$to = "testsimp@gmail.com";
$subject = "Test mail";
$message = "Hello! This is a simple email message.";
$from = "test@example";
$headers = "From: $from";
mail($to,$subject,$message,$headers);
echo "Mail Sent.";
?>
Monday, November 22, 2010
Tuesday, November 16, 2010
SWftools installation
SWftools installation
=====================
http://www.swftools.org/download.html
web browser execution commands
==============================
pdftoswf.php
shell_exec('/usr/local/bin/pdf2swf -l -z -t TPT_poster.pdf -o TPT_poster.swf');
echo "Successfully converted";
?>
Testscript to pdf navigation
============================
$test=shell_exec('/usr/local/bin/pdf2swf -B /usr/local/src/swftools-0.9.1/swfs/rfxview.swf -l -z -t /home/user/public_html/dev/files/Test_File.pdf -o /home/tuser/public_html/dev/files/Test_File.swf ');
if($test) print_r($test);
echo "Conversion has been completed successfully";
?>
#/usr/local/src/swftools-0.9.1/swfs/rfxview.swf
?>
=====================
http://www.swftools.org/download.html
web browser execution commands
==============================
pdftoswf.php
shell_exec('/usr/local/bin/pdf2swf -l -z -t TPT_poster.pdf -o TPT_poster.swf');
echo "Successfully converted";
?>
Testscript to pdf navigation
============================
$test=shell_exec('/usr/local/bin/pdf2swf -B /usr/local/src/swftools-0.9.1/swfs/rfxview.swf -l -z -t /home/user/public_html/dev/files/Test_File.pdf -o /home/tuser/public_html/dev/files/Test_File.swf ');
if($test) print_r($test);
echo "Conversion has been completed successfully";
?>
#/usr/local/src/swftools-0.9.1/swfs/rfxview.swf
?>
Tuesday, November 2, 2010
Port scanning script
#!/bin/bash
PORT1=21 #The port number
PORT2=22 #The port number
PORT3=25 #The port number
PORT4=53 #The port number
PORT5=80 #The port number
PORT6=3306 #The port number
read -p "Enter the Server IP/HOSTNAME : " HOSTNAME #Enter the Host Name to check the Open Ports
echo ""
echo "Checking the ping status of $HOSTNAME", Please wait....
echo ""
if ping -c2 $HOSTNAME |grep -i "time="
then
echo $HOSTNAME is up
else
echo "$HOSTNAME is down or unable to ping"
fi
echo ""
echo "Checking the port status of $HOSTNAME", Please wait....
echo ""
if nmap -p$PORT1 $HOSTNAME | grep -q open
then
echo $PORT1 is open
else
echo $PORT1 is down
fi
if nmap -p$PORT2 $HOSTNAME | grep -q open
then
echo $PORT2 is open
else
echo $PORT2 is down
fi
if nmap -p$PORT3 $HOSTNAME | grep -q open
then
echo $PORT3 is open
else
echo $PORT3 is down
fi
if nmap -p$PORT4 $HOSTNAME | grep -q open
then
echo $PORT4 is open
PORT1=21 #The port number
PORT2=22 #The port number
PORT3=25 #The port number
PORT4=53 #The port number
PORT5=80 #The port number
PORT6=3306 #The port number
read -p "Enter the Server IP/HOSTNAME : " HOSTNAME #Enter the Host Name to check the Open Ports
echo ""
echo "Checking the ping status of $HOSTNAME", Please wait....
echo ""
if ping -c2 $HOSTNAME |grep -i "time="
then
echo $HOSTNAME is up
else
echo "$HOSTNAME is down or unable to ping"
fi
echo ""
echo "Checking the port status of $HOSTNAME", Please wait....
echo ""
if nmap -p$PORT1 $HOSTNAME | grep -q open
then
echo $PORT1 is open
else
echo $PORT1 is down
fi
if nmap -p$PORT2 $HOSTNAME | grep -q open
then
echo $PORT2 is open
else
echo $PORT2 is down
fi
if nmap -p$PORT3 $HOSTNAME | grep -q open
then
echo $PORT3 is open
else
echo $PORT3 is down
fi
if nmap -p$PORT4 $HOSTNAME | grep -q open
then
echo $PORT4 is open
Thursday, September 30, 2010
How can I reset my admin password on my Plesk Linux server?
Follow the steps as follows
This can be accomplished with the ch_admin_passwd binary.
[root@plesklinux root]# cd /usr/local/psa/admin/bin/
[root@plesklinux bin]# ./ch_admin_passwd --help
./ch_admin_passwd: Utility to set Plesk adminstrator's password
Gets password from the environment variable PSA_PASSWORD
Password should be from 5 to 16 symbols and should not contain login name,
whitespace, quotes or national characters
Usage: ./ch_admin_passwd
-h, --help
display this help and exit
We must export the variable before running the binary. We will unset the variable when we are done.
[root@plesklinux bin]# export PSA_PASSWORD='newpass'
[root@plesklinux bin]# echo $PSA_PASSWORD
newpass
[root@plesklinux bin]# ./ch_admin_passwd
[root@plesklinux bin]# export PSA_PASSWORD=
[root@plesklinux bin]# cat /etc/psa/.psa.shadow
newpass
[root@plesklinux bin]#
Saturday, September 4, 2010
RED5 links
http://www.red5server.org/content_red5installlinux_500006
http://www.sohailriaz.com/how-to-install-red5-server-on-centos-53/
http://www.videochat-scripts.com/installed-red5-08-rc3-with-jdk-1613-on-linux/
http://forums.hostv.com/how-tos/71-how-install-red5-hosting-red5.html
http://gnufreakz.wordpress.com/2009/04/30/red5-installation/
http://hosting-marketers.com/news/category/red5-installation/
http://forums.hostv.com/how-tos/134-how-automated-red5-installation.html
http://www.sohailriaz.com/how-to-install-red5-server-on-centos-53/
http://www.videochat-scripts.com/installed-red5-08-rc3-with-jdk-1613-on-linux/
http://forums.hostv.com/how-tos/71-how-install-red5-hosting-red5.html
http://gnufreakz.wordpress.com/2009/04/30/red5-installation/
http://hosting-marketers.com/news/category/red5-installation/
http://forums.hostv.com/how-tos/134-how-automated-red5-installation.html
Thursday, August 12, 2010
Linux tips and tricks
1.) To get Hardware info in GUI mode by using special package.
yum install hardinfo(system profiler and Beenchmark
2.)Non-GUI mode
dmidcoder | less
Gives you the information of whole hardware.
If you want know about hardware property
dmidcoder -t which prompts you the keyword for search
yum install hardinfo(system profiler and Beenchmark
2.)Non-GUI mode
dmidcoder | less
Gives you the information of whole hardware.
If you want know about hardware property
dmidcoder -t which prompts you the keyword for search
Videos tutorials
1.) How to setup load balance for apache.
http://www.youtube.com/watch?v=-WuW27hpHWc&feature=related
2.)Control and manage swap partion
http://www.youtube.com/watch?v=1q_05tD2gzY&feature=related
3.)Root password Hacking
http://www.youtube.com/watch?v=nT8X3d2nUrs&feature=related
http://www.youtube.com/watch?v=-WuW27hpHWc&feature=related
2.)Control and manage swap partion
http://www.youtube.com/watch?v=1q_05tD2gzY&feature=related
3.)Root password Hacking
http://www.youtube.com/watch?v=nT8X3d2nUrs&feature=related
Wednesday, August 11, 2010
MYSQL Downgrade / Upgrade
MYSQL Downgrade / Upgrade
=========================
Steps
-----
1. Check the mysql version
rpm -qa | grep -i mysql
mysql -v
2. Change the version in configuration file
Before changing th version in config file, backup the same
(cp -arp /var/cpanel/cpanel.config /var/cpanel/cpanel.config.bak)
In /var/cpanel/cpanel.config
Check for the line
mysql-version= 4.1
Change the version as you wish for upgrade or downgrade
Upgrade
mysql-version= 5.0
Downgrade
mysql-version= 4.0
Note: cPanel version 11.24.5-STABLE_38506 supports only mysql versions 4.1 and above
( How to check cPanel Version
/usr/local/cpanel/cpanel version or
vi /usr/local/cpanel/version )
3. Back up the /var/lib/mysql folder
( cp -arp /var/lib/mysql /var/lib/mysql_back )
4. Run the below script using below command
/script/mysqlup -force or
/script/mysqlup -force --password=ROOTPASSWORD
5. check the version of mysql
( rpm -qa | grep -i mysql
mysql -v)
6. /etc/init.d/mysql restart
If the mysql successfully restarts then there is no problem. But if it shows the errors
1. MySQL is not running, but lock exists
2. MySQL PID file could not be found!
3. MYSQL Cannot start because PID file not FOUND
Check the following
/etc/init.d/mysql status
"mysql is not running but lock exists "
Solved by removing the lock file:
rm /var/lock/subsys/mysql
If this happens again it may also be necessary to remove the pid file from /var/lib/mysql
=========================
Steps
-----
1. Check the mysql version
rpm -qa | grep -i mysql
mysql -v
2. Change the version in configuration file
Before changing th version in config file, backup the same
(cp -arp /var/cpanel/cpanel.config /var/cpanel/cpanel.config.bak)
In /var/cpanel/cpanel.config
Check for the line
mysql-version= 4.1
Change the version as you wish for upgrade or downgrade
Upgrade
mysql-version= 5.0
Downgrade
mysql-version= 4.0
Note: cPanel version 11.24.5-STABLE_38506 supports only mysql versions 4.1 and above
( How to check cPanel Version
/usr/local/cpanel/cpanel version or
vi /usr/local/cpanel/version )
3. Back up the /var/lib/mysql folder
( cp -arp /var/lib/mysql /var/lib/mysql_back )
4. Run the below script using below command
/script/mysqlup -force or
/script/mysqlup -force --password=ROOTPASSWORD
5. check the version of mysql
( rpm -qa | grep -i mysql
mysql -v)
6. /etc/init.d/mysql restart
If the mysql successfully restarts then there is no problem. But if it shows the errors
1. MySQL is not running, but lock exists
2. MySQL PID file could not be found!
3. MYSQL Cannot start because PID file not FOUND
Check the following
/etc/init.d/mysql status
"mysql is not running but lock exists "
Solved by removing the lock file:
rm /var/lock/subsys/mysql
If this happens again it may also be necessary to remove the pid file from /var/lib/mysql
Saturday, August 7, 2010
Preventing nobody spammer in PHP
PHP and Apache has a history of not being able to track which users are sending out mail through the PHP mail function from the nobody user causing leaks in formmail scripts and malicious users to spam from your server without you knowing who or where.
Watching your exim_mainlog doesn’t exactly help, you see th email going out but you can’t track from which user or script is sending it. This is a quick and dirty way to get around the nobody spam problem on your Linux server.
If you check out your PHP.ini file you’ll notice that your mail program is set to: /usr/sbin/sendmail and 99.99% of PHP scripts will just use the built in mail(); function for PHP – so everything will go through /usr/sbin/sendmail =)
Requirements:
We assume you’re using Apache 1.3x, PHP 4.3x and Exim. This may work on other systems but we’re only tested it on a Cpanel/WHM Red Hat Enterprise system.
Time:
10 Minutes, Root access required.
Step 1)
Login to your server and su – to root.
Step 2)
Turn off exim while we do this so it doesn’t freak out.
/etc/init.d/exim stop
Step 3)
Backup your original /usr/sbin/sendmail file. On systems using Exim MTA, the sendmail file is just basically a pointer to Exim itself.
mv /usr/sbin/sendmail /usr/sbin/sendmail.hidden
Step 4)
Create the spam monitoring script for the new sendmail.
pico /usr/sbin/sendmail
Paste in the following:
#!/usr/local/bin/perl
# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, “>>/var/log/spam_log”) || die “Failed to open file ::$!”;
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO “$date – $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n”;
}
else {
print INFO “$date – $PWD – @infon”;
}
my $mailprog = ‘/usr/sbin/sendmail.hidden’;
foreach (@ARGV) {
$arg=”$arg” . ” $_”;
}
open (MAIL,”|$mailprog $arg”) || die “cannot open $mailprog: $!n”;
while ( ) {
print MAIL;
}
close (INFO);
close (MAIL);
Step 5)
Change the new sendmail permissions
chmod +x /usr/sbin/sendmail
Step 6)
Create a new log file to keep a history of all mail going out of the server using web scripts
touch /var/log/spam_log
chmod 0777 /var/log/spam_log
Step 7)
Start Exim up again.
/etc/init.d/exim start
Step 8) Monitor your spam_log file for spam, try using any formmail or script that uses a mail function – a message board, a contact script.
tail – f /var/log/spam_log
Sample Log Output
Mon Apr 11 07:12:21 EDT 2005 – /home/username/public_html/directory/subdirectory – nobody x 99 99 Nobody / /sbin/nologin
Log Rotation Details
Your spam_log file isn’t set to be rotated so it might get to be very large quickly. Keep an eye on it and consider adding it to your logrotation.
pico /etc/logrotate.conf
FIND:
# no packages own wtmp — we’ll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
ADD BELOW:
# SPAM LOG rotation
/var/log/spam_log {
monthly
create 0777 root root
rotate 1
}
Notes:
You may also want to chattr + i /usr/sbin/sendmail so it doesn’t get overwritten.
Enjoy knowing you can see nobody is actually somebody =)
Watching your exim_mainlog doesn’t exactly help, you see th email going out but you can’t track from which user or script is sending it. This is a quick and dirty way to get around the nobody spam problem on your Linux server.
If you check out your PHP.ini file you’ll notice that your mail program is set to: /usr/sbin/sendmail and 99.99% of PHP scripts will just use the built in mail(); function for PHP – so everything will go through /usr/sbin/sendmail =)
Requirements:
We assume you’re using Apache 1.3x, PHP 4.3x and Exim. This may work on other systems but we’re only tested it on a Cpanel/WHM Red Hat Enterprise system.
Time:
10 Minutes, Root access required.
Step 1)
Login to your server and su – to root.
Step 2)
Turn off exim while we do this so it doesn’t freak out.
/etc/init.d/exim stop
Step 3)
Backup your original /usr/sbin/sendmail file. On systems using Exim MTA, the sendmail file is just basically a pointer to Exim itself.
mv /usr/sbin/sendmail /usr/sbin/sendmail.hidden
Step 4)
Create the spam monitoring script for the new sendmail.
pico /usr/sbin/sendmail
Paste in the following:
#!/usr/local/bin/perl
# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, “>>/var/log/spam_log”) || die “Failed to open file ::$!”;
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO “$date – $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n”;
}
else {
print INFO “$date – $PWD – @infon”;
}
my $mailprog = ‘/usr/sbin/sendmail.hidden’;
foreach (@ARGV) {
$arg=”$arg” . ” $_”;
}
open (MAIL,”|$mailprog $arg”) || die “cannot open $mailprog: $!n”;
while ( ) {
print MAIL;
}
close (INFO);
close (MAIL);
Step 5)
Change the new sendmail permissions
chmod +x /usr/sbin/sendmail
Step 6)
Create a new log file to keep a history of all mail going out of the server using web scripts
touch /var/log/spam_log
chmod 0777 /var/log/spam_log
Step 7)
Start Exim up again.
/etc/init.d/exim start
Step 8) Monitor your spam_log file for spam, try using any formmail or script that uses a mail function – a message board, a contact script.
tail – f /var/log/spam_log
Sample Log Output
Mon Apr 11 07:12:21 EDT 2005 – /home/username/public_html/directory/subdirectory – nobody x 99 99 Nobody / /sbin/nologin
Log Rotation Details
Your spam_log file isn’t set to be rotated so it might get to be very large quickly. Keep an eye on it and consider adding it to your logrotation.
pico /etc/logrotate.conf
FIND:
# no packages own wtmp — we’ll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
ADD BELOW:
# SPAM LOG rotation
/var/log/spam_log {
monthly
create 0777 root root
rotate 1
}
Notes:
You may also want to chattr + i /usr/sbin/sendmail so it doesn’t get overwritten.
Enjoy knowing you can see nobody is actually somebody =)
Thursday, August 5, 2010
Useful links
1.) http://www.mysql-apache-php.com
2.)http://niyaas.blogspot.com
3.)http://shebangme.blogspot.com
4.)http://txt.binnyva.com
5.)http://gnufreakz.wordpress.com
6.)http://linuxserverguide.wordpress.com
7.)http://gcharriere.com/blog/?p=339 - Load balance
8.)www.howtoforge.com
9.)http://www.linuxbaby.co.cc
10.)http://www.dedicatedserverhosting.com
11.)http://www.linuxmaza.com
12.)http://scriptmantra.info
13.)http://skullboxx.net
14.)http://www.onetforum.com/fourm/viewtopic.php?p=27
15.)http://mohammednv.wordpress.com/2008/04/17/how-to-integrate-spamassassin-with-qmail/
16.)http://www.fduran.com/blog/filtering-spam-with-qmail-and-spamassassin-on-red-hat-fedora-2/
17.)http://www.onetforum.com/fourm/viewtopic.php?p=27
18.)http://www.wipl.in/articles/category/whm/
19.)http://wiki.cpaneldirect.net/wiki/index.php/Main_Page
20.)http://forums.cpanel.net/f5/problem-connecting-mysql-through-jailshell-109641.html
21.)http://articles.assistanz.com/?View=entry&EntryID=504
22.)http://www.comptechdoc.org/os/linux/usersguide/linux_ugprocesses.html
23.)http://www.linux.org/lessons/tips/cmndline.html
24.) http://marcgrabanski.com/articles/plesk-multiple-ftp-accounts-per-domain - FTP subaccount
25.)http://kmaiti.blogspot.com
26.)netstat -apn |grep :80 |awk {'print $5'} |wc -l
27.)http://tools.pingdom.com
28.)http://www.thecpaneladmin.com
29.)http://apache-monitor.com/articles/basic-apache-performance-tuning-httpd.php
30)http://supportfacility.com/blog/plesk/plesk-paths-on-a-linux-dedicated-server/
31.)http://www.howtoforge.org/set-up-dkim-for-multiple-domains-on-postfix-with-dkim-milter-2.8.x-centos-5.3
32.) http://www.thegeekstuff.com/2011/01/tput-command-examples/ - apache optimization steps
33.)http://linuxhostingsupport.net
34.)http://kmaiti.blogspot.com/
35.)http://www.xpcdesign.com/2010/03/plesk-commands-and-paths/
36.)http://www.linuxbabu.net/category/plesk/
Server security links
======================
http://abinz.wordpress.com/security-installations/
http://abinz.wordpress.com/security-installtion-phase-2/
http://abinz.wordpress.com/security-installation-phase3/
http://abinz.wordpress.com/securing-your-server/
http://abinz.wordpress.com/common-cpanel-issues/
http://sythril.com/showthread.php?t=9403 - VNC installation steps
http://www.eukhost.com/forums/f15/enable-php-mssql-extension-whm-cpanel-linux-server-10699/ ---mssql module installation
http://adminsdiary.com/linux/enable-php-mssql-extension-on-cpanel-linux-server - mssql moduler installation steps
2.)http://niyaas.blogspot.com
3.)http://shebangme.blogspot.com
4.)http://txt.binnyva.com
5.)http://gnufreakz.wordpress.com
6.)http://linuxserverguide.wordpress.com
7.)http://gcharriere.com/blog/?p=339 - Load balance
8.)www.howtoforge.com
9.)http://www.linuxbaby.co.cc
10.)http://www.dedicatedserverhosting.com
11.)http://www.linuxmaza.com
12.)http://scriptmantra.info
13.)http://skullboxx.net
14.)http://www.onetforum.com/fourm/viewtopic.php?p=27
15.)http://mohammednv.wordpress.com/2008/04/17/how-to-integrate-spamassassin-with-qmail/
16.)http://www.fduran.com/blog/filtering-spam-with-qmail-and-spamassassin-on-red-hat-fedora-2/
17.)http://www.onetforum.com/fourm/viewtopic.php?p=27
18.)http://www.wipl.in/articles/category/whm/
19.)http://wiki.cpaneldirect.net/wiki/index.php/Main_Page
20.)http://forums.cpanel.net/f5/problem-connecting-mysql-through-jailshell-109641.html
21.)http://articles.assistanz.com/?View=entry&EntryID=504
22.)http://www.comptechdoc.org/os/linux/usersguide/linux_ugprocesses.html
23.)http://www.linux.org/lessons/tips/cmndline.html
24.) http://marcgrabanski.com/articles/plesk-multiple-ftp-accounts-per-domain - FTP subaccount
25.)http://kmaiti.blogspot.com
26.)netstat -apn |grep :80 |awk {'print $5'} |wc -l
27.)http://tools.pingdom.com
28.)http://www.thecpaneladmin.com
29.)http://apache-monitor.com/articles/basic-apache-performance-tuning-httpd.php
30)http://supportfacility.com/blog/plesk/plesk-paths-on-a-linux-dedicated-server/
31.)http://www.howtoforge.org/set-up-dkim-for-multiple-domains-on-postfix-with-dkim-milter-2.8.x-centos-5.3
32.) http://www.thegeekstuff.com/2011/01/tput-command-examples/ - apache optimization steps
33.)http://linuxhostingsupport.net
34.)http://kmaiti.blogspot.com/
35.)http://www.xpcdesign.com/2010/03/plesk-commands-and-paths/
36.)http://www.linuxbabu.net/category/plesk/
Server security links
======================
http://abinz.wordpress.com/security-installations/
http://abinz.wordpress.com/security-installtion-phase-2/
http://abinz.wordpress.com/security-installation-phase3/
http://abinz.wordpress.com/securing-your-server/
http://abinz.wordpress.com/common-cpanel-issues/
http://sythril.com/showthread.php?t=9403 - VNC installation steps
http://www.eukhost.com/forums/f15/enable-php-mssql-extension-whm-cpanel-linux-server-10699/ ---mssql module installation
http://adminsdiary.com/linux/enable-php-mssql-extension-on-cpanel-linux-server - mssql moduler installation steps
Linux server secure steps
How to Secure Linux Servers
Basic Linux Server Security
Install Firewall (APF or CSF Firewall with BFD)
ModSecurity (Web application firewall)
ModEvasive (Prevent DDOS attacks)
Harden SSH server
Fix Open DNS Recursion
Install RKhunter
Install ClamAV (Antivirus)
XInet Servers Hardening (Disable Telnet/Finger or unwanted services)
Securing PHP
PortsEntry (tool to detect portscans)
Harden host.conf (against IP spoofing)
Check User Uploaded files
Secure /tmp Folders (noexec, nosuid)
This tutorial guide covers only basic linux server security tips intended for linux learners. I am writing this guide assuming that you are running Centos 5 or later versions.
Install Firewall
The very first first step on securing a server is installing a firewall (atleast IP tables based) to close all unused or unwanted ports. Once the firewall is installed it is often considered 50% of work done. You can install CSF firewall or APF firewall. Often BFD (brute force detection) utilities comes with firewall.
We will install CSF (Config security firewall) as it is easy to install with plenty of features and easily integrated to CPanel (if you are running)
wget http://www.configserver.com/free/csf.tgz
tar zxf csf.tar.gz
sh /csf/install.sh
Follow the installer and once installed, you can start the firewall.
csf -s
// start the firewall
csf -r
// restart the firewall
csf -f
// flush the rules or stop the firewall.
You can see the full installing tutorial here
Harden SSH server
Very often you will see SSH attacks from various bots trying to get access to your server by connected to port 22 with unlimited number of login attempts to break in to your system. Imagine attacks coming from different IPs can put lot of load in you server. You can trace those failed attempts by checking your log file
cat /var/log/secure
cat /var/log/messages
To harden your SSH server,
* Run SSH on other port rather than default port 22
* Disable Root login
* Use only protocol 2
* Enable Public key authentication.
You can see the full SSH hardening tutorial here
Disable Telnet & Other Unused Services
You may want to disable services like telnet, finger and other unwanted services running on your server with xinet.
nano /etc/xinetd.d/telnet
// OR
nano /etc/xinetd.d/krb5-telnet
look for lines disable=no and change to disable=yes
chkconfig telnet off
Hardening PHP for Security
PHP is the most popular scripting language for apache and mysql. You will need to disable system level functions in the php configuration file.
nano /usr/local/lib/php.ini
Look for the lines and make sure you have the lines as below..
disable_functions = exec,system,shell_exec,passthru
register_globals = Off
expose_php = Off
magic_quotes_gpc = On
It is best to keep magic_quotes to on as otherwise you forms using POST may be used for SQL injection attacks.
Disable Open DNS Recursion (DNS Server)
If you are running bind DNS server, then you might want to check your dns server statistics with dnstools.com. You dont want to allow recursive lookups to performed on your server other than local IP. It can also slowdown your server.
nano /etc/named.conf
Under Options { place a line
Options {
recursion no;
.....
Then restart the bind
service named restart
You will also need to restrict zone transfers and notifications if you are running Bind 9. Refer to: dns server hardening
Install Mod_Security
ModSecurity is a free open source web application firewall which can help you to guard against LFI (local file inclusion attacks) and SQL injection vulnerabilities.
CPanel Installation:
Just go to Cpanel WHM > Plugins > Enable Mod_Security > Save
Source Installation:
That should install mod security in your cpanel. Under apache it should show under installed modules if you run test.php with phpinfo() in it. Try adding some mod security rules. Installing mod_security could be sometimes complicated. Dont use apxs for compiling mod_security as it causes number of problems.
Note: Mod_security needs libxml2 and http-devel libraries before it can be installed. It also requires mod_unique_id enabled in apache modules. To install mod_unique_id, you have to place
LoadModule unique_id_module modules/mod_unique_id.so
in your httpd.conf file.
yum install libxml2 libxml2-devel httpd-devel
Download the latest version of mod_security for apache2 from http://www.modsecurity.org
wget http://www.modsecurity.org/download/modsecurity-apache_2.1.7.tar.gz
tar zxf modsecurity-apache_2.5.4.tar.gz
cd modsecurity-apache_2.5.4
cd apache2
Then
If you cannot find ./configure then you will need to edit Makefile and make change to top_dir = /usr/lib/httpd (for centos)
make
make install
Next, copy the rule files depending on which you want (you can also select minimal rules file which comes with source). Make a directory named modsecurity under /etc/httpd/conf and copy all the modsecurity rules there. Finally include those files in the httpd.conf file
# /etc/httpd/conf/httpd.conf
LoadModule unique_id_module modules/mod_unique_id.so
LoadFile /usr/lib/libxml2.so
LoadModule security2_module modules/mod_security2.so
Include conf/modsecurity/*.conf
Then
/etc/init.d/httpd restart
Log Files
Watch for log files to detect any errors or intrusion activity
/var/log/httpd/modsec_audit
/var/log/httpd/error_log
If you get any errors, i have compiled a list of errors while compiling. see here
Install Mod_Evasive
ModEvasive module for apache offers protection against DDOS (denial of service attacks) in your server.
wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
tar zxf mode_evasive-1.10.1.tar.gz
cd mod_evasive
then run the following command for apache2...
> /usr/sbin/apxs -cia mod_evasive20.c
Once mod evasive is installed, place the following lines in your /etc/httpd/conf/httpd.conf
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
Follow the instructions in the README for more tuning of mod_evasive. This will compile, install and activate the module in your server.
Install RkHunter (Rootkit)
RkHunter is a rootkit scanner scans for vulnerabilities, insecure files, backdoors in your system and reports it so that you can further harden the server. Installing RkHunter is very easy!
yum install rkhunter
To run checks in your system
rkhunter --checkall
OR
rkhunter -c
You can find what command options are available under rkhunter by issuing this help command
> rkhunter --help
Install PortsEntry
Portsentry is a tool to detect port scans and log it. Download the sorce package of portsentry from sourceforge.net
wget http://path/to/portsentry-1.2.tar.gz
tar zxf portsentry-1.2.tar.gz
make linux
make install
If you get errors like while compiling
make linux
SYSTYPE=linux
Making
gcc -O -Wall -DLINUX -DSUPPORT_STEALTH -o ./portsentry ./portsentry.c \
./portsentry_io.c ./portsentry_util.c
./portsentry.c: In function 'PortSentryModeTCP':
./portsentry.c:1187: warning: pointer targets in passing argument 3 of 'accept' differ in signedness
./portsentry.c: In function 'PortSentryModeUDP':
./portsentry.c:1384: warning: pointer targets in passing argument 6 of 'recvfrom' diffe r in signedness
./portsentry.c: In function 'Usage':
./portsentry.c:1584: error: missing terminating " character
./portsentry.c:1585: error: 'sourceforget' undeclared (first use in this function)
./portsentry.c:1585: error: (Each undeclared identifier is reported only once
./portsentry.c:1585: error: for each function it appears in.)
./portsentry.c:1585: error: expected ')' before 'dot'
./portsentry.c:1585: error: stray '\' in program
./portsentry.c:1585: error: missing terminating " character
./portsentry.c:1595: error: expected ';' before '}' token
make: *** [linux] Error 1
To fix:
Open portsentry.c and look for the following line. There will be a extra carriage return breaking the line and you have to delete the carriage return and make single line. It should look like below.
printf ("Copyright 1997-2003 Craig H. Rowland\n");
Then run make and make install. That should fix it!
To launch portsentry
/usr/local/psionic/portsentry/portsentry -stcp
/usr/local/psionic/portsentry/portsentry -sudp
check the log files /var/log/secure on what portsentry is active or not.
Prevent IP Spoofing
IP spoofing is a security exploit and can be prevented from placing nospoof on in host.conf file. Edit the host.conf file and place the following lines. If you run dns bind, give it preference.
order bind,hosts
nospoof on
Install ClamAV
Antivirus protection is the last thing you need for your security to protect against worms and trojans invading your mailbox and files! Just install clamav (a free open source antivirus software for linux). More information can be found on clamav website
yum install clamav
Once you have installed clamav in your centos…here are some of the basic commands using the software..
1. To update the antivirus database
> freshclam
2. To run antivirus
clamav -r /home
3. Running as Cron Daily Job
To run antivirus as a cron job (automatically scan daily) just run crontab -e from your command line. Then add the following line and save the file.
02 1 * * * root clamscan -R /var/www
This will run the cron job daily @ 1.02 AM by scanning the public html. You can change the folder to whatever you want for mail etc.
Thats it! Always keep an eye for log files for any attacks or error messages!
You can also post comments in my blog
Back to home
Basic Linux Server Security
Install Firewall (APF or CSF Firewall with BFD)
ModSecurity (Web application firewall)
ModEvasive (Prevent DDOS attacks)
Harden SSH server
Fix Open DNS Recursion
Install RKhunter
Install ClamAV (Antivirus)
XInet Servers Hardening (Disable Telnet/Finger or unwanted services)
Securing PHP
PortsEntry (tool to detect portscans)
Harden host.conf (against IP spoofing)
Check User Uploaded files
Secure /tmp Folders (noexec, nosuid)
This tutorial guide covers only basic linux server security tips intended for linux learners. I am writing this guide assuming that you are running Centos 5 or later versions.
Install Firewall
The very first first step on securing a server is installing a firewall (atleast IP tables based) to close all unused or unwanted ports. Once the firewall is installed it is often considered 50% of work done. You can install CSF firewall or APF firewall. Often BFD (brute force detection) utilities comes with firewall.
We will install CSF (Config security firewall) as it is easy to install with plenty of features and easily integrated to CPanel (if you are running)
wget http://www.configserver.com/free/csf.tgz
tar zxf csf.tar.gz
sh /csf/install.sh
Follow the installer and once installed, you can start the firewall.
csf -s
// start the firewall
csf -r
// restart the firewall
csf -f
// flush the rules or stop the firewall.
You can see the full installing tutorial here
Harden SSH server
Very often you will see SSH attacks from various bots trying to get access to your server by connected to port 22 with unlimited number of login attempts to break in to your system. Imagine attacks coming from different IPs can put lot of load in you server. You can trace those failed attempts by checking your log file
cat /var/log/secure
cat /var/log/messages
To harden your SSH server,
* Run SSH on other port rather than default port 22
* Disable Root login
* Use only protocol 2
* Enable Public key authentication.
You can see the full SSH hardening tutorial here
Disable Telnet & Other Unused Services
You may want to disable services like telnet, finger and other unwanted services running on your server with xinet.
nano /etc/xinetd.d/telnet
// OR
nano /etc/xinetd.d/krb5-telnet
look for lines disable=no and change to disable=yes
chkconfig telnet off
Hardening PHP for Security
PHP is the most popular scripting language for apache and mysql. You will need to disable system level functions in the php configuration file.
nano /usr/local/lib/php.ini
Look for the lines and make sure you have the lines as below..
disable_functions = exec,system,shell_exec,passthru
register_globals = Off
expose_php = Off
magic_quotes_gpc = On
It is best to keep magic_quotes to on as otherwise you forms using POST may be used for SQL injection attacks.
Disable Open DNS Recursion (DNS Server)
If you are running bind DNS server, then you might want to check your dns server statistics with dnstools.com. You dont want to allow recursive lookups to performed on your server other than local IP. It can also slowdown your server.
nano /etc/named.conf
Under Options { place a line
Options {
recursion no;
.....
Then restart the bind
service named restart
You will also need to restrict zone transfers and notifications if you are running Bind 9. Refer to: dns server hardening
Install Mod_Security
ModSecurity is a free open source web application firewall which can help you to guard against LFI (local file inclusion attacks) and SQL injection vulnerabilities.
CPanel Installation:
Just go to Cpanel WHM > Plugins > Enable Mod_Security > Save
Source Installation:
That should install mod security in your cpanel. Under apache it should show under installed modules if you run test.php with phpinfo() in it. Try adding some mod security rules. Installing mod_security could be sometimes complicated. Dont use apxs for compiling mod_security as it causes number of problems.
Note: Mod_security needs libxml2 and http-devel libraries before it can be installed. It also requires mod_unique_id enabled in apache modules. To install mod_unique_id, you have to place
LoadModule unique_id_module modules/mod_unique_id.so
in your httpd.conf file.
yum install libxml2 libxml2-devel httpd-devel
Download the latest version of mod_security for apache2 from http://www.modsecurity.org
wget http://www.modsecurity.org/download/modsecurity-apache_2.1.7.tar.gz
tar zxf modsecurity-apache_2.5.4.tar.gz
cd modsecurity-apache_2.5.4
cd apache2
Then
If you cannot find ./configure then you will need to edit Makefile and make change to top_dir = /usr/lib/httpd (for centos)
make
make install
Next, copy the rule files depending on which you want (you can also select minimal rules file which comes with source). Make a directory named modsecurity under /etc/httpd/conf and copy all the modsecurity rules there. Finally include those files in the httpd.conf file
# /etc/httpd/conf/httpd.conf
LoadModule unique_id_module modules/mod_unique_id.so
LoadFile /usr/lib/libxml2.so
LoadModule security2_module modules/mod_security2.so
Include conf/modsecurity/*.conf
Then
/etc/init.d/httpd restart
Log Files
Watch for log files to detect any errors or intrusion activity
/var/log/httpd/modsec_audit
/var/log/httpd/error_log
If you get any errors, i have compiled a list of errors while compiling. see here
Install Mod_Evasive
ModEvasive module for apache offers protection against DDOS (denial of service attacks) in your server.
wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
tar zxf mode_evasive-1.10.1.tar.gz
cd mod_evasive
then run the following command for apache2...
> /usr/sbin/apxs -cia mod_evasive20.c
Once mod evasive is installed, place the following lines in your /etc/httpd/conf/httpd.conf
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
Follow the instructions in the README for more tuning of mod_evasive. This will compile, install and activate the module in your server.
Install RkHunter (Rootkit)
RkHunter is a rootkit scanner scans for vulnerabilities, insecure files, backdoors in your system and reports it so that you can further harden the server. Installing RkHunter is very easy!
yum install rkhunter
To run checks in your system
rkhunter --checkall
OR
rkhunter -c
You can find what command options are available under rkhunter by issuing this help command
> rkhunter --help
Install PortsEntry
Portsentry is a tool to detect port scans and log it. Download the sorce package of portsentry from sourceforge.net
wget http://path/to/portsentry-1.2.tar.gz
tar zxf portsentry-1.2.tar.gz
make linux
make install
If you get errors like while compiling
make linux
SYSTYPE=linux
Making
gcc -O -Wall -DLINUX -DSUPPORT_STEALTH -o ./portsentry ./portsentry.c \
./portsentry_io.c ./portsentry_util.c
./portsentry.c: In function 'PortSentryModeTCP':
./portsentry.c:1187: warning: pointer targets in passing argument 3 of 'accept' differ in signedness
./portsentry.c: In function 'PortSentryModeUDP':
./portsentry.c:1384: warning: pointer targets in passing argument 6 of 'recvfrom' diffe r in signedness
./portsentry.c: In function 'Usage':
./portsentry.c:1584: error: missing terminating " character
./portsentry.c:1585: error: 'sourceforget' undeclared (first use in this function)
./portsentry.c:1585: error: (Each undeclared identifier is reported only once
./portsentry.c:1585: error: for each function it appears in.)
./portsentry.c:1585: error: expected ')' before 'dot'
./portsentry.c:1585: error: stray '\' in program
./portsentry.c:1585: error: missing terminating " character
./portsentry.c:1595: error: expected ';' before '}' token
make: *** [linux] Error 1
To fix:
Open portsentry.c and look for the following line. There will be a extra carriage return breaking the line and you have to delete the carriage return and make single line. It should look like below.
printf ("Copyright 1997-2003 Craig H. Rowland
Then run make and make install. That should fix it!
To launch portsentry
/usr/local/psionic/portsentry/portsentry -stcp
/usr/local/psionic/portsentry/portsentry -sudp
check the log files /var/log/secure on what portsentry is active or not.
Prevent IP Spoofing
IP spoofing is a security exploit and can be prevented from placing nospoof on in host.conf file. Edit the host.conf file and place the following lines. If you run dns bind, give it preference.
order bind,hosts
nospoof on
Install ClamAV
Antivirus protection is the last thing you need for your security to protect against worms and trojans invading your mailbox and files! Just install clamav (a free open source antivirus software for linux). More information can be found on clamav website
yum install clamav
Once you have installed clamav in your centos…here are some of the basic commands using the software..
1. To update the antivirus database
> freshclam
2. To run antivirus
clamav -r /home
3. Running as Cron Daily Job
To run antivirus as a cron job (automatically scan daily) just run crontab -e from your command line. Then add the following line and save the file.
02 1 * * * root clamscan -R /var/www
This will run the cron job daily @ 1.02 AM by scanning the public html. You can change the folder to whatever you want for mail etc.
Thats it! Always keep an eye for log files for any attacks or error messages!
You can also post comments in my blog
Back to home
Tuesday, August 3, 2010
HTTPD
ipcs -s | grep apache | perl -e 'while () { @a=split(/\s+/); print `ipcrm sem $a[1]`}'
ipcs -s | grep apache | perl -e
ipcs -s | grep apache
ipcrm -s 16449538 16482307 16678916
netstat -lnp | grep '0.0.0.0:80'
fuser -v /usr/bin/perl
netstat -tn | grep :80
ipcs -s | grep apache | perl -e
ipcs -s | grep apache
ipcrm -s 16449538 16482307 16678916
netstat -lnp | grep '0.0.0.0:80'
fuser -v /usr/bin/perl
netstat -tn | grep :80
Monday, June 14, 2010
Hsphere paths
1. Server Document Root
/hsphere/shared/apache/htdocs/
2. User HD
/hsphere/local/home/
3. FTP
/hsphere/local/config/
4. HTTP
/hsphere/local/config/
5. CLAMAV
/hsphere/local/config/mail/
6. SPAMD
/hsphere/local/config/mail/
7. SCRIPTS
/hsphere/shared/scripts/
8. ControlPanel Username
cpanel
9. CP PSOFT Conf files
/hsphere/local/home/cpanel/shiva/
10. CPANEL USER LOGIN
su -
su -l cpanel
11. URCHIN
/hsphere/local/urchin/bin/urchinctl
/usr/local/urchin4/bin/urchinctl
12. PHPMYADMIN
http://webX.ourinternet.us/phpMyAdmin/index.php
(Replace X with the server name)
13. PHPPgADMIN
http://webX.ourinternet.us/phpPgAdmin/index.php
( Replace X with the server name)
14. MySQL
/var/lib/mysql
15. HORDE
/hsphere/shared/apache/htdocs/horde/
16. SQWEBMAIL
/hsphere/shared/apache/htdocs/squirrelmail-1.4.3a/
17. NEW WEBMAIL
/hsphere/shared/apache/htdocs/w* (wm/wmail/webmail)
18. MAILLOG
/var/log/maillog
19. MAILSTATS
/var/hsphere/mail/logs/stats
20. APACHE LOGS
/hsphere/local/var/httpd/logs/
21. HORDE LOG
/hsphere/local/var/horde/log/horde.log
22. HSPHERE LOG
/var/log/hsphere/hsphere.log
23. HSPHERE BILLING
/var/log/hsphere/billing.log
24. CLAMAV
/var/log/clamav.log
25. RKHUNTER
/var/log/rkhunter.log
/hsphere/shared/apache/htdocs/
2. User HD
/hsphere/local/home/
3. FTP
/hsphere/local/config/
4. HTTP
/hsphere/local/config/
5. CLAMAV
/hsphere/local/config/mail/
6. SPAMD
/hsphere/local/config/mail/
7. SCRIPTS
/hsphere/shared/scripts/
8. ControlPanel Username
cpanel
9. CP PSOFT Conf files
/hsphere/local/home/cpanel/shiva/
10. CPANEL USER LOGIN
su -
su -l cpanel
11. URCHIN
/hsphere/local/urchin/bin/urchinctl
/usr/local/urchin4/bin/urchinctl
12. PHPMYADMIN
http://webX.ourinternet.us/phpMyAdmin/index.php
(Replace X with the server name)
13. PHPPgADMIN
http://webX.ourinternet.us/phpPgAdmin/index.php
( Replace X with the server name)
14. MySQL
/var/lib/mysql
15. HORDE
/hsphere/shared/apache/htdocs/horde/
16. SQWEBMAIL
/hsphere/shared/apache/htdocs/squirrelmail-1.4.3a/
17. NEW WEBMAIL
/hsphere/shared/apache/htdocs/w* (wm/wmail/webmail)
18. MAILLOG
/var/log/maillog
19. MAILSTATS
/var/hsphere/mail/logs/stats
20. APACHE LOGS
/hsphere/local/var/httpd/logs/
21. HORDE LOG
/hsphere/local/var/horde/log/horde.log
22. HSPHERE LOG
/var/log/hsphere/hsphere.log
23. HSPHERE BILLING
/var/log/hsphere/billing.log
24. CLAMAV
/var/log/clamav.log
25. RKHUNTER
/var/log/rkhunter.log
Hsphere paths
FTP
/hsphere/local/var/proftpd/xferlog
FTP config file:
/hsphere/shared/config/ftpd/proftpd.conf
Domain Virtual host entry
/hsphere/local/config/httpd/sites
Apache log file
/hsphere/shared/apache2/logs/error_log
PHP error log
/hsphere/shared/apache2/logs/php_error.log
Named
/hsphere/local/var/named
Mail server:
============
To get fulldetails of email account
~vpopmail/bin/vuserinfo msoule@awsna.org
~vpopmail/bin/vdominfo janepaul.com
/hsphere/local/var/vpopmail/domains/janepaul.com
Mail quequ details:
===================
q -s
q -R
q -m
/var/qmail/queue/mess/
/hsphere/local/var/proftpd/xferlog
FTP config file:
/hsphere/shared/config/ftpd/proftpd.conf
Domain Virtual host entry
/hsphere/local/config/httpd/sites
Apache log file
/hsphere/shared/apache2/logs/error_log
PHP error log
/hsphere/shared/apache2/logs/php_error.log
Named
/hsphere/local/var/named
Mail server:
============
To get fulldetails of email account
~vpopmail/bin/vuserinfo msoule@awsna.org
~vpopmail/bin/vdominfo janepaul.com
/hsphere/local/var/vpopmail/domains/janepaul.com
Mail quequ details:
===================
q -s
q -R
q -m
/var/qmail/queue/mess/
Sunday, June 13, 2010
Installing Mod_Throttle on cPanel
Do you need more granular control over some of your clients? Instead of limiting them to a certian amount of bandwidth per month, how about per week, day or even hour? Apache module mod_throttle is the answer.
This Apache module is intended to reduce the load on your server & bandwidth generated by popular virtual hosts, directories, locations, or users according to supported polices (see below) that decide when to delay or refuse requests. Also mod_throttle can track and throttle incoming connections by IP address or by authenticated remote user.
Every request now passes through four levels of throttling, which are: by client's IP address (ThrottleClientIP), by authenticated remote user name (ThrottleRemoteUser), by local user ID (ThrottleUser), and by directory, location, virtual host, or server (ThrottlePolicy).
To install with cPanel, SSH into your server as root and perform the following:
cd /usr/src
wget http://www.snert.com/Software/mod_throttle/mod_throttle312.tgz
tar zxvf mod_throttle312.tgz
cd mod_throttle-3.1.2
pico Makefile
Then edit the line that reads:
APXS=apxs
And change it to read:
APXS=/usr/local/apache/bin/apxs
Save the file and then:
make
make install
service httpd restart
Usage
Best bet is to go to http://www.snert.com/Software/mod_throttle/ and read up on all the options, but I will give you an example of limiting a site, and how to monitor all your throttled sites status.
Edit your /etc/httpd/conf/httpd.conf and locate the virtualhost entry for the site you wish to throttle. Just BEFORE the entry, insert:
ThrottlePolicy Volume 10G 30d
SetHandler throttle-me
The ThrottlePolicy line is the key. The first number is the amount of data and acceptable letters are G, M and K. The second number is the period and acceptable letters are m, w, d, h, and s.
Then restart Apache (service httpd restart).
If you want to be able to see the status of all throttled sites on the server at once, go to the first virtualhost entry in your httpd.conf file (this should be the entry for your server's hostname) and add the following:
SetHandler throttle-status
Then restart Apache again, and you can go to http://host.name.com/throttle-status and see the status of all throttled sites.
Enjoy!
Vijayarajan.A
This Apache module is intended to reduce the load on your server & bandwidth generated by popular virtual hosts, directories, locations, or users according to supported polices (see below) that decide when to delay or refuse requests. Also mod_throttle can track and throttle incoming connections by IP address or by authenticated remote user.
Every request now passes through four levels of throttling, which are: by client's IP address (ThrottleClientIP), by authenticated remote user name (ThrottleRemoteUser), by local user ID (ThrottleUser), and by directory, location, virtual host, or server (ThrottlePolicy).
To install with cPanel, SSH into your server as root and perform the following:
cd /usr/src
wget http://www.snert.com/Software/mod_throttle/mod_throttle312.tgz
tar zxvf mod_throttle312.tgz
cd mod_throttle-3.1.2
pico Makefile
Then edit the line that reads:
APXS=apxs
And change it to read:
APXS=/usr/local/apache/bin/apxs
Save the file and then:
make
make install
service httpd restart
Usage
Best bet is to go to http://www.snert.com/Software/mod_throttle/ and read up on all the options, but I will give you an example of limiting a site, and how to monitor all your throttled sites status.
Edit your /etc/httpd/conf/httpd.conf and locate the virtualhost entry for the site you wish to throttle. Just BEFORE the entry, insert:
ThrottlePolicy Volume 10G 30d
SetHandler throttle-me
The ThrottlePolicy line is the key. The first number is the amount of data and acceptable letters are G, M and K. The second number is the period and acceptable letters are m, w, d, h, and s.
Then restart Apache (service httpd restart).
If you want to be able to see the status of all throttled sites on the server at once, go to the first virtualhost entry in your httpd.conf file (this should be the entry for your server's hostname) and add the following:
SetHandler throttle-status
Then restart Apache again, and you can go to http://host.name.com/throttle-status and see the status of all throttled sites.
Enjoy!
Vijayarajan.A
How to install PRM (Process Resource Monitor)
PRM monitors the process table on a given system and matches process id's with set resource limits in the config file or per-process based rules. Process id's that match or exceed the set limits are logged and killed; includes e-mail alerts, kernel loggin
PRM (Process Resource Monitor)
Introduction
PRM monitors the process table on a given system and matches process id's with set resource limits in the config file or per-process based rules. Process id's that match or exceed the set limits are logged and killed; includes e-mail alerts, kernel logging routine and more...
How it works?
PRM works on the basis that once a process id is found matching resource limits; there is a corresponding trigger and wait value. The trigger value increments upwards from zero (0) to the defined value, pausing the duration of seconds defined as wait value. There after the status of the flagged pid is checked again, if still above or equal to resource limits the trigger/wait cycle begins again till the max trigger value is reached. When this trigger value is reached the given process is logged/killed.
This all together has the effect that applications with short burst resource spikes (e.g: apache, mysql etc..) are not killed; but rather on applications with prolonged resource consumption. Using the rule system, you can define different wait/trigger/resource values for any application.
Installation
First we must fetch the package:
wget http://www.rfxnetworks.com/downloads/prm-current.tar.gz
And extract it:
tar xvfz prm-current.tar.gz
The current version of prm as of this writing is 0.3, so lets cd to the 0.3 extracted path:
cd prm-0.3/
And finally run the enclosed install.sh script:
./install.sh
Configuration
The prm installation is located at '/usr/local/prm', and the configuration file is labeled 'conf.prm'.
Open the '/usr/local/prm/conf.prm' file with your preferred editor. There is an array of options in this file but we will only be focusing on the main variables.
Lets skip down to the user e-mail alert's section and set the USR_ALERT value to '1'; enabling alerts.
# enable user e-mail alerts [0=disabled,1=enabled] USR_ALERT="1"
And configure our e-mail addresses for alerts:
# e-mail address for alerts USR_ADDR="root, you@domain.com"
Check the 5,10, or 15 minute load average; relative to the later option below for min. load level.
# check 5,10,15 minute load average. [1,2,3 respective of 5,10,15] LC="1"
PRM optionally has a required load average for running. If the load is not equal to or greater than this value; PRM will not run. Setting this value to zero will force the script to always run but this should not be needed.
# min load level required to run (decimal values unsupported) MIN_LOAD="1"
This is the introduction described wait value, used for pauses between trigger increments. The value of wait multiplied by the value of kill_trig equal the duration of time before a process is killed (10x3=30seconds).
# seconds to wait before rechecking a flagged pid (pid's noted resource # intensive but not yet killed). WAIT="10"
The trigger limit before processes are killed, described in detail in the above 'wait' description and introduction.
# counter limit that a process must reach prior to kill. The counter value # increases for a process flagged resource intensive on rechecks. KILL_TRIG="3"
The max percentage of CPU a process should be allowed to use before PRM flags it for killing.
# Max CPU usage readout for a process - % of all cpu resources (decimal values unsupported) MAXCPU="35"
The max percentage of MEM a process should be allowed to use before PRM flags it for killing.
# Max MEM usage readout for a process - % of system total memory (decimal values unsupported) MAXMEM="15"
That is it; you should tweak the MAXCPU/MAXMEM limits to your desired needs but the defaults should be fine for most.
Usage
The executable program resides in '/usr/local/prm/prm' and '/usr/local/sbin/prm'. The prm executable can receive one of two arguments:
-s Standard run
-q Quiet run
The log path for prm is '/usr/local/prm/prm_log', as well pid specific logs are stored in '/usr/local/prm/killed/'.
A default cronjob for PRM is installed to '/etc/cron.d/prm', and is configured to run once every 5 minutes.
There is a provided ignore file, to ignore processes based on string rules. The ignore file is located at '/usr/local/prm/ignore'. This file supports line separated ignore strings. As a default the strings 'root, named and postgre' are ignored by PRM; this script was not intended to monitor root processes but rather user land tasks. It could easily watch root processes by removing the given line in the ignore file but this is strongly discouraged.
Thanks,
Vijayarajan.A
PRM (Process Resource Monitor)
Introduction
PRM monitors the process table on a given system and matches process id's with set resource limits in the config file or per-process based rules. Process id's that match or exceed the set limits are logged and killed; includes e-mail alerts, kernel logging routine and more...
How it works?
PRM works on the basis that once a process id is found matching resource limits; there is a corresponding trigger and wait value. The trigger value increments upwards from zero (0) to the defined value, pausing the duration of seconds defined as wait value. There after the status of the flagged pid is checked again, if still above or equal to resource limits the trigger/wait cycle begins again till the max trigger value is reached. When this trigger value is reached the given process is logged/killed.
This all together has the effect that applications with short burst resource spikes (e.g: apache, mysql etc..) are not killed; but rather on applications with prolonged resource consumption. Using the rule system, you can define different wait/trigger/resource values for any application.
Installation
First we must fetch the package:
wget http://www.rfxnetworks.com/downloads/prm-current.tar.gz
And extract it:
tar xvfz prm-current.tar.gz
The current version of prm as of this writing is 0.3, so lets cd to the 0.3 extracted path:
cd prm-0.3/
And finally run the enclosed install.sh script:
./install.sh
Configuration
The prm installation is located at '/usr/local/prm', and the configuration file is labeled 'conf.prm'.
Open the '/usr/local/prm/conf.prm' file with your preferred editor. There is an array of options in this file but we will only be focusing on the main variables.
Lets skip down to the user e-mail alert's section and set the USR_ALERT value to '1'; enabling alerts.
# enable user e-mail alerts [0=disabled,1=enabled] USR_ALERT="1"
And configure our e-mail addresses for alerts:
# e-mail address for alerts USR_ADDR="root, you@domain.com"
Check the 5,10, or 15 minute load average; relative to the later option below for min. load level.
# check 5,10,15 minute load average. [1,2,3 respective of 5,10,15] LC="1"
PRM optionally has a required load average for running. If the load is not equal to or greater than this value; PRM will not run. Setting this value to zero will force the script to always run but this should not be needed.
# min load level required to run (decimal values unsupported) MIN_LOAD="1"
This is the introduction described wait value, used for pauses between trigger increments. The value of wait multiplied by the value of kill_trig equal the duration of time before a process is killed (10x3=30seconds).
# seconds to wait before rechecking a flagged pid (pid's noted resource # intensive but not yet killed). WAIT="10"
The trigger limit before processes are killed, described in detail in the above 'wait' description and introduction.
# counter limit that a process must reach prior to kill. The counter value # increases for a process flagged resource intensive on rechecks. KILL_TRIG="3"
The max percentage of CPU a process should be allowed to use before PRM flags it for killing.
# Max CPU usage readout for a process - % of all cpu resources (decimal values unsupported) MAXCPU="35"
The max percentage of MEM a process should be allowed to use before PRM flags it for killing.
# Max MEM usage readout for a process - % of system total memory (decimal values unsupported) MAXMEM="15"
That is it; you should tweak the MAXCPU/MAXMEM limits to your desired needs but the defaults should be fine for most.
Usage
The executable program resides in '/usr/local/prm/prm' and '/usr/local/sbin/prm'. The prm executable can receive one of two arguments:
-s Standard run
-q Quiet run
The log path for prm is '/usr/local/prm/prm_log', as well pid specific logs are stored in '/usr/local/prm/killed/'.
A default cronjob for PRM is installed to '/etc/cron.d/prm', and is configured to run once every 5 minutes.
There is a provided ignore file, to ignore processes based on string rules. The ignore file is located at '/usr/local/prm/ignore'. This file supports line separated ignore strings. As a default the strings 'root, named and postgre' are ignored by PRM; this script was not intended to monitor root processes but rather user land tasks. It could easily watch root processes by removing the given line in the ignore file but this is strongly discouraged.
Thanks,
Vijayarajan.A
Installing LES (Linux Environment Security) on CentOS
[root@centoz ~]# mkdir download
[root@centoz ~]# cd download/
[root@centoz download]# wget http://www.r-fx.ca/downloads/les-current.tar.gz
[root@centoz download]# tar -xzf les-current.tar.gz
[root@centoz download]# cd les-0.2/
[root@centoz les-0.2]# ./install.sh
.: LES installed
Install path: /usr/local/les
Config path: /usr/local/les/conf.les
Executable path: /usr/local/sbin/les
Running LES
[root@centoz les-0.2]# /usr/local/sbin/les -ea
You can try other options :
-da | --disable-all Disable all options
-ea | --enable-all Enable all options
-sb | --secure-bin Set root only execution of critical binaries
-sp | --secure-path Set root only traversal of critical paths
-sr | --secure-rpmpkg Set immutable on core rpm package binaries
-so | --secure-prof Set immutable on interactive login profiles
-sd | --secure-devel Set access to devel utils for group deva & root
[root@centoz ~]# cd download/
[root@centoz download]# wget http://www.r-fx.ca/downloads/les-current.tar.gz
[root@centoz download]# tar -xzf les-current.tar.gz
[root@centoz download]# cd les-0.2/
[root@centoz les-0.2]# ./install.sh
.: LES installed
Install path: /usr/local/les
Config path: /usr/local/les/conf.les
Executable path: /usr/local/sbin/les
Running LES
[root@centoz les-0.2]# /usr/local/sbin/les -ea
You can try other options :
-da | --disable-all Disable all options
-ea | --enable-all Enable all options
-sb | --secure-bin Set root only execution of critical binaries
-sp | --secure-path Set root only traversal of critical paths
-sr | --secure-rpmpkg Set immutable on core rpm package binaries
-so | --secure-prof Set immutable on interactive login profiles
-sd | --secure-devel Set access to devel utils for group deva & root
LSM (Linux Socket Monitor) Installation
INSTALLATION
wget http://rfxnetworks.com/downloads/lsm-current.tar.gz
tar -zxvf lsm-current.tar.gz
cd lsm-0.*
./install.sh
/usr/local/sbin/lsm -g
LSM Testing
/usr/local/sbin/lsm -c
=====================
1) What is LSM ?
-LSM is a bash scripted network socket monitor. It is designed to track
changes to Network sockets and Unix domain sockets.
A comprehensive alert system, simple program usage & installation make LSM
ideal for deployment in any linux environment (geared for web servers). Using
a rather simple yet logical structure, LSM identifies changes in both
Network Sockets and Unix Domain Sockets. By recording a base set of what
sockets should be active then comparing the currently active socket informationto that of the base comparison files, we highlight otherwise unknown services.
LSM will ignore services that are currently holding sockets open. Events are
only applicable when a 'new' socket is created, be it UDS Stream Socket or TCPNetwork Socket, LSM will identify it. Currently LSM does not track DGRAM Unix Domain Sockets.
2) Setup:
-To setup LSM, simply execute the 'install.sh' script inside the extraced path.
This will install LSM to /usr/local/lsm, and symlink its executable to
/usr/local/sbin/lsm. As well, there will be a cron.d entry added to
/etc/cron.d/lsm, set to run it once every 10 minutes.
3) Usage:
LSM has 3 arguments that perform the following operations respectivly:
-g Generate base comparision files
-c Compare current socket information to comparision files
-d Delete base comparision files
Upon installation, LSM generates its base comparison files, but we recommend
you manualy do so to ensure it has been done.
Thanks,
Vijayarajan.A
wget http://rfxnetworks.com/downloads/lsm-current.tar.gz
tar -zxvf lsm-current.tar.gz
cd lsm-0.*
./install.sh
/usr/local/sbin/lsm -g
LSM Testing
/usr/local/sbin/lsm -c
=====================
1) What is LSM ?
-LSM is a bash scripted network socket monitor. It is designed to track
changes to Network sockets and Unix domain sockets.
A comprehensive alert system, simple program usage & installation make LSM
ideal for deployment in any linux environment (geared for web servers). Using
a rather simple yet logical structure, LSM identifies changes in both
Network Sockets and Unix Domain Sockets. By recording a base set of what
sockets should be active then comparing the currently active socket informationto that of the base comparison files, we highlight otherwise unknown services.
LSM will ignore services that are currently holding sockets open. Events are
only applicable when a 'new' socket is created, be it UDS Stream Socket or TCPNetwork Socket, LSM will identify it. Currently LSM does not track DGRAM Unix Domain Sockets.
2) Setup:
-To setup LSM, simply execute the 'install.sh' script inside the extraced path.
This will install LSM to /usr/local/lsm, and symlink its executable to
/usr/local/sbin/lsm. As well, there will be a cron.d entry added to
/etc/cron.d/lsm, set to run it once every 10 minutes.
3) Usage:
LSM has 3 arguments that perform the following operations respectivly:
-g Generate base comparision files
-c Compare current socket information to comparision files
-d Delete base comparision files
Upon installation, LSM generates its base comparison files, but we recommend
you manualy do so to ensure it has been done.
Thanks,
Vijayarajan.A
Friday, June 4, 2010
Spam control configuration
log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn \
Sunday, May 30, 2010
Wordpress
Detailed Instructions
Overview of the Upgrade Process
1. Backup your database. Read Backing Up Your Database for a detailed explanation.
2. Backup ALL your WordPress files in your WordPress directory. Don't forget your .htaccess file.
3. Verify the backups you created are there and usable. This is essential.
4. Deactivate ALL your Plugins.
5. Ensure first four steps are completed. Do not attempt the upgrade unless you have completed the first four steps.
6. Download and extract the WordPress package from http://wordpress.org/download/.
7. Delete the old WordPress files on your site, but DO NOT DELETE
* wp-config.php file;
* wp-content folder; Special Exception: the wp-content/cache and the wp-content/plugins/widgets folders should be deleted.
* wp-images folder;
* wp-includes/languages/ folder--if you are using a language file do not delete that folder;
* .htaccess file--if you have added custom rules to your .htaccess, do not delete it;
* robots.txt file--if your blog lives in the root of your site (ie. the blog is the site) and you have created such a file, do not delete it.
8. Upload the new files from your computer's hard drive to the appropriate WordPress folder on your site.
9. Run the WordPress upgrade program and follow the instructions on the screen.
10. Update Permalinks and .htaccess. Update your Permalink Structure and merge the custom rules, if necessary, into your .htaccess file.
11. Install updated Plugins and Themes. Please review the list of Plugins that work in Version 2.9.2. Check for Theme Compatibility with 2.9.2 and ask your Theme author for any new version.
12. Reactivate Plugins
13. Add security key definitions to the wp-config.php file
14. Review what has changed in WordPress.
That's the overview of the upgrade process. Please continue reading the Detailed Upgrade Instructions.
Remember, if you do encounter problems, re-read the Instructions below to insure you've followed the proper procedures and consult Troubleshooting: Common Installation Problems.
Overview of the Upgrade Process
1. Backup your database. Read Backing Up Your Database for a detailed explanation.
2. Backup ALL your WordPress files in your WordPress directory. Don't forget your .htaccess file.
3. Verify the backups you created are there and usable. This is essential.
4. Deactivate ALL your Plugins.
5. Ensure first four steps are completed. Do not attempt the upgrade unless you have completed the first four steps.
6. Download and extract the WordPress package from http://wordpress.org/download/.
7. Delete the old WordPress files on your site, but DO NOT DELETE
* wp-config.php file;
* wp-content folder; Special Exception: the wp-content/cache and the wp-content/plugins/widgets folders should be deleted.
* wp-images folder;
* wp-includes/languages/ folder--if you are using a language file do not delete that folder;
* .htaccess file--if you have added custom rules to your .htaccess, do not delete it;
* robots.txt file--if your blog lives in the root of your site (ie. the blog is the site) and you have created such a file, do not delete it.
8. Upload the new files from your computer's hard drive to the appropriate WordPress folder on your site.
9. Run the WordPress upgrade program and follow the instructions on the screen.
10. Update Permalinks and .htaccess. Update your Permalink Structure and merge the custom rules, if necessary, into your .htaccess file.
11. Install updated Plugins and Themes. Please review the list of Plugins that work in Version 2.9.2. Check for Theme Compatibility with 2.9.2 and ask your Theme author for any new version.
12. Reactivate Plugins
13. Add security key definitions to the wp-config.php file
14. Review what has changed in WordPress.
That's the overview of the upgrade process. Please continue reading the Detailed Upgrade Instructions.
Remember, if you do encounter problems, re-read the Instructions below to insure you've followed the proper procedures and consult Troubleshooting: Common Installation Problems.
Image magick
Install ImageMagick and Imagick on Cpanel Server
May 12th, 2009 · 9 Comments
Here’s a quick how-to for installing ImageMagick and Imagick on Cpanel server. I will cover only the procedure using the Cpanel built-in scripts, although you can also install it the usual way (rpm or source install). ImageMagick is the application for working with images while the Imagick is a PHP extention to modify/create images using the ImageMagick API.
Installation:
ImageMagick
Check first if it’s installed:
/scripts/checkimagemagick
Proceed with Installation:
/scripts/installimagemagick
Installation will take a couple minutes as it will install other packages needed by ImageMagick. After the installation, you can check your ImageMagick version:
/usr/bin/convert --version
It will give you something like:
Version: ImageMagick 6.4.8 2009-05-11 Q16 OpenMP http://www.imagemagick.org
Copyright: Copyright (C) 1999-2009 ImageMagick Studio LLC
Imagick
Go to WHM -> Software -> Module Installers -> PHP Pecl (manage). On the box below “Install a PHP Pecl” enter “imagick” and click “Install Now” button – that’s all.
Restart Apache and check your phpinfo page to see the details of Imagick and ImageMagick as well. See linked images for reference: image1, image2.
Uninstall:
If you decide to uninstall it’s as easy as the installation process:
ImageMagick: /scripts/cleanimagemagick
Imagick: WHM -> Software -> Module Installers -> PHP Pecl (manage). Click on Uninstall button for Imagick.
Source installation steps
=========================
If you need the version ImageMagick-6.4.9-2 to be installed on your cPanel dedicated server, we have followed the below steps which worked perfectly.
First, download the tar using the below command:
root# wget ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick.tar.gz
root# tar -zxvf ImageMagick.tar.gz
root# cd ImageMagick-6.4.9-2
root#./configure
root# make
root# make install
You can check the path for the installed ImageMagick by the command:
root# which convert
/usr/local/bin/convert
root# convert -v | head -n 1 | cut -c 22-26
6.4.9
OR
root# convert -v | grep Version:
Version: ImageMagick 6.4.9-2 2009-02-07 Q16 OpenMP http://www.imagemagick.org
That’s it!
==========================================================================================
Method 2
Installing ImageMagick 6.3.8 on a cPanel Server
Written by wiredgorilla
Wednesday, 23 January 2008
This tutorial will give you a little step by step manual of how to upgrade and properly install ImageMagick on you cPanel server without having to manually compile Apache
Firstly we need to talke notice that the new easyApache version 3 does not incude ImageMagick as an additional install option in PHP, so here are the steps we performed to get that magic wand happening again.
1/ downolad ImageMagic 6.3.8. onto your server by using
wget ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick-6.4.3-6.zip
unzip ImageMagick-6.4.3-6.zip
go into the directory
cd ImageMagick-6.4.3-6
the default should be fine , but you can always check other options here Install-unix.txt
anyways, default install is simple
./configure
make install
Both of the commands can take a little while , but either way this should have installed ImageMagick 6.3.8 now. And now to finish the process
cd PerlMagick/
perl Makefile.PL
make
make install
BUT HOLD ON, this is not it yet!
We need to get it locked into PHP !
The new WHM has a fantastic utility to complete the task.
Log into WHM >> Software >> Module Installers >> PHP Pecl and install imagick to get the whole thing binding into PHP and making your applications gell ! :)
Below you can find a pic in WHM
That should be it, if by any chance you hot a problem with a 64 bit OS and WHM can not find imagick then install it manually, by following the steps below
Firstly install ImageMagick-devel
yum -y install ImageMagick-devel
Assuming ImageMagick-devel is installed, you need to download the Imagick PHP extensions, located here: http://pecl.php.net/package/imagick
Latest version, as of this post, is imagick-2.2.0
wget http://pecl.php.net/get/imagick-2.2.0.tgz
Place this package in your home directory. Then, in a shell console, type
tar -zxvf imagick-2.2.0 .tgz
while in the home directory (don't type the quotes)
Then type the following commands:
cd imagick-2.2.0
phpize
./configure
make
make install
Now go back into WHM and try to activate imagick again
===========================================================================================
May 12th, 2009 · 9 Comments
Here’s a quick how-to for installing ImageMagick and Imagick on Cpanel server. I will cover only the procedure using the Cpanel built-in scripts, although you can also install it the usual way (rpm or source install). ImageMagick is the application for working with images while the Imagick is a PHP extention to modify/create images using the ImageMagick API.
Installation:
ImageMagick
Check first if it’s installed:
/scripts/checkimagemagick
Proceed with Installation:
/scripts/installimagemagick
Installation will take a couple minutes as it will install other packages needed by ImageMagick. After the installation, you can check your ImageMagick version:
/usr/bin/convert --version
It will give you something like:
Version: ImageMagick 6.4.8 2009-05-11 Q16 OpenMP http://www.imagemagick.org
Copyright: Copyright (C) 1999-2009 ImageMagick Studio LLC
Imagick
Go to WHM -> Software -> Module Installers -> PHP Pecl (manage). On the box below “Install a PHP Pecl” enter “imagick” and click “Install Now” button – that’s all.
Restart Apache and check your phpinfo page to see the details of Imagick and ImageMagick as well. See linked images for reference: image1, image2.
Uninstall:
If you decide to uninstall it’s as easy as the installation process:
ImageMagick: /scripts/cleanimagemagick
Imagick: WHM -> Software -> Module Installers -> PHP Pecl (manage). Click on Uninstall button for Imagick.
Source installation steps
=========================
If you need the version ImageMagick-6.4.9-2 to be installed on your cPanel dedicated server, we have followed the below steps which worked perfectly.
First, download the tar using the below command:
root# wget ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick.tar.gz
root# tar -zxvf ImageMagick.tar.gz
root# cd ImageMagick-6.4.9-2
root#./configure
root# make
root# make install
You can check the path for the installed ImageMagick by the command:
root# which convert
/usr/local/bin/convert
root# convert -v | head -n 1 | cut -c 22-26
6.4.9
OR
root# convert -v | grep Version:
Version: ImageMagick 6.4.9-2 2009-02-07 Q16 OpenMP http://www.imagemagick.org
That’s it!
==========================================================================================
Method 2
Installing ImageMagick 6.3.8 on a cPanel Server
Written by wiredgorilla
Wednesday, 23 January 2008
This tutorial will give you a little step by step manual of how to upgrade and properly install ImageMagick on you cPanel server without having to manually compile Apache
Firstly we need to talke notice that the new easyApache version 3 does not incude ImageMagick as an additional install option in PHP, so here are the steps we performed to get that magic wand happening again.
1/ downolad ImageMagic 6.3.8. onto your server by using
wget ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick-6.4.3-6.zip
unzip ImageMagick-6.4.3-6.zip
go into the directory
cd ImageMagick-6.4.3-6
the default should be fine , but you can always check other options here Install-unix.txt
anyways, default install is simple
./configure
make install
Both of the commands can take a little while , but either way this should have installed ImageMagick 6.3.8 now. And now to finish the process
cd PerlMagick/
perl Makefile.PL
make
make install
BUT HOLD ON, this is not it yet!
We need to get it locked into PHP !
The new WHM has a fantastic utility to complete the task.
Log into WHM >> Software >> Module Installers >> PHP Pecl and install imagick to get the whole thing binding into PHP and making your applications gell ! :)
Below you can find a pic in WHM
That should be it, if by any chance you hot a problem with a 64 bit OS and WHM can not find imagick then install it manually, by following the steps below
Firstly install ImageMagick-devel
yum -y install ImageMagick-devel
Assuming ImageMagick-devel is installed, you need to download the Imagick PHP extensions, located here: http://pecl.php.net/package/imagick
Latest version, as of this post, is imagick-2.2.0
wget http://pecl.php.net/get/imagick-2.2.0.tgz
Place this package in your home directory. Then, in a shell console, type
tar -zxvf imagick-2.2.0 .tgz
while in the home directory (don't type the quotes)
Then type the following commands:
cd imagick-2.2.0
phpize
./configure
make
make install
Now go back into WHM and try to activate imagick again
===========================================================================================
Saturday, May 29, 2010
Mysql issue
root@cpmouse [/var/lib/mysql]# ll
total 20556
drwxr-xr-x 4 mysql mysql 4096 May 30 04:29 ./
drwxr-xr-x 29 root root 4096 May 30 04:21 ../
-rw-rw---- 1 mysql root 5378 May 30 04:29 cpmouse.ecdsystem.com.err
-rw-rw---- 1 mysql mysql 5 May 30 04:29 cpmouse.ecdsystem.com.pid
-rw-rw---- 1 mysql mysql 5 May 30 04:28 cpmouse.pid
-rw-rw---- 1 mysql mysql 10485760 May 30 04:29 ibdata1
-rw-rw---- 1 mysql mysql 5242880 May 30 04:29 ib_logfile0
-rw-rw---- 1 mysql mysql 5242880 May 30 04:26 ib_logfile1
drwx--x--x 2 mysql mysql 4096 May 30 04:22 mysql/ - contain mysql user privilege
srwxrwxrwx 1 mysql mysql 0 May 30 04:29 mysql.sock=
drwxr-xr-x 2 mysql mysql 4096 May 30 04:21 test/
/var/lib/mysql - remove
/usr/sbin/mysqd - remove
grant all privileges on virus_UC.* to virus_UC@localhost identified by '04241988';
/scripts/mysqlup --force
/var/cpanel/cpanel.config
total 20556
drwxr-xr-x 4 mysql mysql 4096 May 30 04:29 ./
drwxr-xr-x 29 root root 4096 May 30 04:21 ../
-rw-rw---- 1 mysql root 5378 May 30 04:29 cpmouse.ecdsystem.com.err
-rw-rw---- 1 mysql mysql 5 May 30 04:29 cpmouse.ecdsystem.com.pid
-rw-rw---- 1 mysql mysql 5 May 30 04:28 cpmouse.pid
-rw-rw---- 1 mysql mysql 10485760 May 30 04:29 ibdata1
-rw-rw---- 1 mysql mysql 5242880 May 30 04:29 ib_logfile0
-rw-rw---- 1 mysql mysql 5242880 May 30 04:26 ib_logfile1
drwx--x--x 2 mysql mysql 4096 May 30 04:22 mysql/ - contain mysql user privilege
srwxrwxrwx 1 mysql mysql 0 May 30 04:29 mysql.sock=
drwxr-xr-x 2 mysql mysql 4096 May 30 04:21 test/
/var/lib/mysql - remove
/usr/sbin/mysqd - remove
grant all privileges on virus_UC.* to virus_UC@localhost identified by '04241988';
/scripts/mysqlup --force
/var/cpanel/cpanel.config
Friday, May 28, 2010
BSNL Broadband configuration Linux
BSNL Broadband configuration Linux
I was seeing constant threads at orkut regarding configuration of internet on linux. This guide I hope will help you establish the BSNL broadband connection on your linux box. I assume that you have configured your network interface (if not then I am going to post a similar post regarding howto configure it).
This document is a copy of a document which I saw in late 2004 when I was searching for a howto to configure internet in linux.
This document describes howto setup bsnl broadband service on your gnu/linux server/desktop. It assumes that you are neither linux beginer nor an expert. It assumes that you are aware of basic gnu/linux commands.
I have installed it on redhat 9. I dont find any reason why it would not work on following distributions:
* FC1
* FC2
* FC3
* FC4
* FC5
An unofficial FAQ on Dataone can be found here
Pre-Requisites
* Please ensure that you have connected a working ethernet card which is supported on gnu/linux. Test the ethernet card & ensure that it is working.
* Root access to a gnu/linux box
Before we start, please ensure that you have the following details on hand:
* BSNL Broadband connection -:)
* Username & Password
Using the builtin dialer
A HOWTO with instructions on using the PPPoE builtin dialer of the Huawei SmartAX MT800 ADSL router is available.
The procedure to configure the dialer in UTStarCom UT300R modem is given here
Using RP-PPPOE as dialer
Installation
* As BSNL broadband is using rp-pppoe (Roaring Penguin - Point to Point Over Ethernet), we would be required to download & install this package. This package is normally available on most of the distributions. But, if you are using redhat7.3, please download the following packages:
rpm package command line
rpm package GUI
source code
If you are downloading the tar.gz version, you have to build the rpm first. So, please walk through the following procedure to build the rpm:
Procedure to build RPM from tar.gz.
1. Login as root
2. Download tar.gz version & execute the following commands
# tar -zxvf rp-pppoe-3.5.tar.gz (untar this package)
* This command would untar the package in the current directory.
# cp rp-pppoe-3.5.tar.gz /usr/src/redhat/SOURCES/
# cd rp-pppoe-3.5
* The rpm spec file, rp-pppoe.spec is available in this directory.
# cp rp-pppoe.spec /usr/src/redhat/SPECS/
# cd /usr/src/redhat/SPECS
# rpm -ba rp-pppoe.spec
* The above command would untar the tar.gz package in ../BUILD
directory, compile the package and finally it would create neces
sary rpms in
If everything goes fine, you would see the following or similar message:
Wrote: /usr/src/redhat/SRPMS/rp-pppoe-3.5-1.src.rpm
Wrote: /usr/src/redhat/RPMS/i386/rp-pppoe-3.5-1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/rp-pppoe-gui-3.5-1.i386.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.97349
+ umask 022
+ cd /usr/src/redhat/BUILD
+ cd rp-pppoe-3.5
+ rm -rf /tmp/pppoe-build
+ exit 0
If this is the case, the necessary rpms are successfully created and they are available in appropriate directory.
Source RPMS - /usr/src/redhat/SRPMS/rp-pppoe-3.5-1.src.rpm
Binary RPMS - /usr/src/redhat/RPMS/i386/rp-pppoe-3.5-1.i386.rpm
GUI RPMS - /usr/src/redhat/RPMS/i386/rp-pppoe-gui-3.5-1.i386.rpm
Now, at this stage you are having necessary rpms with you. Either you have downloaded them from the above website. Or you would have built them on your own:
Command Line Version
# rpm -vih rp-pppoe-3.5-1.i386.rpm
It would install the command line version of rp-pppoe package.
GUI Version
# rpm -vih rp-pppoe-gui-3.5-1.i386.rpm
It would install the gui version of rp-pppoe package. If you have successfully installed, then you can proceed to next section.
Configuration
Once you have installed rp-pppoe package, all necessary commands would have been installed.
adsl-setup - to configure the connection parameters
adsl-start - to start the connection
adsl-status - to check status of the connection
adsl-stop - to stop the connection
Now, we are ready to configure the BSNL broadband internet connection.
Here you have to configure the following parameters:
* userid
* network interface (eth0 or ..)
* Demand value (normally you can leave it blank)
* DNS Information (primary & secondary)
* With regard to primary & secondary dns, You can leave it blank, as it would be taken care automatically. If you wish to know the dns details, just complete this wizard and when you run adsl-start, do:
# tail -f /var/log/messages
Mar 15 15:29:48 Gateway pppd[3564]: Remote message: Authentication success,Welcome!
Mar 15 15:29:48 Gateway pppd[3564]: local IP address 59.92.9.154
Mar 15 15:29:48 Gateway pppd[3564]: remote IP address 59.92.8.1
Mar 15 15:29:48 Gateway pppd[3564]: primary DNS address 61.1.96.69
Mar 15 15:29:48 Gateway pppd[3564]: secondary DNS address 61.1.96.71
There it goes! The primary & secondary dns details are found and it would be automatically updated in /etc/resolv.conf.
* Then you should enter the following details:
* Password
* Firewall (set is to 2, MASQUERADE)
* Confirm
* The following is the screen shot of adsl-setup command.
# adsl-setup
Welcome to the Roaring Penguin ADSL client setup. First, I will run
some checks on your system to make sure the PPPoE client is installed
properly...
Looks good! Now, please enter some information:
USER NAME
>>> Enter your PPPoE user name (default test@dataone):
INTERFACE
>>> Enter the Ethernet interface connected to the ADSL modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethn, where 'n' is a number.
(default eth0):
Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped. If you want the link to
stay up permanently, enter 'no' (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses. You may have some problems with demand-activated links.
>>> Enter the demand value (default no):
DNS
Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide DNS addresses',
enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.
>>> Enter the DNS information here: 61.1.128.5
Please enter the IP address of your ISP's secondary DNS server.
If you just press enter, I will assume there is only one DNS server.
>>> Enter the secondary DNS server address here: 61.0.0.5
PASSWORD
>>> Please enter your PPPoE password:
>>> Please re-enter your PPPoE password:
FIREWALLING
Please choose the firewall rules to use. Note that these rules are
very basic. You are strongly encouraged to use a more sophisticated
firewall setup; however, these will provide basic security. If you
are running any servers on your machine, you must choose 'NONE' and
set up firewalling yourself. Otherwise, the firewall rules will deny
access to all standard servers like Web, e-mail, ftp, etc. If you
are using SSH, the rules will block outgoing SSH connections which
allocate a privileged source port.
The firewall choices are:
0 - NONE: This script will not set any firewall rules. You are responsible
for ensuring the security of your machine. You are STRONGLY
recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
for a LAN
>>> Choose a type of firewall (0-2): 2
** Summary of what you entered **
Ethernet Interface: eth0
User name: test@dataone
Activate-on-demand: No
Primary DNS: 61.1.128.5
Secondary DNS: 61.0.0.5
Firewalling: MASQUERADE
>>> Accept these settings and adjust configuration files (y/n)? y
Adjusting /etc/ppp/pppoe.conf
Adjusting /etc/resolv.conf
(But first backing it up to /etc/resolv.conf-bak)
Adjusting /etc/ppp/pap-secrets and /etc/ppp/chap-secrets
(But first backing it up to /etc/ppp/pap-secrets-bak)
(But first backing it up to /etc/ppp/chap-secrets-bak)
Congratulations, it should be all set up!
Type 'adsl-start' to bring up your ADSL link and 'adsl-stop' to bring
it down. Type 'adsl-status' to see the link status.
Internet Connection
Now, if you see this Congrats! message, then you are all set & done. You can type,
# adsl-start ..Connected! #
Thats it. The bsnl broadband setup has been installed & configured.
At this point, you can go through the man pages of appropriate adsl-* commands for details.
Hope this article helps you out in configuring internet on linux specially for the redhat persons. I will soon post a article regarding configuring network interfaces on linux and other stuff related to it.
I was seeing constant threads at orkut regarding configuration of internet on linux. This guide I hope will help you establish the BSNL broadband connection on your linux box. I assume that you have configured your network interface (if not then I am going to post a similar post regarding howto configure it).
This document is a copy of a document which I saw in late 2004 when I was searching for a howto to configure internet in linux.
This document describes howto setup bsnl broadband service on your gnu/linux server/desktop. It assumes that you are neither linux beginer nor an expert. It assumes that you are aware of basic gnu/linux commands.
I have installed it on redhat 9. I dont find any reason why it would not work on following distributions:
* FC1
* FC2
* FC3
* FC4
* FC5
An unofficial FAQ on Dataone can be found here
Pre-Requisites
* Please ensure that you have connected a working ethernet card which is supported on gnu/linux. Test the ethernet card & ensure that it is working.
* Root access to a gnu/linux box
Before we start, please ensure that you have the following details on hand:
* BSNL Broadband connection -:)
* Username & Password
Using the builtin dialer
A HOWTO with instructions on using the PPPoE builtin dialer of the Huawei SmartAX MT800 ADSL router is available.
The procedure to configure the dialer in UTStarCom UT300R modem is given here
Using RP-PPPOE as dialer
Installation
* As BSNL broadband is using rp-pppoe (Roaring Penguin - Point to Point Over Ethernet), we would be required to download & install this package. This package is normally available on most of the distributions. But, if you are using redhat7.3, please download the following packages:
rpm package command line
rpm package GUI
source code
If you are downloading the tar.gz version, you have to build the rpm first. So, please walk through the following procedure to build the rpm:
Procedure to build RPM from tar.gz.
1. Login as root
2. Download tar.gz version & execute the following commands
# tar -zxvf rp-pppoe-3.5.tar.gz (untar this package)
* This command would untar the package in the current directory.
# cp rp-pppoe-3.5.tar.gz /usr/src/redhat/SOURCES/
# cd rp-pppoe-3.5
* The rpm spec file, rp-pppoe.spec is available in this directory.
# cp rp-pppoe.spec /usr/src/redhat/SPECS/
# cd /usr/src/redhat/SPECS
# rpm -ba rp-pppoe.spec
* The above command would untar the tar.gz package in ../BUILD
directory, compile the package and finally it would create neces
sary rpms in
If everything goes fine, you would see the following or similar message:
Wrote: /usr/src/redhat/SRPMS/rp-pppoe-3.5-1.src.rpm
Wrote: /usr/src/redhat/RPMS/i386/rp-pppoe-3.5-1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/rp-pppoe-gui-3.5-1.i386.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.97349
+ umask 022
+ cd /usr/src/redhat/BUILD
+ cd rp-pppoe-3.5
+ rm -rf /tmp/pppoe-build
+ exit 0
If this is the case, the necessary rpms are successfully created and they are available in appropriate directory.
Source RPMS - /usr/src/redhat/SRPMS/rp-pppoe-3.5-1.src.rpm
Binary RPMS - /usr/src/redhat/RPMS/i386/rp-pppoe-3.5-1.i386.rpm
GUI RPMS - /usr/src/redhat/RPMS/i386/rp-pppoe-gui-3.5-1.i386.rpm
Now, at this stage you are having necessary rpms with you. Either you have downloaded them from the above website. Or you would have built them on your own:
Command Line Version
# rpm -vih rp-pppoe-3.5-1.i386.rpm
It would install the command line version of rp-pppoe package.
GUI Version
# rpm -vih rp-pppoe-gui-3.5-1.i386.rpm
It would install the gui version of rp-pppoe package. If you have successfully installed, then you can proceed to next section.
Configuration
Once you have installed rp-pppoe package, all necessary commands would have been installed.
adsl-setup - to configure the connection parameters
adsl-start - to start the connection
adsl-status - to check status of the connection
adsl-stop - to stop the connection
Now, we are ready to configure the BSNL broadband internet connection.
Here you have to configure the following parameters:
* userid
* network interface (eth0 or ..)
* Demand value (normally you can leave it blank)
* DNS Information (primary & secondary)
* With regard to primary & secondary dns, You can leave it blank, as it would be taken care automatically. If you wish to know the dns details, just complete this wizard and when you run adsl-start, do:
# tail -f /var/log/messages
Mar 15 15:29:48 Gateway pppd[3564]: Remote message: Authentication success,Welcome!
Mar 15 15:29:48 Gateway pppd[3564]: local IP address 59.92.9.154
Mar 15 15:29:48 Gateway pppd[3564]: remote IP address 59.92.8.1
Mar 15 15:29:48 Gateway pppd[3564]: primary DNS address 61.1.96.69
Mar 15 15:29:48 Gateway pppd[3564]: secondary DNS address 61.1.96.71
There it goes! The primary & secondary dns details are found and it would be automatically updated in /etc/resolv.conf.
* Then you should enter the following details:
* Password
* Firewall (set is to 2, MASQUERADE)
* Confirm
* The following is the screen shot of adsl-setup command.
# adsl-setup
Welcome to the Roaring Penguin ADSL client setup. First, I will run
some checks on your system to make sure the PPPoE client is installed
properly...
Looks good! Now, please enter some information:
USER NAME
>>> Enter your PPPoE user name (default test@dataone):
INTERFACE
>>> Enter the Ethernet interface connected to the ADSL modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethn, where 'n' is a number.
(default eth0):
Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped. If you want the link to
stay up permanently, enter 'no' (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses. You may have some problems with demand-activated links.
>>> Enter the demand value (default no):
DNS
Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide DNS addresses',
enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.
>>> Enter the DNS information here: 61.1.128.5
Please enter the IP address of your ISP's secondary DNS server.
If you just press enter, I will assume there is only one DNS server.
>>> Enter the secondary DNS server address here: 61.0.0.5
PASSWORD
>>> Please enter your PPPoE password:
>>> Please re-enter your PPPoE password:
FIREWALLING
Please choose the firewall rules to use. Note that these rules are
very basic. You are strongly encouraged to use a more sophisticated
firewall setup; however, these will provide basic security. If you
are running any servers on your machine, you must choose 'NONE' and
set up firewalling yourself. Otherwise, the firewall rules will deny
access to all standard servers like Web, e-mail, ftp, etc. If you
are using SSH, the rules will block outgoing SSH connections which
allocate a privileged source port.
The firewall choices are:
0 - NONE: This script will not set any firewall rules. You are responsible
for ensuring the security of your machine. You are STRONGLY
recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
for a LAN
>>> Choose a type of firewall (0-2): 2
** Summary of what you entered **
Ethernet Interface: eth0
User name: test@dataone
Activate-on-demand: No
Primary DNS: 61.1.128.5
Secondary DNS: 61.0.0.5
Firewalling: MASQUERADE
>>> Accept these settings and adjust configuration files (y/n)? y
Adjusting /etc/ppp/pppoe.conf
Adjusting /etc/resolv.conf
(But first backing it up to /etc/resolv.conf-bak)
Adjusting /etc/ppp/pap-secrets and /etc/ppp/chap-secrets
(But first backing it up to /etc/ppp/pap-secrets-bak)
(But first backing it up to /etc/ppp/chap-secrets-bak)
Congratulations, it should be all set up!
Type 'adsl-start' to bring up your ADSL link and 'adsl-stop' to bring
it down. Type 'adsl-status' to see the link status.
Internet Connection
Now, if you see this Congrats! message, then you are all set & done. You can type,
# adsl-start ..Connected! #
Thats it. The bsnl broadband setup has been installed & configured.
At this point, you can go through the man pages of appropriate adsl-* commands for details.
Hope this article helps you out in configuring internet on linux specially for the redhat persons. I will soon post a article regarding configuring network interfaces on linux and other stuff related to it.
Tuesday, May 25, 2010
Site redirect rule setup
http://kb.mediatemple.net/questions/242/How+do+I+redirect+my+site+using+a+.htaccess+file%3F
Increase file size upload limit using php.ini or htaccess
Increasing file upload size by php.ini
File upload size affected by mainly below PHP settings.
file_uploads = On
This setting must be on. It allows running uploads through HTTP.
Ensure this value is on the value can be On/Off or 1/0 or true/false.
upload_max_filesize = 20M
This value limits the size of uploaded single file. Give it value what ever your requirements.
post_max_size = 40M
This value limits the size of all the uploaded content. For example upload_max_filesize is for single file, if we upload 3 files simultaneously each 15mb total 45mb so it exceeds post_max_size.
Remember post_max_size must be larger about 40% of upload_max_filesize.
max_execution_time = 30
Generally image uploading and manipulating with GD or Imagemagic consumes much time. So it may exceeds 30 seconds. You can modify whatever your requirements. When a script execution time exceeded by this limit the server stops the scripts or gives fatal error.
memory_limit = 128M
Generally image uploading and manipulation with GD or Imagemagic consumes much server memory. When it exceeds this memory the server stops executing the script, then we see empty page or no response from server or we get a fatal error.
Completed example, to increase 10Mb
upload_max_filesize = 10M ;
post_max_size = 20M ;
memory_limit = 128M
Copy the above settings into your php.ini and put it in your web root directory.
Increasing file upload size by .htaccess
php_value upload_max_filesize 10M
php_value post_max_size 20M
php_value memory_limit 128M
Copy the above settings into your .htaccess file and put it in your web root directory.
Almost all web host providers give to override the .htacces ,so you can use above method.
File upload size affected by mainly below PHP settings.
file_uploads = On
This setting must be on. It allows running uploads through HTTP.
Ensure this value is on the value can be On/Off or 1/0 or true/false.
upload_max_filesize = 20M
This value limits the size of uploaded single file. Give it value what ever your requirements.
post_max_size = 40M
This value limits the size of all the uploaded content. For example upload_max_filesize is for single file, if we upload 3 files simultaneously each 15mb total 45mb so it exceeds post_max_size.
Remember post_max_size must be larger about 40% of upload_max_filesize.
max_execution_time = 30
Generally image uploading and manipulating with GD or Imagemagic consumes much time. So it may exceeds 30 seconds. You can modify whatever your requirements. When a script execution time exceeded by this limit the server stops the scripts or gives fatal error.
memory_limit = 128M
Generally image uploading and manipulation with GD or Imagemagic consumes much server memory. When it exceeds this memory the server stops executing the script, then we see empty page or no response from server or we get a fatal error.
Completed example, to increase 10Mb
upload_max_filesize = 10M ;
post_max_size = 20M ;
memory_limit = 128M
Copy the above settings into your php.ini and put it in your web root directory.
Increasing file upload size by .htaccess
php_value upload_max_filesize 10M
php_value post_max_size 20M
php_value memory_limit 128M
Copy the above settings into your .htaccess file and put it in your web root directory.
Almost all web host providers give to override the .htacces ,so you can use above method.
Monday, May 24, 2010
Sturcture Of Cpanel
–Directory Structure of Cpanel
=======================
Apache
=======
/usr/local/apache
+ bin- apache binaries are stored here – httpd, apachectl, apxs
+ conf – configuration files – httpd.conf
+ cgi-bin
+ domlogs – domain log files are stored here
+ htdocs
+ include – header files
+ libexec – shared object (.so) files are stored here – libphp4.so,mod_rewrite.so
+ logs – apache logs – access_log, error_log, suexec_log
+ man – apache manual pages
+ proxy -
+ icons -
Init Script :/etc/rc.d/init.d/httpd – apache start script
Cpanel script to restart apache – /scripts/restartsrv_httpd
Exim
=====
Conf : /etc/exim.conf – exim main configuration file
/etc/localdomains – list of domains allowed to relay mail
Log : /var/log/exim_mainlog – incoming/outgoing mails are logged here
/var/log/exim_rejectlog – exim rejected mails are reported here
/var/log/exim_paniclog – exim errors are logged here
Mail queue: /var/spool/exim/input
Cpanel script to restart exim – /scripts/restartsrv_exim
Email forwarders and catchall address file – /etc/valiases/domainname.com
Email filters file – /etc/vfilters/domainname.com
POP user authentication file – /home/username/etc/domainname/passwd
catchall inbox – /home/username/mail/inbox
POP user inbox – /home/username/mail/domainname/popusername/inbox
POP user spambox – /home/username/mail/domainname/popusername/spam
Program : /usr/sbin/exim (suid – -rwsr-xr-x 1 root root )
Init Script: /etc/rc.d/init.d/exim
ProFTPD
========
Program :/usr/sbin/proftpd
Init Script :/etc/rc.d/init.d/proftpd
Conf: /etc/proftpd.conf
Log: /var/log/messages, /var/log/xferlog
FTP accounts file – /etc/proftpd/username – all ftp accounts for the domain are listed here
Pure-FTPD
=========
Program : /usr/sbin/pure-ftpd
Init Script :/etc/rc.d/init.d/pure-ftpd
Conf: /etc/pure-ftpd.conf
Anonymous ftp document root – /etc/pure-ftpd/ip-address
Frontpage Extensions
=================
Program – (Install): /usr/local/frontpage/version5.0/bin/owsadm.exe
Uninstall and then install for re-installations
FP files are found as _vti-bin, _vti-pvt, _vti-cnf, vti-log inside the public_html
Mysql
=======
Program : /usr/bin/mysql
Init Script : /etc/rc.d/init.d/mysql
Conf : /etc/my.cnf, /root/.my.cnf
Data directory – /var/lib/mysql – Where all databases are stored.
Database naming convention – username_dbname (eg: john_sales)
Permissions on databases – drwx 2 mysql mysql
Socket file – /var/lib/mysql/mysql.sock, /tmp/ mysql.sock
SSHD
======
Program :/usr/local/sbin/sshd
Init Script :/etc/rc.d/init.d/sshd
/etc/ssh/sshd_config
Log: /var/log/messages
Perl
====
Program :/usr/bin/perl
Directory :/usr/lib/perl5/5.6.1/
PHP
====
Program :/usr/local/bin/php, /usr/bin/php
ini file: /usr/local/lib/php.ini – apache must be restarted after any change to this file
php can be recomplied using /scripts/easyapache
Named(BIND)
============
Program: /usr/sbin/named
Init Script: /etc/rc.d/init.d/named
/etc/named.conf
db records:/var/named/
/var/log/messages
————————————————————————————————————————————–
Cpanel installation directory structure
=============================
/usr/local/cpanel
+ 3rdparty/ – tools like fantastico, mailman files are located here
+ addons/ – AdvancedGuestBook, phpBB etc
+ base/ – phpmyadmin, squirrelmail, skins, webmail etc
+ bin/ – cpanel binaries
+ cgi-sys/ – cgi files like cgiemail, formmail.cgi, formmail.pl etc
+ logs/ – cpanel access log and error log
+ whostmgr/ – whm related files
WHM related files
===============
/var/cpanel – whm files
+ bandwidth/ – rrd files of domains
+ username.accts – reseller accounts are listed in this files
+ packages – hosting packages are listed here
+ root.accts – root owned domains are listed here
+ suspended – suspended accounts are listed here
+ users/ – cpanel user file – theme, bwlimit, addon, parked, sub-domains all are listed in this files
+ zonetemplates/ – dns zone template files are taken from here
Common CPanel scripts
===================
cpanel/whm Scripts are located in /scripts/
+ addns – add a dns zone
+ addfpmail – Add frontpage mail extensions to all domains without them
+ addfpmail2 -Add frontpage mail extensions to all domains without them
+ addnetmaskips – Add the netmask 255.255.255.0 to all IPs that have no netmask
+ addnobodygrp – Adds the gorup nobody and activates security
+ addpop – add a pop account
+ addservlets – Add JSP support to an account (requires tomcat)
+ addstatus – (Internal use never called by user)
+ adduser – Add a user to the system
+ bandwidth – (OLD)
+ betaexim – Installs the latest version of exim
+ biglogcheck – looks for logs nearing 2 gigabytes in size
+ bsdcryptoinstall – Installs crypto on FreeBSD
+ bsdldconfig – Configures the proper lib directories in FreeBSD
+ bsdpkgpingtest – Tests the connection speed for downloading FreeBSD packages
+ buildbsdexpect – Install expect on FreeBSD
+ builddomainaddr – (OLD)
+ buildeximconf – Rebuilds exim.conf
+ buildpostgrebsd-dev – Installs postgresql on FreeBSD.
+ chcpass – change cpanel passwords
+ easyapache – recompile/upgrade apache and/or php
+ exim4 – reinstall exim and fix permissions
+ fixcommonproblems – fixes most common problems
+ fixfrontpageperm – fixes permission issues with Front Page
+ fixmailman – fixes common mailman issues
+ fixnamed – fixes common named issues
+ fixndc – fixes rndc errors with named
+ fixquotas – fixes quota problems
+ fullhordereset – resets horde database to a fresh one – all previous user data are lost
+ initquotas – initializes quotas
+ installzendopt – installs zend optimizer
+ killacct – terminate an account – make sure you take a backup of the account first
+ mailperm – fixes permission problems with inboxes
+ park – to park a domain
+ pkgacct – used to backup an account
+ restartsrv – restart script for services
+ restorepkg – restores an account from a backup file ( pkgacct file)
+ runlogsnow – update logs of all users
+ runweblogs – update stats for a particular user
+ securetmp – secures /tmp partition with options nosuexec and nosuid
+ suspendacct – suspends an account
+ unsuspendacct – unsuspends a suspended account
+ upcp – updates cpanel to the latest version
+ updatenow – updates the cpanel scripts
+ updateuserdomains – updates userdomain entries
Important cpanel/whm files
====================
/etc/httpd/conf/httpd.conf – apache configuration file
/etc/exim.conf – mail server configuration file
/etc/named.conf – name server (named) configuration file
/etc/proftpd.conf – proftpd server configuration file
/etc/pure-ftpd.conf – pure-ftpd server configuration file
/etc/valiases/domainname – catchall and forwarders are set here
/etc/vfilters/domainname – email filters are set here
/etc/userdomains – all domains are listed here – addons, parked,subdomains along with their usernames
/etc/localdomains – exim related file – all domains should be listed here to be able to send mails
/var/cpanel/users/username – cpanel user file
/var/cpanel/cpanel.config – cpanel configuration file ( Tweak Settings )*
/etc/cpbackup-userskip.conf -
/etc/sysconfig/network – Networking Setup*
/etc/hosts -
/var/spool/exim -
/var/spool/cron -
/etc/resolv.conf – Networking Setup–> Resolver Configuration
/etc/nameserverips – Networking Setup–> Nameserver IPs ( FOr resellers to give their nameservers )
/var/cpanel/resellers – For addpkg, etc permissions for resellers.
/etc/chkserv.d – Main >> Service Configuration >> Service Manager *
/var/run/chkservd – Main >> Server Status >> Service Status *
/var/log/dcpumon – top log process
/root/cpanel3-skel – skel directory. Eg: public_ftp, public_html. (Account Functions–>Skeleton Directory )*
/etc/wwwacct.conf – account creation defaults file in WHM (Basic cPanel/WHM Setup)*
/etc/cpupdate.conf – Update Config *
/etc/cpbackup.conf – Configure Backup*
/etc/clamav.conf – clamav (antivirus configuration file )
/etc/my.cnf – mysql configuration file
/usr/local/Zend/etc/php.ini OR /usr/local/lib/php.ini – php configuration file
/etc/ips – ip addresses on the server (except the shared ip) (IP Functions–>Show IP Address Usage )*
/etc/ipaddrpool – ip addresses which are free
/etc/ips.dnsmaster – name server ips
/var/cpanel/Counters – To get the counter of each users.
/var/cpanel/bandwidth – To get bandwith usage of domain
=======================
Apache
=======
/usr/local/apache
+ bin- apache binaries are stored here – httpd, apachectl, apxs
+ conf – configuration files – httpd.conf
+ cgi-bin
+ domlogs – domain log files are stored here
+ htdocs
+ include – header files
+ libexec – shared object (.so) files are stored here – libphp4.so,mod_rewrite.so
+ logs – apache logs – access_log, error_log, suexec_log
+ man – apache manual pages
+ proxy -
+ icons -
Init Script :/etc/rc.d/init.d/httpd – apache start script
Cpanel script to restart apache – /scripts/restartsrv_httpd
Exim
=====
Conf : /etc/exim.conf – exim main configuration file
/etc/localdomains – list of domains allowed to relay mail
Log : /var/log/exim_mainlog – incoming/outgoing mails are logged here
/var/log/exim_rejectlog – exim rejected mails are reported here
/var/log/exim_paniclog – exim errors are logged here
Mail queue: /var/spool/exim/input
Cpanel script to restart exim – /scripts/restartsrv_exim
Email forwarders and catchall address file – /etc/valiases/domainname.com
Email filters file – /etc/vfilters/domainname.com
POP user authentication file – /home/username/etc/domainname/passwd
catchall inbox – /home/username/mail/inbox
POP user inbox – /home/username/mail/domainname/popusername/inbox
POP user spambox – /home/username/mail/domainname/popusername/spam
Program : /usr/sbin/exim (suid – -rwsr-xr-x 1 root root )
Init Script: /etc/rc.d/init.d/exim
ProFTPD
========
Program :/usr/sbin/proftpd
Init Script :/etc/rc.d/init.d/proftpd
Conf: /etc/proftpd.conf
Log: /var/log/messages, /var/log/xferlog
FTP accounts file – /etc/proftpd/username – all ftp accounts for the domain are listed here
Pure-FTPD
=========
Program : /usr/sbin/pure-ftpd
Init Script :/etc/rc.d/init.d/pure-ftpd
Conf: /etc/pure-ftpd.conf
Anonymous ftp document root – /etc/pure-ftpd/ip-address
Frontpage Extensions
=================
Program – (Install): /usr/local/frontpage/version5.0/bin/owsadm.exe
Uninstall and then install for re-installations
FP files are found as _vti-bin, _vti-pvt, _vti-cnf, vti-log inside the public_html
Mysql
=======
Program : /usr/bin/mysql
Init Script : /etc/rc.d/init.d/mysql
Conf : /etc/my.cnf, /root/.my.cnf
Data directory – /var/lib/mysql – Where all databases are stored.
Database naming convention – username_dbname (eg: john_sales)
Permissions on databases – drwx 2 mysql mysql
Socket file – /var/lib/mysql/mysql.sock, /tmp/ mysql.sock
SSHD
======
Program :/usr/local/sbin/sshd
Init Script :/etc/rc.d/init.d/sshd
/etc/ssh/sshd_config
Log: /var/log/messages
Perl
====
Program :/usr/bin/perl
Directory :/usr/lib/perl5/5.6.1/
PHP
====
Program :/usr/local/bin/php, /usr/bin/php
ini file: /usr/local/lib/php.ini – apache must be restarted after any change to this file
php can be recomplied using /scripts/easyapache
Named(BIND)
============
Program: /usr/sbin/named
Init Script: /etc/rc.d/init.d/named
/etc/named.conf
db records:/var/named/
/var/log/messages
————————————————————————————————————————————–
Cpanel installation directory structure
=============================
/usr/local/cpanel
+ 3rdparty/ – tools like fantastico, mailman files are located here
+ addons/ – AdvancedGuestBook, phpBB etc
+ base/ – phpmyadmin, squirrelmail, skins, webmail etc
+ bin/ – cpanel binaries
+ cgi-sys/ – cgi files like cgiemail, formmail.cgi, formmail.pl etc
+ logs/ – cpanel access log and error log
+ whostmgr/ – whm related files
WHM related files
===============
/var/cpanel – whm files
+ bandwidth/ – rrd files of domains
+ username.accts – reseller accounts are listed in this files
+ packages – hosting packages are listed here
+ root.accts – root owned domains are listed here
+ suspended – suspended accounts are listed here
+ users/ – cpanel user file – theme, bwlimit, addon, parked, sub-domains all are listed in this files
+ zonetemplates/ – dns zone template files are taken from here
Common CPanel scripts
===================
cpanel/whm Scripts are located in /scripts/
+ addns – add a dns zone
+ addfpmail – Add frontpage mail extensions to all domains without them
+ addfpmail2 -Add frontpage mail extensions to all domains without them
+ addnetmaskips – Add the netmask 255.255.255.0 to all IPs that have no netmask
+ addnobodygrp – Adds the gorup nobody and activates security
+ addpop – add a pop account
+ addservlets – Add JSP support to an account (requires tomcat)
+ addstatus – (Internal use never called by user)
+ adduser – Add a user to the system
+ bandwidth – (OLD)
+ betaexim – Installs the latest version of exim
+ biglogcheck – looks for logs nearing 2 gigabytes in size
+ bsdcryptoinstall – Installs crypto on FreeBSD
+ bsdldconfig – Configures the proper lib directories in FreeBSD
+ bsdpkgpingtest – Tests the connection speed for downloading FreeBSD packages
+ buildbsdexpect – Install expect on FreeBSD
+ builddomainaddr – (OLD)
+ buildeximconf – Rebuilds exim.conf
+ buildpostgrebsd-dev – Installs postgresql on FreeBSD.
+ chcpass – change cpanel passwords
+ easyapache – recompile/upgrade apache and/or php
+ exim4 – reinstall exim and fix permissions
+ fixcommonproblems – fixes most common problems
+ fixfrontpageperm – fixes permission issues with Front Page
+ fixmailman – fixes common mailman issues
+ fixnamed – fixes common named issues
+ fixndc – fixes rndc errors with named
+ fixquotas – fixes quota problems
+ fullhordereset – resets horde database to a fresh one – all previous user data are lost
+ initquotas – initializes quotas
+ installzendopt – installs zend optimizer
+ killacct – terminate an account – make sure you take a backup of the account first
+ mailperm – fixes permission problems with inboxes
+ park – to park a domain
+ pkgacct – used to backup an account
+ restartsrv – restart script for services
+ restorepkg – restores an account from a backup file ( pkgacct file)
+ runlogsnow – update logs of all users
+ runweblogs – update stats for a particular user
+ securetmp – secures /tmp partition with options nosuexec and nosuid
+ suspendacct – suspends an account
+ unsuspendacct – unsuspends a suspended account
+ upcp – updates cpanel to the latest version
+ updatenow – updates the cpanel scripts
+ updateuserdomains – updates userdomain entries
Important cpanel/whm files
====================
/etc/httpd/conf/httpd.conf – apache configuration file
/etc/exim.conf – mail server configuration file
/etc/named.conf – name server (named) configuration file
/etc/proftpd.conf – proftpd server configuration file
/etc/pure-ftpd.conf – pure-ftpd server configuration file
/etc/valiases/domainname – catchall and forwarders are set here
/etc/vfilters/domainname – email filters are set here
/etc/userdomains – all domains are listed here – addons, parked,subdomains along with their usernames
/etc/localdomains – exim related file – all domains should be listed here to be able to send mails
/var/cpanel/users/username – cpanel user file
/var/cpanel/cpanel.config – cpanel configuration file ( Tweak Settings )*
/etc/cpbackup-userskip.conf -
/etc/sysconfig/network – Networking Setup*
/etc/hosts -
/var/spool/exim -
/var/spool/cron -
/etc/resolv.conf – Networking Setup–> Resolver Configuration
/etc/nameserverips – Networking Setup–> Nameserver IPs ( FOr resellers to give their nameservers )
/var/cpanel/resellers – For addpkg, etc permissions for resellers.
/etc/chkserv.d – Main >> Service Configuration >> Service Manager *
/var/run/chkservd – Main >> Server Status >> Service Status *
/var/log/dcpumon – top log process
/root/cpanel3-skel – skel directory. Eg: public_ftp, public_html. (Account Functions–>Skeleton Directory )*
/etc/wwwacct.conf – account creation defaults file in WHM (Basic cPanel/WHM Setup)*
/etc/cpupdate.conf – Update Config *
/etc/cpbackup.conf – Configure Backup*
/etc/clamav.conf – clamav (antivirus configuration file )
/etc/my.cnf – mysql configuration file
/usr/local/Zend/etc/php.ini OR /usr/local/lib/php.ini – php configuration file
/etc/ips – ip addresses on the server (except the shared ip) (IP Functions–>Show IP Address Usage )*
/etc/ipaddrpool – ip addresses which are free
/etc/ips.dnsmaster – name server ips
/var/cpanel/Counters – To get the counter of each users.
/var/cpanel/bandwidth – To get bandwith usage of domain
Friday, May 21, 2010
Malware and apache directive exp link
http://httpd.apache.org/docs/1.3/mod/core.html#maxclients
http://www.rfxn.com/tag/malware/
http://www.rfxn.com/tag/malware/
Find Forwarder set account fro cpanel
#!/usr/local/bin/perl
#WHMADDON:aolforwardfinder:AOL Forwarder Finder
##----------------------------------------------------
## Version 1.0
##
## Usage:
##
## 1) Copy to "/usr/local/cpanel/whostmgr/docroot/cgi/" directory.
## 2) Rename to "addon_aolforwarderfinder.cgi".
## 3) Chown to root:root.
## 4) Chmod to 755.
## 5) Log into WHM as user with root privs and click the link
## called "AOL Forwarder Finder" under the Add-ons section.
##----------------------------------------------------
BEGIN {
push(@INC,'/usr/local/cpanel','/usr/local/cpanel/Cpanel');
push(@INC,"/usr/local/cpanel/whostmgr/docroot/cgi");
}
use whmlib;
#--------------------------------
my $delimiter = "::";
#--------------------------------
print "Content-type: text/html\r\n\r\n";
defheader("AOL Forwarder Finder");
#-------------------------------------
if (!$ACL{all}) {
print "
exit();
}
#-------------------------------------
# Start main work.
&printscriptinfo;
my @aolforwarders;
my @print;
chdir("/etc/valiases");
@aolforwarders = `grep -i \@aol. *`;
if (! @aolforwarders) {
print "
exit();
}
foreach my $line (@aolforwarders) {
my $owner;
my $realdomain;
my $reseller;
my @aols;
my @aoladdresses;
my ($domain, $forwarder, $addresses) = split(/:/, $line);
$owner = `/scripts/whoowns $domain`;
$realdomain = &domainname($owner);
$reseller = &findreseller($owner);
@aoladdresses = split(/,/, $addresses);
my @aols;
foreach (@aoladdresses) {
$_ = &trim($_);
if ($_ =~ /aol.com/i) {
push(@aols, $_);
}
}
if ($forwarder eq "*") {
$forwarder = "default address";
}
foreach(@aols) {
push(@print, $reseller . $delimiter .
$realdomain . $delimiter . $domain . $delimiter . $forwarder . $delimiter .
$_ . "\n
");
}
}
# Print results.
@print = sort { $a cmp $b } @print;
foreach(@print) {
print($_);
}
## Subroutines
sub trim {
my $string = shift(@_);
$string =~ s/\s//g;
return $string;
}
sub domainname {
my $user;
my $domain;
$user = $_[0];
open(CPU,"/var/cpanel/users/" . $user);
while() {
if (/^DNS=(\S+)/) {
$domain = $1;
}
}
close(CPU);
return $domain;
}
sub findreseller {
my $user;
my $reseller;
$user = $_[0];
open(CPU,"/var/cpanel/users/" . $user);
while() {
if (/^OWNER=(\S+)/) {
$reseller = $1;
}
}
close(CPU);
#if ($reseller ne "root") {
return &domainname($reseller);
#}
#else {
# return "NOT RESOLD";
#}
}
sub printscriptinfo {
print "
print "
}
#WHMADDON:aolforwardfinder:AOL Forwarder Finder
##----------------------------------------------------
## Version 1.0
##
## Usage:
##
## 1) Copy to "/usr/local/cpanel/whostmgr/docroot/cgi/" directory.
## 2) Rename to "addon_aolforwarderfinder.cgi".
## 3) Chown to root:root.
## 4) Chmod to 755.
## 5) Log into WHM as user with root privs and click the link
## called "AOL Forwarder Finder" under the Add-ons section.
##----------------------------------------------------
BEGIN {
push(@INC,'/usr/local/cpanel','/usr/local/cpanel/Cpanel');
push(@INC,"/usr/local/cpanel/whostmgr/docroot/cgi");
}
use whmlib;
#--------------------------------
my $delimiter = "::";
#--------------------------------
print "Content-type: text/html\r\n\r\n";
defheader("AOL Forwarder Finder");
#-------------------------------------
if (!$ACL{all}) {
print "
Sorry, but this function may only be run by the server
administrator.
exit();
}
#-------------------------------------
# Start main work.
&printscriptinfo;
my @aolforwarders;
my @print;
chdir("/etc/valiases");
@aolforwarders = `grep -i \@aol. *`;
if (! @aolforwarders) {
print "
There were no \@aol forwarders found. Lucky!
";exit();
}
foreach my $line (@aolforwarders) {
my $owner;
my $realdomain;
my $reseller;
my @aols;
my @aoladdresses;
my ($domain, $forwarder, $addresses) = split(/:/, $line);
$owner = `/scripts/whoowns $domain`;
$realdomain = &domainname($owner);
$reseller = &findreseller($owner);
@aoladdresses = split(/,/, $addresses);
my @aols;
foreach (@aoladdresses) {
$_ = &trim($_);
if ($_ =~ /aol.com/i) {
push(@aols, $_);
}
}
if ($forwarder eq "*") {
$forwarder = "default address";
}
foreach(@aols) {
push(@print, $reseller . $delimiter .
$realdomain . $delimiter . $domain . $delimiter . $forwarder . $delimiter .
$_ . "\n
");
}
}
# Print results.
@print = sort { $a cmp $b } @print;
foreach(@print) {
print($_);
}
## Subroutines
sub trim {
my $string = shift(@_);
$string =~ s/\s//g;
return $string;
}
sub domainname {
my $user;
my $domain;
$user = $_[0];
open(CPU,"/var/cpanel/users/" . $user);
while(
if (/^DNS=(\S+)/) {
$domain = $1;
}
}
close(CPU);
return $domain;
}
sub findreseller {
my $user;
my $reseller;
$user = $_[0];
open(CPU,"/var/cpanel/users/" . $user);
while(
if (/^OWNER=(\S+)/) {
$reseller = $1;
}
}
close(CPU);
#if ($reseller ne "root") {
return &domainname($reseller);
#}
#else {
# return "NOT RESOLD";
#}
}
sub printscriptinfo {
print "
This script shows a list of all email forwarders
on the server that are set up to forward email to AOL.
[reseller's
domain] = The reseller who owns the [cpanel domain].
[cpanel
domain] = The main cpanel domain where the forwarder is located.
might be an add-on or parked domain.)
[forwarder address] = The
actual email address that is doing the forwarding.
[aol address]
= The destination/target email address.
print "
[reseller's domain] " . $delimiter . " [cpanel
domain] " . $delimiter . " [forwarder domain] " . $delimiter . " [forwarder
address] " . $delimiter . " [aol address]
}
Thursday, May 20, 2010
Knowledged base
http://kb.deru.net/?View=entry&EntryID=94 - Exim
iptables -I INPUT -p tcp --dport 25 -j ACCEPT
http://forums.cpanel.net/f5/hunt-spammers-find-who-sent-spam-nobody-34195.html
http://www.layeredtech.com/forums/showthread.php?t=75
http://66.90.111.132:7700/
http://www.webhostgear.com/396.html
http://www.webhostingtalk.com/showthread.php?t=227645
iptables -I INPUT -p tcp --dport 25 -j ACCEPT
http://forums.cpanel.net/f5/hunt-spammers-find-who-sent-spam-nobody-34195.html
http://www.layeredtech.com/forums/showthread.php?t=75
http://66.90.111.132:7700/
http://www.webhostgear.com/396.html
http://www.webhostingtalk.com/showthread.php?t=227645
Tuesday, May 18, 2010
Mysql commands
You will start by logging into your server via ssh and logging into your MySQL entering the following:
mysql –uadmin –p`cat /etc/psa/.psa.shadow`
Grant Privilege
GRANT SELECT ON database.* TO username@'localhost' IDENTIFIED BY 'password';
To enable more options you would separate them with a comma. So to enable SELECT, INSERT, and DELETE your syntax would look like this;
GRANT SELECT, INSERT, DELETE ON database.* TO username@'localhost' IDENTIFIED BY 'password';
Once you have given the desired privileges for your user, you will need to run this command within the MySQL command prompt;
FLUSH PRIVILEGES;
To see a list of the privileges that have been granted to a specific user;
select * from mysql.user where User='user' \G
mysql –uadmin –p`cat /etc/psa/.psa.shadow`
Grant Privilege
GRANT SELECT ON database.* TO username@'localhost' IDENTIFIED BY 'password';
To enable more options you would separate them with a comma. So to enable SELECT, INSERT, and DELETE your syntax would look like this;
GRANT SELECT, INSERT, DELETE ON database.* TO username@'localhost' IDENTIFIED BY 'password';
Once you have given the desired privileges for your user, you will need to run this command within the MySQL command prompt;
FLUSH PRIVILEGES;
To see a list of the privileges that have been granted to a specific user;
select * from mysql.user where User='user' \G
Saturday, May 15, 2010
Band
http://forum.soluslabs.com/showthread.php?1102-Bandwidth-is-not-updating-for-a-new-vps-in-my-admincp-
http://www.nocser.net/clients/knowledgebase/342/Install-solusvm.html
crontab -e
*/2 * * * * /usr/bin/php -f /usr/local/solusvm/system/vzbw.php >/dev/null 2>&1
save
chmod 0744 /etc/cron.d/solusvm ( 0744 makes sure the executable bit is set to be able to actually run these jobs ;-) )
should show -rwxr--r--
http://www.nocser.net/clients/knowledgebase/342/Install-solusvm.html
crontab -e
*/2 * * * * /usr/bin/php -f /usr/local/solusvm/system/vzbw.php >/dev/null 2>&1
save
chmod 0744 /etc/cron.d/solusvm ( 0744 makes sure the executable bit is set to be able to actually run these jobs ;-) )
should show -rwxr--r--
Friday, May 14, 2010
LVM creation method + solusVM
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/sysadmin-guide/s1-lvm-diskdruid-manual.html
solusVM setup
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda2
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-164.15.1.el5xen)
root (hd0,0)
kernel /xen.gz-2.6.18-164.15.1.el5 dom0_mem=2048M
module /vmlinuz-2.6.18-164.15.1.el5xen ro root=LABEL=/
module /initrd-2.6.18-164.15.1.el5xen.img
title CentOS (2.6.18-164.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-164.el5 ro root=LABEL=/
initrd /initrd-2.6.18-164.el5.img
Slave server partition
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 123G 2.4G 115G 3% /
/dev/sda1 99M 19M 75M 21% /boot
tmpfs 1.0G 0 1.0G 0% /dev/shm
none 1.0G 104K 1.0G 1% /var/lib/xenstored
[root@slaveserver template]# fdisk -l
Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 16586 133122622+ 83 Linux
/dev/sda3 16587 18626 16386300 82 Linux swap / Solaris
/dev/sda4 18627 60801 338770687+ 5 Extended
/dev/sda5 18627 60801 338770656 8e Linux LVM
Disk /dev/sdb: 640.1 GB, 640135028736 bytes
255 heads, 63 sectors/track, 77825 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
Volume group not found error:
/usr/local/solusvm/data/allow.dat - Master server ip in master server
[root@slaveserver template]# vgdisplay
--- Volume group ---
VG Name vg1
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 23
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 2
Open LV 0
Max PV 0
Cur PV 1
Act PV 1
VG Size 323.06 GB
PE Size 32.00 MB
Total PE 10338
Alloc PE / Size 3232 / 101.00 GB
Free PE / Size 7106 / 222.06 GB
VG UUID 1ns1U1-nl1E-OgSG-KDco-r62t-59Hs-rNedzz
[root@slaveserver template]# lvdisplay
--- Logical volume ---
LV Name /dev/vg1/vm101_img
VG Name vg1
LV UUID HzdrFA-CGzV-lFjR-lYRd-40p4-0oBR-1TYh2m
LV Write Access read/write
LV Status available
# open 0
LV Size 100.00 GB
Current LE 3200
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:0
--- Logical volume ---
LV Name /dev/vg1/vm101_swap
VG Name vg1
LV UUID DaxzeY-Jsl2-FQjl-PA7k-CSfm-A97L-m8fXfZ
LV Write Access read/write
LV Status available
# open 0
LV Size 1.00 GB
Current LE 32
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:1
netstat -tn|grep :80|awk '{print $5}'|cut -d: -f4|sort|uniq -c|sort -rn|head
netstat -tn|grep :80|awk '{print $5}'|cut -d: -f1|sort|uniq -c|sort -rn|head
http://forums.cpanel.net/f5/login-webmail-internal-server-error-user-over-quota-141325.html
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda2
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-164.15.1.el5xen)
root (hd0,0)
kernel /xen.gz-2.6.18-164.15.1.el5 dom0_mem=2048M
module /vmlinuz-2.6.18-164.15.1.el5xen ro root=LABEL=/
module /initrd-2.6.18-164.15.1.el5xen.img
title CentOS (2.6.18-164.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-164.el5 ro root=LABEL=/
initrd /initrd-2.6.18-164.el5.img
Slave server partition
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 123G 2.4G 115G 3% /
/dev/sda1 99M 19M 75M 21% /boot
tmpfs 1.0G 0 1.0G 0% /dev/shm
none 1.0G 104K 1.0G 1% /var/lib/xenstored
[root@slaveserver template]# fdisk -l
Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 16586 133122622+ 83 Linux
/dev/sda3 16587 18626 16386300 82 Linux swap / Solaris
/dev/sda4 18627 60801 338770687+ 5 Extended
/dev/sda5 18627 60801 338770656 8e Linux LVM
Disk /dev/sdb: 640.1 GB, 640135028736 bytes
255 heads, 63 sectors/track, 77825 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
Volume group not found error:
/usr/local/solusvm/data/allow.dat - Master server ip in master server
[root@slaveserver template]# vgdisplay
--- Volume group ---
VG Name vg1
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 23
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 2
Open LV 0
Max PV 0
Cur PV 1
Act PV 1
VG Size 323.06 GB
PE Size 32.00 MB
Total PE 10338
Alloc PE / Size 3232 / 101.00 GB
Free PE / Size 7106 / 222.06 GB
VG UUID 1ns1U1-nl1E-OgSG-KDco-r62t-59Hs-rNedzz
[root@slaveserver template]# lvdisplay
--- Logical volume ---
LV Name /dev/vg1/vm101_img
VG Name vg1
LV UUID HzdrFA-CGzV-lFjR-lYRd-40p4-0oBR-1TYh2m
LV Write Access read/write
LV Status available
# open 0
LV Size 100.00 GB
Current LE 3200
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:0
--- Logical volume ---
LV Name /dev/vg1/vm101_swap
VG Name vg1
LV UUID DaxzeY-Jsl2-FQjl-PA7k-CSfm-A97L-m8fXfZ
LV Write Access read/write
LV Status available
# open 0
LV Size 1.00 GB
Current LE 32
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:1
netstat -tn|grep :80|awk '{print $5}'|cut -d: -f4|sort|uniq -c|sort -rn|head
netstat -tn|grep :80|awk '{print $5}'|cut -d: -f1|sort|uniq -c|sort -rn|head
http://forums.cpanel.net/f5/login-webmail-internal-server-error-user-over-quota-141325.html
Thursday, May 13, 2010
SolusVM slave server partition method
http://forum.soluslabs.com/showthread.php?1117-Can-not-create-new-xen-vps
FFmpeg convertion
MP4Box:
/usr/local/bin/MP4Box -inter 0.2 -add /var/www/vhosts/whatspoppin.net/httpdocs/new_test/video_95.flv /var/www/vhosts/whatspoppin.net/httpdocs/new_test/video_95_conv.flv
Mencoder:
/usr/local/bin/mencoder /var/www/vhosts/whatspoppin.net/httpdocs/new_test/video_165.avi -o /var/www/vhosts/pulseter.com/httpdocs/new_test/new_flv.flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts
Please use the following command instead of the above command set.
/usr/local/bin/mencoder /var/www/vhosts/whatspoppin.net/httpdocs/new_test/video_165.avi -o /var/www/vhosts/whatspoppin.net/httpdocs/new_test/convert_new.flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts vcodec=flv:vbitrate=500:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -srate 22050
FFMPEG:
/usr/local/bin/ffmpeg -i '/var/www/vhosts/whatspoppin.net/httpdocs/new_test/converted_flv.flv' -acodec 'libmp3lame' -ab 128k -vcodec 'libx264' -vpre hq -crf 22 -threads 0 -f mp4 /var/www/vhosts/whatspoppin.net/httpdocs/new_test/libx264_test_new.mp4
/usr/local/bin/MP4Box -inter 0.2 -add /var/www/vhosts/whatspoppin.net/httpdocs/new_test/video_95.flv /var/www/vhosts/whatspoppin.net/httpdocs/new_test/video_95_conv.flv
Mencoder:
/usr/local/bin/mencoder /var/www/vhosts/whatspoppin.net/httpdocs/new_test/video_165.avi -o /var/www/vhosts/pulseter.com/httpdocs/new_test/new_flv.flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts
Please use the following command instead of the above command set.
/usr/local/bin/mencoder /var/www/vhosts/whatspoppin.net/httpdocs/new_test/video_165.avi -o /var/www/vhosts/whatspoppin.net/httpdocs/new_test/convert_new.flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts vcodec=flv:vbitrate=500:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -srate 22050
FFMPEG:
/usr/local/bin/ffmpeg -i '/var/www/vhosts/whatspoppin.net/httpdocs/new_test/converted_flv.flv' -acodec 'libmp3lame' -ab 128k -vcodec 'libx264' -vpre hq -crf 22 -threads 0 -f mp4 /var/www/vhosts/whatspoppin.net/httpdocs/new_test/libx264_test_new.mp4
SolusVm memory fix
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol01
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-164.15.1.el5xen)
root (hd0,0)
kernel /xen.gz-2.6.18-164.15.1.el5 dom0_mem=512M
module /vmlinuz-2.6.18-164.15.1.el5xen ro root=/dev/VolGroup00/LogVol01
module /initrd-2.6.18-164.15.1.el5xen.img
title CentOS (2.6.18-164.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-164.el5 ro root=/dev/VolGroup00/LogVol01
initrd /initrd-2.6.18-164.el5.img
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol01
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-164.15.1.el5xen)
root (hd0,0)
kernel /xen.gz-2.6.18-164.15.1.el5 dom0_mem=512M
module /vmlinuz-2.6.18-164.15.1.el5xen ro root=/dev/VolGroup00/LogVol01
module /initrd-2.6.18-164.15.1.el5xen.img
title CentOS (2.6.18-164.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-164.el5 ro root=/dev/VolGroup00/LogVol01
initrd /initrd-2.6.18-164.el5.img
Subscribe to:
Posts (Atom)