVZ.
To start hardware daemon run:
sudo ruby /opt/ovz-web-panel//utils/hw-daemon/hw-daemon.rb start
Panel should be available at:

http://your-ip:3000

Default credentials: admin/admin
———————————–

After installation the Web Panel should be available on http://your-ip:3000 url.

To start/stop the Web Panel run the command:

/etc/init.d/owp start

or

/etc/init.d/owp stop

 Uninstall OpenVZ Web Panel:

To uninstall the panel you  need to run the following command:

  wget -O - http://ovz-web-panel.googlecode.com/svn/installer/ai.sh | sh -s UNINSTALL=1

The output will look like this:

———————————–
OpenVZ Web Panel Installer.
———————————–
Checking environment…
System info: Linux fpm 2.6.32-5-openvz-686 #1 SMP Mon Jan 16 17:54:17 UTC 2012 i686 GNU/Linux
Detecting distrib ID…
Checking presence of the command: lsb_release
No LSB modules are available.
LSB info: Distributor ID: Debian Description: Debian GNU/Linux 6.0.4 (squeeze) Release: 6.0.4 Codename: squeeze
Detected distrib ID: Debian
OpenVZ virtual environment detected.
Stopping services…
Stopping OpenVZ Web Panel server
Watchdog daemon was stopped.
update-rc.d: using dependency based boot sequencing
Panel was uninstalled.

need installation support on Fatal error: Panel requires Ruby 1.8 (Ruby 1.9 is not supported).

need installation support on Fatal error: Panel requires Ruby 1.8 (Ruby 1.9 is not supported).

When installer stops do next: 2. ruby -v (output will be probably ruby1.9.1...) 1. apt-get install ruby-switch 3. ruby-switch --list (output - all installed ruby versions -> ruby1.8 & ruby1.9.1) 4. ruby-switch --set ruby1.8 5. ruby -v (output -> ruby 1.8.7 (2012-02-08 patchlevel 358) [x86_64-linux]) 6. run installer again #./ai.sh

OpenVZ on Debian

OpenVZ is container-based virtualization for Linux. OpenVZ creates multiple secure, isolated containers (otherwise known as VE or VPS) on a single physical server enabling better server utilization and ensuring that applications do not conflict. Each container performs and executes exactly like a stand-alone server; a container can be rebooted independently and have root access, users, IP addresses, memory, processes, files, applications, system libraries and configuration files.

Step 1. Installation:
An OpenVZ kernel and the vzctl and vzquota packages are available in the Debian Squeeze repositories, so we can install them as follows:

apt-get install linux-image-openvz-686  vzctl  vzquota

Step 2. Create a symlink from /var/lib/vz to /vz to provide backward compatibility:

ln -s /var/lib/vz /vz

Step 3. Open with your favorite editor (eg: nano, vim) /etc/sysctl.conf and edit as following :

net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward=1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.eth0.proxy_arp=1

After you’ve edited /etc/sysctl.conf file run:

sysctl -p

Step 4. Open /etc/vz/vz.conf and set as following:

NOTE: This is important! If you don’t do this, networking will not work in the virtual machines!

NEIGHBOUR_DEVS=all

Step 5. Reboot the system using:

reboot or shutdown -r now

Step 6. After reboot run:

uname -r

Your output should be like this:

2.6.32-5-openvz-686

Step 6. Using OpenVZ

Before we can create virtual machines we need to have a template for the distribution that we want to use  in the/var/lib/vz/template/cache directory.

You can find a list of precreated templates on http://wiki.openvz.org/Download/template/precreated. For example, we can download a minimal Debian Squeeze template.

Step 7. Basic commands for using OpenVZ:

a) To set up a VPS from the debian-6.0-i386-minimal template run:

vzctl create 101 –ostemplate debian-6.0-1386-minimal –config basic

NOTE: 101 is the ID of your virtual machine. Each virtual machine must have  unique ID
b) Set the virtual machine to be started at boot:

vzctl set 101 –onboot yes –save

c) Set a hostname and IP address for the virtual machine:

vzctl set 101 –hostname debian-tutorials.com –save
vzctl set 101 –ipadd 10.10.0.2 –save

d) Start the virtual machine:

vzctl start 101

e) Set a root password for the virtual machine:

vzctl exec 101 passwd.

f) IPTables NAT that OpenVZ Container can connect to internet

   iptables -t nat -A POSROUTING -o eth0 -j MASQUERADE

For more commands you can use the man vzctl command.

https://openvz.org/Using_NAT_for_container_with_private_IPs
http://openvz.org/Installation_on_Debian

This tutorial is adapted for debian squeeze from http://howtoforge.com

Out of Memory di Linux

Jika sistem Linux kehabisan memori, atau disebut dengan kondisi OOM (out of memory), maka "OOM killer" kernel Linux akan bekerja, membunuh proses-proses secara "random" (tepatnya, proses-proses yang layak dibunuh menurut kriteria tertentu) agar sejumlah memori terbebaskan dan sistem dapat berlanjut kembali. Namun problemnya adalah, kadang-kadang proses yang penting bisa terbunuh. Contohnya: xlock (untuk lock X session), akibatnya session X kita jadi terbuka dengan sendirinya. Ini cukup fatal, karena jika kita meninggalkan workstation kita yang sedang kita kunci, jadi dapat terbuka. Contoh lain adalah sshd pada server remote, sehingga kita kehilangan akses remote untuk server tersebut.

Untuk mengatasi masalah ini, ada beberapa cara/pendekatan.

Panic dan automatic reboot

Kita dapat memilih jika terjadi kondisi OOM, kernel panic dan automatic reboot saja. Untuk melakukan hal ini:

# echo 1 > /proc/sys/vm/panic_on_oom

# echo 5 > /proc/sys/kernel/panic

Artinya, dalam 5 (lima) detik setelah terjadi kernel panic, sistem otomatis direboot. Catatan: jika kernel atau mesin hang total, tentu saja tidak bisa automatic reboot. Automatic reboot dapat dilakukan jika kernel mengalami panic (fatal error) tapi kernel masih hidup.

Untuk membuat setting ini permanen, tambahkan baris:

vm.panic_on_oom=1kernel.panic=5

di /etc/sysctl.conf.

Catatan: setting automatic juga bisa ditambahkan ke kernel options, yaitu "panic=N". Dengan cara ini kita dapat memilih kernel mana saja yang ingin diberi setting ini dan mana yang tidak usah. Untuk menggunakan kernel options utk autoreboot kernel panic, buang kembali baris "kernel.panic=5" dari /etc/sysctl.conf dan edit /boot/grub/menu.lst dan tambahkan "panic=5" di posisi seperti di bawah. Perhatikan bahwa menu.lst ini memiliki format spesifik yang akan diproses oleh skrip, jadi baris "kopt=..." setelah ditambahi "panic=5" tetap dikomen, nanti akan otomatis ditambahkan ke tiap entri kernel setelah kita menjalankan skrip update-grub.

### BEGIN AUTOMAGIC KERNELS LIST

## lines between the AUTOMAGIC KERNELS LIST markers will be modified

## by the debian update-grub script except for the default options below

## DO NOT UNCOMMENT THEM, Just edit them to your needs

## ## Start Default Options ##

## default kernel options

## default kernel options for automagic boot options

## If you want special options for specific kernels use kopt_x_y_z

## where x.y.z is kernel version. Minor versions can be omitted.

## e.g. kopt=root=/dev/hda1 ro

##      kopt_2_6_8=root=/dev/hdc1 ro

##      kopt_2_6_8_2_686=root=/dev/hdc2 ro

# kopt=root=/dev/hda1 ro panic=5

Lalu jalankan update-grub dan reboot kernel.

Setting overcommit kernel

Selain dengan cara pertama yaitu panic+autoreboot, kita juga dapat mengeset setting overcommit memori.

#echo 2 > /proc/sys/vm/overcommit_memory

Untuk membuat setting ini permanen, tambahkan baris ini di /etc/sysctl.conf:

vm.overcommit_memory=2

lalu reboot kernel.

Setting ini melarang alokasi memori yang berlebihan oleh proses-proses sehingga efeknya adalah proses-proses tidak di-kill dalam kondisi OOM tapi akan menerima pesan error out of memory. Untuk lebih jelasnya, bisa melihat dokumentasi kernel Linux di Documentation/vm/overcommit-accounting. Saat ini sistem yang menggunakan Spanel 1.2 diset menggunakan setting ini.

Reference lanjut http://kb.masterweb.net/beta/index.cgi/read/OOM_di_linux