1. Server Document Root
/hsphere/shared/apache/htdocs/
2. User HD
/hsphere/local/home/
3. FTP
/hsphere/local/config/
4. HTTP
/hsphere/local/config/
5. CLAMAV
/hsphere/local/config/mail/
6. SPAMD
/hsphere/local/config/mail/
7. SCRIPTS
/hsphere/shared/scripts/
8. ControlPanel Username
cpanel
9. CP PSOFT Conf files
/hsphere/local/home/cpanel/shiva/
10. CPANEL USER LOGIN
su -
su -l cpanel
11. URCHIN
/hsphere/local/urchin/bin/urchinctl
/usr/local/urchin4/bin/urchinctl
12. PHPMYADMIN
http://webX.ourinternet.us/phpMyAdmin/index.php
(Replace X with the server name)
13. PHPPgADMIN
http://webX.ourinternet.us/phpPgAdmin/index.php
( Replace X with the server name)
14. MySQL
/var/lib/mysql
15. HORDE
/hsphere/shared/apache/htdocs/horde/
16. SQWEBMAIL
/hsphere/shared/apache/htdocs/squirrelmail-1.4.3a/
17. NEW WEBMAIL
/hsphere/shared/apache/htdocs/w* (wm/wmail/webmail)
18. MAILLOG
/var/log/maillog
19. MAILSTATS
/var/hsphere/mail/logs/stats
20. APACHE LOGS
/hsphere/local/var/httpd/logs/
21. HORDE LOG
/hsphere/local/var/horde/log/horde.log
22. HSPHERE LOG
/var/log/hsphere/hsphere.log
23. HSPHERE BILLING
/var/log/hsphere/billing.log
24. CLAMAV
/var/log/clamav.log
25. RKHUNTER
/var/log/rkhunter.log
Monday, June 14, 2010
Hsphere paths
FTP
/hsphere/local/var/proftpd/xferlog
FTP config file:
/hsphere/shared/config/ftpd/proftpd.conf
Domain Virtual host entry
/hsphere/local/config/httpd/sites
Apache log file
/hsphere/shared/apache2/logs/error_log
PHP error log
/hsphere/shared/apache2/logs/php_error.log
Named
/hsphere/local/var/named
Mail server:
============
To get fulldetails of email account
~vpopmail/bin/vuserinfo msoule@awsna.org
~vpopmail/bin/vdominfo janepaul.com
/hsphere/local/var/vpopmail/domains/janepaul.com
Mail quequ details:
===================
q -s
q -R
q -m
/var/qmail/queue/mess/
/hsphere/local/var/proftpd/xferlog
FTP config file:
/hsphere/shared/config/ftpd/proftpd.conf
Domain Virtual host entry
/hsphere/local/config/httpd/sites
Apache log file
/hsphere/shared/apache2/logs/error_log
PHP error log
/hsphere/shared/apache2/logs/php_error.log
Named
/hsphere/local/var/named
Mail server:
============
To get fulldetails of email account
~vpopmail/bin/vuserinfo msoule@awsna.org
~vpopmail/bin/vdominfo janepaul.com
/hsphere/local/var/vpopmail/domains/janepaul.com
Mail quequ details:
===================
q -s
q -R
q -m
/var/qmail/queue/mess/
Sunday, June 13, 2010
Installing Mod_Throttle on cPanel
Do you need more granular control over some of your clients? Instead of limiting them to a certian amount of bandwidth per month, how about per week, day or even hour? Apache module mod_throttle is the answer.
This Apache module is intended to reduce the load on your server & bandwidth generated by popular virtual hosts, directories, locations, or users according to supported polices (see below) that decide when to delay or refuse requests. Also mod_throttle can track and throttle incoming connections by IP address or by authenticated remote user.
Every request now passes through four levels of throttling, which are: by client's IP address (ThrottleClientIP), by authenticated remote user name (ThrottleRemoteUser), by local user ID (ThrottleUser), and by directory, location, virtual host, or server (ThrottlePolicy).
To install with cPanel, SSH into your server as root and perform the following:
cd /usr/src
wget http://www.snert.com/Software/mod_throttle/mod_throttle312.tgz
tar zxvf mod_throttle312.tgz
cd mod_throttle-3.1.2
pico Makefile
Then edit the line that reads:
APXS=apxs
And change it to read:
APXS=/usr/local/apache/bin/apxs
Save the file and then:
make
make install
service httpd restart
Usage
Best bet is to go to http://www.snert.com/Software/mod_throttle/ and read up on all the options, but I will give you an example of limiting a site, and how to monitor all your throttled sites status.
Edit your /etc/httpd/conf/httpd.conf and locate the virtualhost entry for the site you wish to throttle. Just BEFORE the entry, insert:
ThrottlePolicy Volume 10G 30d
SetHandler throttle-me
The ThrottlePolicy line is the key. The first number is the amount of data and acceptable letters are G, M and K. The second number is the period and acceptable letters are m, w, d, h, and s.
Then restart Apache (service httpd restart).
If you want to be able to see the status of all throttled sites on the server at once, go to the first virtualhost entry in your httpd.conf file (this should be the entry for your server's hostname) and add the following:
SetHandler throttle-status
Then restart Apache again, and you can go to http://host.name.com/throttle-status and see the status of all throttled sites.
Enjoy!
Vijayarajan.A
This Apache module is intended to reduce the load on your server & bandwidth generated by popular virtual hosts, directories, locations, or users according to supported polices (see below) that decide when to delay or refuse requests. Also mod_throttle can track and throttle incoming connections by IP address or by authenticated remote user.
Every request now passes through four levels of throttling, which are: by client's IP address (ThrottleClientIP), by authenticated remote user name (ThrottleRemoteUser), by local user ID (ThrottleUser), and by directory, location, virtual host, or server (ThrottlePolicy).
To install with cPanel, SSH into your server as root and perform the following:
cd /usr/src
wget http://www.snert.com/Software/mod_throttle/mod_throttle312.tgz
tar zxvf mod_throttle312.tgz
cd mod_throttle-3.1.2
pico Makefile
Then edit the line that reads:
APXS=apxs
And change it to read:
APXS=/usr/local/apache/bin/apxs
Save the file and then:
make
make install
service httpd restart
Usage
Best bet is to go to http://www.snert.com/Software/mod_throttle/ and read up on all the options, but I will give you an example of limiting a site, and how to monitor all your throttled sites status.
Edit your /etc/httpd/conf/httpd.conf and locate the virtualhost entry for the site you wish to throttle. Just BEFORE the entry, insert:
ThrottlePolicy Volume 10G 30d
SetHandler throttle-me
The ThrottlePolicy line is the key. The first number is the amount of data and acceptable letters are G, M and K. The second number is the period and acceptable letters are m, w, d, h, and s.
Then restart Apache (service httpd restart).
If you want to be able to see the status of all throttled sites on the server at once, go to the first virtualhost entry in your httpd.conf file (this should be the entry for your server's hostname) and add the following:
SetHandler throttle-status
Then restart Apache again, and you can go to http://host.name.com/throttle-status and see the status of all throttled sites.
Enjoy!
Vijayarajan.A
How to install PRM (Process Resource Monitor)
PRM monitors the process table on a given system and matches process id's with set resource limits in the config file or per-process based rules. Process id's that match or exceed the set limits are logged and killed; includes e-mail alerts, kernel loggin
PRM (Process Resource Monitor)
Introduction
PRM monitors the process table on a given system and matches process id's with set resource limits in the config file or per-process based rules. Process id's that match or exceed the set limits are logged and killed; includes e-mail alerts, kernel logging routine and more...
How it works?
PRM works on the basis that once a process id is found matching resource limits; there is a corresponding trigger and wait value. The trigger value increments upwards from zero (0) to the defined value, pausing the duration of seconds defined as wait value. There after the status of the flagged pid is checked again, if still above or equal to resource limits the trigger/wait cycle begins again till the max trigger value is reached. When this trigger value is reached the given process is logged/killed.
This all together has the effect that applications with short burst resource spikes (e.g: apache, mysql etc..) are not killed; but rather on applications with prolonged resource consumption. Using the rule system, you can define different wait/trigger/resource values for any application.
Installation
First we must fetch the package:
wget http://www.rfxnetworks.com/downloads/prm-current.tar.gz
And extract it:
tar xvfz prm-current.tar.gz
The current version of prm as of this writing is 0.3, so lets cd to the 0.3 extracted path:
cd prm-0.3/
And finally run the enclosed install.sh script:
./install.sh
Configuration
The prm installation is located at '/usr/local/prm', and the configuration file is labeled 'conf.prm'.
Open the '/usr/local/prm/conf.prm' file with your preferred editor. There is an array of options in this file but we will only be focusing on the main variables.
Lets skip down to the user e-mail alert's section and set the USR_ALERT value to '1'; enabling alerts.
# enable user e-mail alerts [0=disabled,1=enabled] USR_ALERT="1"
And configure our e-mail addresses for alerts:
# e-mail address for alerts USR_ADDR="root, you@domain.com"
Check the 5,10, or 15 minute load average; relative to the later option below for min. load level.
# check 5,10,15 minute load average. [1,2,3 respective of 5,10,15] LC="1"
PRM optionally has a required load average for running. If the load is not equal to or greater than this value; PRM will not run. Setting this value to zero will force the script to always run but this should not be needed.
# min load level required to run (decimal values unsupported) MIN_LOAD="1"
This is the introduction described wait value, used for pauses between trigger increments. The value of wait multiplied by the value of kill_trig equal the duration of time before a process is killed (10x3=30seconds).
# seconds to wait before rechecking a flagged pid (pid's noted resource # intensive but not yet killed). WAIT="10"
The trigger limit before processes are killed, described in detail in the above 'wait' description and introduction.
# counter limit that a process must reach prior to kill. The counter value # increases for a process flagged resource intensive on rechecks. KILL_TRIG="3"
The max percentage of CPU a process should be allowed to use before PRM flags it for killing.
# Max CPU usage readout for a process - % of all cpu resources (decimal values unsupported) MAXCPU="35"
The max percentage of MEM a process should be allowed to use before PRM flags it for killing.
# Max MEM usage readout for a process - % of system total memory (decimal values unsupported) MAXMEM="15"
That is it; you should tweak the MAXCPU/MAXMEM limits to your desired needs but the defaults should be fine for most.
Usage
The executable program resides in '/usr/local/prm/prm' and '/usr/local/sbin/prm'. The prm executable can receive one of two arguments:
-s Standard run
-q Quiet run
The log path for prm is '/usr/local/prm/prm_log', as well pid specific logs are stored in '/usr/local/prm/killed/'.
A default cronjob for PRM is installed to '/etc/cron.d/prm', and is configured to run once every 5 minutes.
There is a provided ignore file, to ignore processes based on string rules. The ignore file is located at '/usr/local/prm/ignore'. This file supports line separated ignore strings. As a default the strings 'root, named and postgre' are ignored by PRM; this script was not intended to monitor root processes but rather user land tasks. It could easily watch root processes by removing the given line in the ignore file but this is strongly discouraged.
Thanks,
Vijayarajan.A
PRM (Process Resource Monitor)
Introduction
PRM monitors the process table on a given system and matches process id's with set resource limits in the config file or per-process based rules. Process id's that match or exceed the set limits are logged and killed; includes e-mail alerts, kernel logging routine and more...
How it works?
PRM works on the basis that once a process id is found matching resource limits; there is a corresponding trigger and wait value. The trigger value increments upwards from zero (0) to the defined value, pausing the duration of seconds defined as wait value. There after the status of the flagged pid is checked again, if still above or equal to resource limits the trigger/wait cycle begins again till the max trigger value is reached. When this trigger value is reached the given process is logged/killed.
This all together has the effect that applications with short burst resource spikes (e.g: apache, mysql etc..) are not killed; but rather on applications with prolonged resource consumption. Using the rule system, you can define different wait/trigger/resource values for any application.
Installation
First we must fetch the package:
wget http://www.rfxnetworks.com/downloads/prm-current.tar.gz
And extract it:
tar xvfz prm-current.tar.gz
The current version of prm as of this writing is 0.3, so lets cd to the 0.3 extracted path:
cd prm-0.3/
And finally run the enclosed install.sh script:
./install.sh
Configuration
The prm installation is located at '/usr/local/prm', and the configuration file is labeled 'conf.prm'.
Open the '/usr/local/prm/conf.prm' file with your preferred editor. There is an array of options in this file but we will only be focusing on the main variables.
Lets skip down to the user e-mail alert's section and set the USR_ALERT value to '1'; enabling alerts.
# enable user e-mail alerts [0=disabled,1=enabled] USR_ALERT="1"
And configure our e-mail addresses for alerts:
# e-mail address for alerts USR_ADDR="root, you@domain.com"
Check the 5,10, or 15 minute load average; relative to the later option below for min. load level.
# check 5,10,15 minute load average. [1,2,3 respective of 5,10,15] LC="1"
PRM optionally has a required load average for running. If the load is not equal to or greater than this value; PRM will not run. Setting this value to zero will force the script to always run but this should not be needed.
# min load level required to run (decimal values unsupported) MIN_LOAD="1"
This is the introduction described wait value, used for pauses between trigger increments. The value of wait multiplied by the value of kill_trig equal the duration of time before a process is killed (10x3=30seconds).
# seconds to wait before rechecking a flagged pid (pid's noted resource # intensive but not yet killed). WAIT="10"
The trigger limit before processes are killed, described in detail in the above 'wait' description and introduction.
# counter limit that a process must reach prior to kill. The counter value # increases for a process flagged resource intensive on rechecks. KILL_TRIG="3"
The max percentage of CPU a process should be allowed to use before PRM flags it for killing.
# Max CPU usage readout for a process - % of all cpu resources (decimal values unsupported) MAXCPU="35"
The max percentage of MEM a process should be allowed to use before PRM flags it for killing.
# Max MEM usage readout for a process - % of system total memory (decimal values unsupported) MAXMEM="15"
That is it; you should tweak the MAXCPU/MAXMEM limits to your desired needs but the defaults should be fine for most.
Usage
The executable program resides in '/usr/local/prm/prm' and '/usr/local/sbin/prm'. The prm executable can receive one of two arguments:
-s Standard run
-q Quiet run
The log path for prm is '/usr/local/prm/prm_log', as well pid specific logs are stored in '/usr/local/prm/killed/'.
A default cronjob for PRM is installed to '/etc/cron.d/prm', and is configured to run once every 5 minutes.
There is a provided ignore file, to ignore processes based on string rules. The ignore file is located at '/usr/local/prm/ignore'. This file supports line separated ignore strings. As a default the strings 'root, named and postgre' are ignored by PRM; this script was not intended to monitor root processes but rather user land tasks. It could easily watch root processes by removing the given line in the ignore file but this is strongly discouraged.
Thanks,
Vijayarajan.A
Installing LES (Linux Environment Security) on CentOS
[root@centoz ~]# mkdir download
[root@centoz ~]# cd download/
[root@centoz download]# wget http://www.r-fx.ca/downloads/les-current.tar.gz
[root@centoz download]# tar -xzf les-current.tar.gz
[root@centoz download]# cd les-0.2/
[root@centoz les-0.2]# ./install.sh
.: LES installed
Install path: /usr/local/les
Config path: /usr/local/les/conf.les
Executable path: /usr/local/sbin/les
Running LES
[root@centoz les-0.2]# /usr/local/sbin/les -ea
You can try other options :
-da | --disable-all Disable all options
-ea | --enable-all Enable all options
-sb | --secure-bin Set root only execution of critical binaries
-sp | --secure-path Set root only traversal of critical paths
-sr | --secure-rpmpkg Set immutable on core rpm package binaries
-so | --secure-prof Set immutable on interactive login profiles
-sd | --secure-devel Set access to devel utils for group deva & root
[root@centoz ~]# cd download/
[root@centoz download]# wget http://www.r-fx.ca/downloads/les-current.tar.gz
[root@centoz download]# tar -xzf les-current.tar.gz
[root@centoz download]# cd les-0.2/
[root@centoz les-0.2]# ./install.sh
.: LES installed
Install path: /usr/local/les
Config path: /usr/local/les/conf.les
Executable path: /usr/local/sbin/les
Running LES
[root@centoz les-0.2]# /usr/local/sbin/les -ea
You can try other options :
-da | --disable-all Disable all options
-ea | --enable-all Enable all options
-sb | --secure-bin Set root only execution of critical binaries
-sp | --secure-path Set root only traversal of critical paths
-sr | --secure-rpmpkg Set immutable on core rpm package binaries
-so | --secure-prof Set immutable on interactive login profiles
-sd | --secure-devel Set access to devel utils for group deva & root
LSM (Linux Socket Monitor) Installation
INSTALLATION
wget http://rfxnetworks.com/downloads/lsm-current.tar.gz
tar -zxvf lsm-current.tar.gz
cd lsm-0.*
./install.sh
/usr/local/sbin/lsm -g
LSM Testing
/usr/local/sbin/lsm -c
=====================
1) What is LSM ?
-LSM is a bash scripted network socket monitor. It is designed to track
changes to Network sockets and Unix domain sockets.
A comprehensive alert system, simple program usage & installation make LSM
ideal for deployment in any linux environment (geared for web servers). Using
a rather simple yet logical structure, LSM identifies changes in both
Network Sockets and Unix Domain Sockets. By recording a base set of what
sockets should be active then comparing the currently active socket informationto that of the base comparison files, we highlight otherwise unknown services.
LSM will ignore services that are currently holding sockets open. Events are
only applicable when a 'new' socket is created, be it UDS Stream Socket or TCPNetwork Socket, LSM will identify it. Currently LSM does not track DGRAM Unix Domain Sockets.
2) Setup:
-To setup LSM, simply execute the 'install.sh' script inside the extraced path.
This will install LSM to /usr/local/lsm, and symlink its executable to
/usr/local/sbin/lsm. As well, there will be a cron.d entry added to
/etc/cron.d/lsm, set to run it once every 10 minutes.
3) Usage:
LSM has 3 arguments that perform the following operations respectivly:
-g Generate base comparision files
-c Compare current socket information to comparision files
-d Delete base comparision files
Upon installation, LSM generates its base comparison files, but we recommend
you manualy do so to ensure it has been done.
Thanks,
Vijayarajan.A
wget http://rfxnetworks.com/downloads/lsm-current.tar.gz
tar -zxvf lsm-current.tar.gz
cd lsm-0.*
./install.sh
/usr/local/sbin/lsm -g
LSM Testing
/usr/local/sbin/lsm -c
=====================
1) What is LSM ?
-LSM is a bash scripted network socket monitor. It is designed to track
changes to Network sockets and Unix domain sockets.
A comprehensive alert system, simple program usage & installation make LSM
ideal for deployment in any linux environment (geared for web servers). Using
a rather simple yet logical structure, LSM identifies changes in both
Network Sockets and Unix Domain Sockets. By recording a base set of what
sockets should be active then comparing the currently active socket informationto that of the base comparison files, we highlight otherwise unknown services.
LSM will ignore services that are currently holding sockets open. Events are
only applicable when a 'new' socket is created, be it UDS Stream Socket or TCPNetwork Socket, LSM will identify it. Currently LSM does not track DGRAM Unix Domain Sockets.
2) Setup:
-To setup LSM, simply execute the 'install.sh' script inside the extraced path.
This will install LSM to /usr/local/lsm, and symlink its executable to
/usr/local/sbin/lsm. As well, there will be a cron.d entry added to
/etc/cron.d/lsm, set to run it once every 10 minutes.
3) Usage:
LSM has 3 arguments that perform the following operations respectivly:
-g Generate base comparision files
-c Compare current socket information to comparision files
-d Delete base comparision files
Upon installation, LSM generates its base comparison files, but we recommend
you manualy do so to ensure it has been done.
Thanks,
Vijayarajan.A
Friday, June 4, 2010
Spam control configuration
log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn \
Subscribe to:
Posts (Atom)