Linux Info

Tuesday, September 10, 2013

Use of stat command....

Use stat command. It displays file or file system status such as:

=> File size

=> File type

=> Inode number

=> UID/GID

=> File access , modify and creation time etc.
stat command example

$ stat /etc/passwd

Display file system status

You can display file system status instead of file status. For example, display status for / file system:

$ stat -f /

Set timezone using /etc/localtime configuration file [any Linux distro]

Set timezone using /etc/localtime configuration file [any Linux distro]

Often /etc/localtime is a symlink to the file localtime or to the correct time zone file in the system time zone directory.

Create a symlink to file localtime:

# ln -sf /usr/share/zoneinfo/EST /etc/localtime

Eg: # ln -sf /usr/share/zoneinfo/Asia/Calcutta /etc/localtime

date -s "10/15/2005 09:40:00 EDT"

date -s "10/15/2005 09:40:00"
/sbin/hwclock --systohc

Edit the /etc/sysconfig/clock text file so that it looks like this:

ZONE="America/Denver"
UTC=true
ARC=false

Of course, this assumes that your hardware clock is running UTC time...

3. Delete the following file: /etc/localtime

4. Create a new soft link for /etc/localtime. Here is an example of step 3 and step 4:

# cd /etc
# ls -al localtime
lrwxrwxrwx 1 root root 39 Mar 28 07:00 localtime -> /usr/share/zoneinfo/America/Los_Angeles

# rm /etc/localtime

# ln -s /usr/share/zoneinfo/America/Denver /etc/localtime
# ls -al localtime
lrwxrwxrwx 1 root root 34 Mar 28 08:59 localtime -> /usr/share/zoneinfo/America/Denver

# date
Fri Mar 28 09:00:04 MST 2003

date; date > ~/date."bak-`/bin/date`"; cat /etc/sysconfig/clock; ls -l /etc/localtime

NTP Configuration and Usage:

Various Port Numbers for Quick Ref.

Hi Guys

A quick ref for various port numbers.

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

21 => FTP
22 => SSH
23 => Telnet
25 => SMTP Mail Transfer
43 => WHOIS service
53 => name server (DNS)
80 => HTTP (Web server)
110 => POP protocol (for email)
443 => HTTP Secure (SSL for https:// )
995 => POP over SSL/TLS
9999 => Urchin
3306 = > MysQL Server
2082 => CPANEL Default
2083 => CPANEL - Secure/SSL
2086 => CPANEL WHM
2087 => CPANEL WHM - Secure/SSL
2095 => cpanel webmail
2096 => cpanel webmail - secure/SSL
Plesk Control Panel => 8880
Plesk Control Panel => 8443
DirectAdmin Control Panel => 2222
Webmin Control Panel => 10000

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

A simple script that will help you to understand the usage of [if elif else fi] and check whether file or directory.

vi delete.sh

#code goes here.

#------------------------------------------------------------------------------------------

#!/bin/bash

echo -n "Enter the filename : ";
read myfile;
echo -n "Are you sure (Yes/No)?"
read confirm;

#Checking the entered file type

if [ -f $myfile ]; then
value="File"
elif [ -d $myfile ]; then
value="Directory"
else
value="Special file"
fi

#user confirmation for deletion

confirm="$(echo ${confirm} | tr 'A-Z' 'a-z')"
if [ "$confirm" == "yes" ]; then

#deleting the file/directory

[ -f $myfile ] || [ -d $myfile ] && /bin/rm -r $myfile && echo "$value $myfile has been deleted"|| echo "Error - Unable to locate the file $myfile"

else
echo " Program exiting...."
fi
#------------------------------------------------------------------------------------------

Monday, September 09, 2013

View the Content of initrd image in Linux

The initial RAM disk is an initial root file system that is mounted prior to when the real root file system is available.

How can the content of initrd can be viewed?

Go to the /boot directory of linux and copy the initrd file to another location.

1. Create a folder

[ajasoman@oc1120611582 ~]$ mkdir initrd

2. Change to that directory and copy the initrd file to there..

[ajasoman@oc1120611582 ~]$ cd initrd

[ajasoman@oc1120611582 initrd]$ cp /boot/initramfs-2.6.32-358.11.1.el6.x86_64.img /home/ajasoman/initrd

[ajasoman@oc1120611582 initrd]$ ls initramfs-2.6.32-358.11.1.el6.x86_64.img

3. Rename the file to .gz

mv initramfs-2.6.32-358.11.1.el6.x86_64.img initramfs-2.6.32-358.11.1.el6.x86_64.gz

4. Use gunzip command to un-compress the file

gunzip initramfs-2.6.32-358.11.1.el6.x86_64.gz

5. Use cpio command to convert

[ajasoman@oc1120611582 initrd]$ cpio -ivd < initramfs-2.6.32-358.11.1.el6.x86_64
.
initqueue-finished
proc
pre-udev
pre-udev/30block-genrules.sh
pre-udev/30dmsquash-liveiso-genrules.sh
pre-udev/30dm-pre-udev.sh
pre-udev/30resume-genrules.sh
pre-udev/30mdmon-pre-udev.sh
dracut-004-303.el6
lib64
lib64/li
6. See the o/p using ls

[ajasoman@oc1120611582 initrd]$ ls -l
total 50300
drwxr-xr-x 2 ajasoman ajasoman     4096 Sep 9 23:40 bin
drwxr-xr-x 2 ajasoman ajasoman     4096 Sep 9 23:40 cmdline
drwxr-xr-x 3 ajasoman ajasoman     4096 Sep 9 23:40 dev
-rw-r--r-- 1 ajasoman ajasoman       19 Sep 9 23:40 dracut-004-303.el6
drwxr-xr-x 2 ajasoman ajasoman     4096 Sep 9 23:40 emergency
drwxr-xr-x 7 ajasoman ajasoman     4096 Sep 9 23:40 etc
-rwxr-xr-x 1 ajasoman ajasoman     8879 Sep 9 23:40 init
drwxr-xr-x 2 ajasoman ajasoman     4096 Sep 9 23:40 initqueue
drwxr-xr-x 2 ajasoman ajasoman     4096 Sep 9 23:40 initqueue-finished
drwxr-xr-x 2 ajasoman ajasoman     4096 Sep 9 23:40 initqueue-settled
drwxr-xr-x 2 ajasoman ajasoman     4096 Sep 9 23:40 initqueue-timeout
-rw-r--r-- 1 ajasoman ajasoman 51398656 Sep 9 23:11 initramfs-2.6.32-358.11.1.el6.x86_64
drwxr-xr-x 7 ajasoman ajasoman     4096 Sep 9 23:40 lib
drwxr-xr-x 4 ajasoman ajasoman     4096 Sep 9 23:40 lib64
drwxr-xr-x 2 ajasoman ajasoman     4096 Sep 9 23:40 mount
drwxr-xr-x 2 ajasoman ajasoman     4096 Sep 9 23:40 pre-pivot
drwxr-xr-x 2 ajasoman ajasoman     4096 Sep 9 23:40 pre-trigger
drwxr-xr-x 2 ajasoman ajasoman     4096 Sep 9 23:40 pre-udev
drwxr-xr-x 2 ajasoman ajasoman     4096 Sep 9 23:40 proc
drwxr-xr-x 2 ajasoman ajasoman     4096 Sep 9 23:40 sbin
drwxr-xr-x 2 ajasoman ajasoman     4096 Sep 9 23:40 sys
drwxr-xr-x 2 ajasoman ajasoman     4096 Sep 9 23:40 sysroot
drwxrwxrwt 2 ajasoman ajasoman     4096 Sep 9 23:40 tmp
drwxr-xr-x 7 ajasoman ajasoman     4096 Sep 9 23:40 usr
drwxr-xr-x 4 ajasoman ajasoman     4096 Sep 9 23:40 var
[ajasoman@oc1120611582 initrd]$

Monday, June 07, 2010

Running Multiple Mysql on same Mechine

Running Multiple Mysql

The easiest way is to run multiple servers on Unix is to compile them with different TCP/IP ports and Unix socket files so that each one is listening on different network interfaces. Compiling in different base directories for each installation also results automatically in a separate, compiled-in data directory, log file, and PID file location for each server.

If the existing Mysql server is configured for the default TCP/IP port number (3306) and Unix socket file (/tmp/mysql.sock).

To configure a new My sql server to have different operating parameters, use a configure command something like this:

shell> ./configure --with-tcp-port=port_number (3307)\
--with-unix-socket-path=file_name (/tmp/new.mysql.sock \
--prefix=/usr/local/mysql-5.1.46

Here, port_number and file_name must be different from the default TCP/IP port number and Unix socket file path name, and the --prefix value should specify an installation directory different from the one under which the existing MySQL installation is located. As mentioned above.

Open the new port in the firewall.

shell> mysqld_safe --socket=file_name --port=port_number
To start a second server, provide different --socket and --port option values, and pass a --datadir=path option to mysqld_safe so that the server uses a different data directory.

Or we can Install multiple Mysql Using the Mysql sandbox tool.

Mysql sandbox :: -- MySQL Sandbox is a tool for installing one or more MySQL servers in isolation, without affecting other servers

Sunday, June 06, 2010

Running Multiple Mysql

Enable remote Mysql Procedure.

Enable remote Mysql Procedure.

1. Login to the server.
2. Edit /etc/my.cnf file (vi /etc/my.cnf)
3. Comment the Line Skip-networking or delete the Line
4. bind-address = Give the IP of the remote server.
bind-address : IP address to bind to
skip-networking : Don’t listen for TCP/IP connections at all. All interaction with mysqld must be made via Unix sockets. This option is highly recommended for systems where only local requests are allowed. Since you need to allow remote connection this line should be removed from my.cnf or put it in comment state.
5. Save the file and restart the service Mysql.
6. Grant access t the database
Eg :

mysql> CREATE DATABASE bvs;
mysql> GRANT ALL ON bvs.* TO bar@'IP address' IDENTIFIED BY 'PASSWORD';

7. If you want to Grant Access To An Existing Database?

Eg:

mysql> update db set Host='IP address' where Db='Database Name';
mysql> update user set Host='IP address' where user='Database User';

8. Open the port 3306 In the firewall
Eg : If you are using iptables.

iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT

only allow remote connection from your web server located at Particular IP address

iptables -A INPUT -i eth0 -s 10.5.1.3 -p tcp --destination-port 3306 -j ACCEPT

only allow remote connection from your lan subnet 192.168.1.0/24

iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --destination-port 3306 -j ACCEPT

Save the IP tables and restart.

My SQL Optimization

My SQL Optimization

You can edit this in the my.cnf file

A typical configuration that can be used by a shared server is given below.

[mysqld]

max_connections = 800

The number of simultaneous client connections allowed.

key_buffer = 36M

Index blocks for MyISAM and ISAM tables are buffered and are shared by all threads.

myisam_sort_buffer_size = 64M

The size of the buffer that is allocated when sorting MyISAM indexes during a REPAIR TABLE or when creating indexes with CREATE INDEX or ALTER TABLE.

join_buffer_size = 2M
The size of the buffer that is used for plain index scans, range index scans, and joins that do not use indexes and thus perform full table scans

Increase the value ofjoin_buffer_size to get a faster full join when adding indexes is not possible.

read_buffer_size = 2M

Each thread that does a sequential scan allocates a buffer of this size (in bytes) for each table it scans. If you do many sequential scans, you might want to increase this value.

sort_buffer_size = 3M

Each thread that needs to do a sort allocates a buffer of this size. Increase this value for faster ORDER BY orGROUP BY operations.

table_cache = 1024

The number of open tables for all threads. Increasing this value increases the number of file descriptors thatmysqld requires. You can check whether you need to increase the table cache by checking the Opened_tablesstatus variable

thread_cache_size = 286

How many threads the server should cache for reuse. When a client disconnects, the client's threads are put in the cache if there are fewer than thread_cache_size threads there

interactive_timeout = 25

The number of seconds the server waits for activity on an interactive connection before closing it

wait_timeout = 1800

The number of seconds the server waits for activity on a noninteractive connection before closing it. This timeout applies only to TCP/IP and Unix socket file connections, not to connections made via named pipes, or shared memory.

connect_timeout = 5

The number of seconds that the mysqld server waits for a connect packet before responding with Bad handshake. The default value is 5 seconds

max_allowed_packet = 16M

The maximum size of one packet or any generated/intermediate string.

max_connect_errors = 10

If there are more than this number of interrupted connections from a host, that host is blocked from further connections. You can unblock blocked hosts with the FLUSH HOSTS statement

query_cache_limit = 1M

Don't cache results that are larger than this number of bytes. The default value is 1MB.

query_cache_size = 16M

The amount of memory allocated for caching query results. The default value is 0, which disables the query cache. The allowable values are multiples of 1024;

query_cache_type = 1

Set the query cache type. Setting the GLOBAL value sets the type for all clients that connect thereafter. Individual clients can set the SESSION value to affect their own use of the query cache.

tmp_table_size = 16M

The maximum size of internal in-memory temporary tables. (The actual limit is determined as the minimum oftmp_table_size and max_heap_table_size.) If an in-memory temporary table exceeds the limit, MySQL automatically converts it to an on-disk MyISAM table.
skip-innodb

[mysqld_safe]
open_files_limit = 8192

Changes the number of file descriptors available to mysqld. You should try increasing the value of this option ifmysqld gives you the error Too many open files

Limiting the intensity of httpd Attack

Limiting the intensity of httpd Attack

First of all we need to check whether the attack is from a specified IP

You can check the number of connections from an IP using the Following script

netstat -plan|grep :80|awk '{print $5}'|cut -d: -f 1|sort|uniq -c|sort –n

You can block the IP from which the attack is going on.

Reload the Firewall after added the IP to the server (Good firewall
such as CSF and APF can be used for this purpose)

Tools for limiting the Httpd attacks

Install mod security

The DDOS attacks are generally targeted on HTTP. So its always good to have a filtering system for apache . So that the request gets analyzed before web server handles it.

Installation step of mod_security in DSO (Dynamic Shared Object) mode below

# wget Download the mod_Security module from the appropriate server
# Untar It
# cd mod_
# /usr/local/apache/bin/apxs -cia mod_security.c
Create a file named mod_security.conf under the folder /usr/local/apache/conf
# vi /usr/local/apache/conf/mod_security.conf
Create the rule with reference to the link http://www.modsecurity.org/documentation/quick-examples.html
and add it in the mod_security.conf file.
Add the location of mod_security.conf to httpd.conf
# vi /usr/local/apache/conf/httpd.conf
Add the string below Include /usr/local/apache/conf/mod_security.conf
# /usr/local/apache/bin/apachectl stop
# /usr/local/apache/bin/apachectl start

3. You can install Mod_dosevasive in the server to protect against the DDOS attack

# wget Download the mod_evasive module from the appropriate server

# Untar It
# cd mod_evasive …
# $APACHE_ROOT/bin/apxs -iac mod_evasive.c
Change the variable ``$APACHE_ROOT'' . It’s the variable which stores the location of the apache installation (eg $APACHE_ROOT =/usr/local/apache)
# vi /usr/loca/apache/conf/httpd.conf

After this add the below code in httpd.conf

DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10

# /usr/loca/apache/bin/apachectl restart

Common Issues in apache

When we ever face any issue with an apache server, First we need to check the Error log
In the case of apache server configured in Cpanel the error log is

/usr/local/apache/log/error_log

1# ) "500: Internal Server Error"

Fix

This may be a error with

1. File Permissions
2. script uploaded to the Improper location in the server.
3. Uploaded the script in binary mode while trying to uploaded through the FTP client
a. If it is a perl script you can check the script in the following ways
1. perl -wc scriptname.pl
This will check for the syntax errors in the script
2. perl -w scriptname.pl
This will help to diagnose the error from the error message from perl interpreter
4. Also check the Executable bit settings.

2#) The Error 404 "Page not found”

Fix

First we have to check the error log of the server.

Check for the file whether it existing or not.

Note that sometimes the file may present at the location but the page may be redirected to somewhere else through the .htaccess redirection.

Also we need to check that whether the URL specified by the client is correct

Also check whether is loading from the cached server. That means if a site containing a section which is changing frequently the error may occur due to the caching problem.

3# ) Domain is not loading.

1. Check whois record of the domain name.
You can verify this from the several sites such as (www.whois.net, centralops.net) etc.
2. If it is correct , check whether it is updated recently. (There will be certain propagation delay for the proper resolving of the domain globally, If it is updated recently)
3. Check the /etc/named.conf
4. Check the nameservers are pointing to the correct server. If yes please check the A record in the DB record is correct.
4#) Apache is not loading after some changes made in the httpd.conf

And if you don’t have a backup file for it

Then do a ./apachectl configtest (From the Binary directory of it.)

5#) “connection reset by peer” Issue

1. This may due to , someone typed in the wrong address or just got impatient while waiting for your site to load (May be trying to reload the site several time while loading the site)
2. Conjunction issues due to several connection to the server.
You can check the number of connections by the script given below.

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

6# ) When we are facing the issue "setgid: Invalid argument" at startup?

Group directive (probably in conf/httpd.conf) needs to name a group that actually exists in the /etc/group file. This may be due to when a negative number is used in the Group directive

7#) The domains not loading. If it is showing a blank page.

Please check whether there is more than two PHP versions are installed if add proper add handler.

May the sites requires fastcgi for its proper functioning.

Solution::

Compile PHP with fastcgi option and Add the following in the .htaccess file

AddHandler fastcgi-script fcgi
AddHandler php-cgi .php
Action php-cgi /cgi-sys/php5

8#) "Error 1.1 while fetching url http://localhost//cgi-sys/cp_ea3_cgi_test.cgi"

If you are getting the below error while recompiling apache using Easyapache, check whether the permissions for /usr/local/bin/perl is 755, if the permissions are wrong gave the correct permissions are check.

9#) If you are getting errors on easyapache like.

Internal Server Error

Premature end of script headers: /usr/local/cpanel/whostmgr/docroot/cgi/easyapache.pl: Please check / usr / local / cpanel / logs / error_log for the exact error.

cpsrvd/11.24 Server at 66.207.175.114

Try updating cpanel and if it does not fix the issue, try the below steps.

==
mv /home/.cpan /root
cpan (this puts you into cpan command prompt)
install Bundle::CPAN
reload cpan
reload index
exit (this returns you to normal command prompt)
/scripts/checkperlmodules --full
==

10#) If you find the errors in Apache error logs as follows:

No space left on device: Couldn’t create accept lock [or]
No space left on device: mod_rewrite: could not create rewrite_log_lock Configuration Failed

Fix:

ipcs -s | grep nobody
for i in `ipcs -s | grep nobody | awk ‘{print $2}’`; do ipcrm -s $i; done

The above errors will occur if the Apache user occupies a great number of semaphores

11#) Error from domain’s error log:

mod_security: Access denied with code 403. Error reading request body, error code 70007: The timeout specified has expired

Fix :

Increase the value of timeout in the /usr/local/apache/http.conf to 300

Then restart the apache server.

12#) Apache is not starting..

build_apache_conf
Path: /usr/local/cpanel/bin/build_apache_conf

Running this script may resolve the issue.

Then try to start the apache
/etc/init.d/httpd start

Apache Optimization

Apache "Directives"

You can configure the Apache software by modifying text configuration files. These files contain instructions. These instructions are created in a format known as "directives".

For Example:

Directives typically look like this:

ServerRoot /usr/local/lib/apache

OR

Order allow,deny
Allow from all
Deny from badusers.com

Directives are used in all configuration files

Optimizing the Directives

Timeout

The number of seconds before receives and sends is known as time out
By default the Timeout directive is set to 300 seconds.

We can decrease the Value of the timeout up to 15 Sec to avoid the potential effect of the DDOS attack or there is a heavy load in the server.

KeepAlive

The KeepAlive directive allows multiple requests to be sent over the same TCP connection.

For Eg:

If a particular page consists of lot of images in it, If KeepAlive is set to Off, then for each images, a separate TCP connection has to be made

Issues due to establishing lot of TCP connections can be eliminated by turning on the KeepAlive to On.

MaxKeepAliveRequests

The MaxKeepAliveRequests means that the maximum number of connections allowed in persistent connection.

Keep this value as 0 means that unlimited connections are possible. For the Maximum performance keep the value intact.

KeepAliveTimeout

It determines how long to wait for the next request for the processing. Generally we will set this value to a small one. That is in between 2-5 Secs.

MaxClients

It sets the limit on maximum simultaneous requests that can be supported by the server.

It is the maximum number of child processes spawned. It should be a medium value.

Setting this value to very low number creates the unused resources, since the new connections are put in queue, which eventually time-out.

Setting this value to very high number will cause the server to start swapping and the response time will degrade drastically

The apt value for the MaxClients can be calculated from the following equation.

MaxClients = Total RAM dedicated to the web server / Max child process size

DirectoryIndex

The DirectoryIndex directive sets the list of resources to look for, when the client requests an index of the directory.

DirectoryIndex index.html.var index.htm index.html index.shtml index.xhtml index.wml index.perl index.pl index.plx index.ppl index.cgi index.jsp index.js index.jp index.php4 index.php3 index.php index.phtml default.htm default.html home.htm index.php5 Default.html Default.htm home.html

Use the above given format rather than using the Wildcard method.

MPM (Multi-Processing Modules)

It is designed to allow more requests to be served simultaneously by passing off some processing work to supporting threads, freeing up the main threads to work on new requests.

StartServers

StartServers controls the number of child-processes that Apache forks before starting to accept connections

It is better to keep StartServers and MinSpareServers to high numbers,so that if you get a high load just after the server has been restarted, the fresh servers will be ready to serve requests immediately

FollowSymLinks and SymLinksIfOwnerMatch

For maximum performance, set FollowSymLinks everywhere and never set SymLinksIfOwnerMatch. Or else, if SymLinksIfOwnerMatch is required for a directory, then set it for that directory alone.

Common Configuration used in the Apache

Timeout 120
KeepAlive On
MaxKeepAliveRequests 300
KeepAliveTimeout 5
MinSpareServers 5
MaxSpareServers 20
StartServers 8
MaxClients 300
MaxRequestsPerChild 10

Saturday, June 05, 2010

Spamming Related issues

spam
====

LOG SELECTOR
---------------------
log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn

CATCH NOBODY SPAM
------------------
Step 1)
Login to your server and su - to root.

Step 2)
Turn off exim while we do this so it doesn't freak out.
/etc/init.d/exim stop

Step 3)
Backup your original /usr/sbin/sendmail file. On systems using Exim MTA, the
sendmail file is just basically a pointer to Exim itself.
mv /usr/sbin/sendmail /usr/sbin/sendmail.hidden

Step 4)
Create the spam monitoring script for the new sendmail.
pico /usr/sbin/sendmail

Paste in the following:

#!/usr/local/bin/perl

# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, ">>/var/log/spam_log") || die "Failed to open file ::$!";
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n";
}
else {

print INFO "$date - $PWD - @infon";

}
my $mailprog = '/usr/sbin/sendmail.hidden';
foreach (@ARGV) {
$arg="$arg" . " $_";
}

open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!n";
while ( ) {
print MAIL;
}
close (INFO);
close (MAIL);

Step 5)
Change the new sendmail permissions
chmod +x /usr/sbin/sendmail

Step 6)
Create a new log file to keep a history of all mail going out of the server
using web scripts
touch /var/log/spam_log

chmod 0777 /var/log/spam_log

Step 7)
Start Exim up again.
/etc/init.d/exim start

Step 8)
Monitor your spam_log file for spam, try using any formmail or script that
uses a mail function - a message board, a contact script.
tail - f /var/log/spam_log

Sample Log Output

Mon Apr 11 07:12:21 EDT 2005
- /home/username/public_html/directory/subdirectory - nobody x 99 99
Nobody / /sbin/nologin

Log Rotation Details
Your spam_log file isn't set to be rotated so it might get to be very large
quickly. Keep an eye on it and consider adding it to your logrotation.

pico /etc/logrotate.conf

FIND:
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}

ADD BELOW:

# SPAM LOG rotation
/var/log/spam_log {
monthly
create 0777 root root
rotate 1
}

Notes:
You may also want to chattr + i /usr/sbin/sendmail so it doesn't get
overwritten.

SPAM SCRIPT
-------------------
grep "blacklisted" /var/log/exim_mainlog -i > kilme
tail -100 kilme
tail /var/log/exim_paniclog
printf "\n"
printf "Spam Count = "
grep "blacklisted" kilme -c -i
printf "njabl.org = "
grep "njabl.org" kilme -c
printf "spamcop = "
grep "bl.spamcop" kilme -c
printf "spamhaus = "
grep "sbl.spamhaus" kilme -c
printf "dsbl.org = "
grep "dsbl" kilme -c
printf "abuseat = "
grep "abuseat.org" kilme -c
printf "ordb.org = "
grep "ordb" kilme -c
printf "Manual = "
grep "manual" kilme -c
printf "verify fail= "
grep "verify fail" /var/log/exim_mainlog -c
printf "No Relay = "
grep "not permitted" /var/log/exim_mainlog -c
printf "\n"
printf "All Spam: \n"
zgrep -ci "blacklisted" /var/log/exim_mainlog*
printf "\n"

DELETE JUNK MAILS
-------------------
#!/usr/bin/perl -w

#Removes junk mails including bounce backs from the mail queue
# Usage perl killmail &>

system "/etc/init.d/chkservd stop";
system "/etc/init.d/exim stop";

open FD, "exim -bpru |";

while () {
# Remove mails older than a day, ie >= 1d
if (/^[\s]*?[\d]+[d][\s]+[\d.]+\w?[\s]+([\w\d-]+).*/) {
print "$&\n";
system "exim -Mrm $1";
}
# Remove mails older than 9 hours
if (/^[\s]*?\d{2,}[h][\s]+[\d.]+\w?[\s]+([\w\d-]+).*/) {
print "$&\n";
system "exim -Mrm $1";
}
# Remove bounce backs, if any
if (/^[\s]*?\d+[mhd][\s]+[\d.]+\w?[\s]+([\w\d-]+)\s+<>/) {
print "$&\n";
system "exim -Mrm $1";
}
}

Web hosting related FAQ's

How can I set up a default page which is generated when any new domain is created on server?

You can set up a default site in the directory /root/cpanel3-skel/public_html/ and it will be the default website for all accounts added afterwards.

How can I create a demo version of cPanel?

To do this, create a new "dummy" account in WebHost Manager. Feel free to use a fake domain name. Then, you can use branding to modify the account with your company's logo and look if you'd like.

Now, go to Account Functions >> Disable or Enable Demo Mode in WebHost? Manager and turn the account into a demo account.

How do I increase the maximum number of IMAP or POP3 connections?

Go to Service Configuration >> Courier Configuration and set the values as required.

How do I stop users from getting the "There is a problem with this website's security certificate" message when logging into cPanel?

Under Manage Service SSL Certificates in the Service Configuration section of WHM, you can change the certificates for cPanel/WHM/Webmail, your mail servers, etc. You'll need to replace the self-signed certificate with one trusted by the common browsers.

To do this, you can purchase a SSL certificate through WHM for your hostname by using Purchase & Install SSL Certificate under SSL/TLS.

How do I setup personal nameservers in WHM?

You will need an IP address for each nameserver.

Under Basic cPanel/WHM Setup, scroll down to Primary Nameserver.

Now add your nameservers in the fields available. Click on Assign IP Address next to each nameserver to assign it an IP. Then add an A entry so they will resolve through DNS. Finally, make sure that you scroll down and click on Nameserver Setup under Service Configuration and enable the nameserver.

Various Security Related Softwares used in Linux and its installation Procedures

Security
======
APF

cd /usr/local/src/;
wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz;
tar -xvzf apf-current.tar.gz;
rm -rf apf-current.tar.gz;
cd apf-0*;
./install.sh

BFD

cd /usr/local/src/;
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz;
tar -xvzf bfd-current.tar.gz;
rm -rf bfd-current.tar.gz;
cd bfd-0*;
./install.sh

CSF

http://configserver.com/cp/csf.html

cd /usr/local/src/;
wget http://www.configserver.com/free/csf.tgz;
tar -xzf csf.tgz;
cd csf;
sh install.sh

RkHunter

cd /usr/local/src/;
wget http://downloads.rootkit.nl/rkhunter-1.1.4.tar.gz;
tar -xzvf rkhunter-1.1.4.tar.gz;
rm -rf rkhunter-*;
cd rkhunter;
./installer.sh

Run
rkhunter -c

ChkRootkit

cd /usr/local/src/;
wget http://www.net-security.org/dl/software/chkrootkit.tar.gz;
tar zxvf chkrootkit.tar.gz;
rm -rf chkrootkit.tar.gz;
cd chkrootkit-0*;
make sense

Run
./chkrootkit -x

DDOS-Deflate

Description:
When you run this Perl script, it will then run an netstat command check how many times each IP is connected and if there are more then the number of connections you specified then it will automatically run a command in APF for the IP to be banned.

Installing:
wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh

Uninstalling:
wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos

Secure Nobody

wget -O securenobody.rpm servstra.com/securenobody.rpm;
rpm -Uvh securenobody.rpm;
cd /usr/local/securenobody ;
./securenobody

PLESK Backend Files

HTTP :-
---------
CONF FILES /etc/httpd/conf/httpd.conf
LOG FILES /var/log/http/
START/STOP /etc/rc.d/init.d/httpd start/stop
Comments /etc/rc.d/init.d/psa for starting https

DNS:-
---------
CONF FILE /var/named/ run-root/etc/
DB FILES /etc/rc.d/init.d/named start/stop
START/STOP /var/named/ run-root/var/

MAIL:-QMAIL
--------
CONF FILE /var/qmail/control/
LOG FILES /var/log/maillog
START/STOP /etc/rc.d/init.d/courier-imap,pop start/stop
MAIL DIRECTORY /var/qmail/mailnames/domainname/user/Maildir/new,cur,tmp

DATABASE:-
-----------------
CONF FILE /etc/my.cnf
DATABASE PATH /var/lib/mysql/
START/STOP /etc/rc.d/init.d/mysqld start/stop

FTP:-
-------
CONF FILE /etc/proftpd.conf
START/STOP /etc/rc.d/init.d/xinetd ftp start/stop

Various Port Number Commonly used (Web hosting industry)

Ports
=====

ftp :21
ssh :22
telnet :23
smtp :25
dns :53
http :80
https :443
pop3 :110
pop3s :990
imap :143
imaps :993
nfs :2049
MSSQL :1433
rdesk :3389
MySql :3306
WHM :2086 Secure :2087
Cpanel :2082 Secure :2083
Plesk :8880 Secure :8443
Vps :4643
Vdeck :8080 Secure :8087
Webmail:2095

How to change hostname of a VPS?

Enter the command in the node

vzctl set VEID --hostname --save

eg:

vzctl set 101 --hostname sample.hostname.com --save

Do not forget to give the option --save otherwise it will be removed on the next restart.

Aliasing and Functions : This will make things simpler

Suppose you want to delete all *.* files recursively. you can alias

alias clean="rm -f `find . -name "*.*"`" (Take Care while using dangerous rm command at any time while navigating through unix)

if you need to go to a lengthy path every time for eg
cd src/best/value/support/com many times put an alias

alias in=" cd src/best/value/support/com "

How to create a .htaccess file with a specified rule

Here is an online tool for creating the .htaccess file

http://www.htaccesseditor.com/en.shtml

How to add awstats in your website using php

Just create a php file like awstats.php and add the below given content to it. You need to edit the 2^nd, 3^rd and 4^th line of the code with your cpanel username, cpanel password and your website address.

$user = 'cpanel username'; //your cpanel username
$pass = 'cpanel password'; //your cpanel password
$domain = 'your website'; //do not include 'http://' or 'www.'

//retrieves the file, either .pl or .png
function getFile($fileQuery){
global $user, $pass, $domain;
return file_get_contents("http://$user:$pass@$domain:2082/".$fileQuery,'r');
}

//it's a .png file...
if(strpos($_SERVER['QUERY_STRING'],'.png')!==false) {
$fileQuery = $_SERVER['QUERY_STRING'];
}
//probably first time to access page...
elseif(empty($_SERVER['QUERY_STRING'])){
$fileQuery = "awstats.pl?config=$domain";
}
//otherwise, all other accesses
else {
$fileQuery = 'awstats.pl?'.$_SERVER['QUERY_STRING'];
}

//now get the file
$file = getFile($fileQuery);

//check again to see if it was a .png file
//if it's not, replace the links
if(strpos($_SERVER['QUERY_STRING'],'.png')===false) {
$file = str_replace('awstats.pl', basename($_SERVER['PHP_SELF']), $file);
$file = str_replace('="/images','="'.basename($_SERVER['PHP_SELF']).'?images',$file);
}
//if it is a png, output appropriate header
else {
header("Content-type: image/png");
}

//output the file
echo $file;
?>

SSH/Putty -- How can I enter in to Linux system without the passsword

SSH/Putty -- How can I enter in to Linux system without the password?

===========

You need to make sure that server accepts password less connections or logins. That means enabling the public key authentication to the server. In order to make this you need to uncomment(If the line is existing) or add(If the lines are not present) the following lines.

Steps

====

1. Login as root.

2. vim /etc/ssh/sshd_config

3. Uncomment the following lines

#RSAAuthentication yes

#PubkeyAuthentication yes

If the line is not present in the file

You can add this using the following command

echo -e "RSAAuthentication yes \nPubkeyAuthentication yes" >> /etc/ssh/sshd_config

4. Restart you ssh service

service sshd restart

/etc/init.d/sshd restart

5. Run this script

if [ -d /root/.ssh ] ; then echo fine; else `mkdir /root/.ssh`;fi;chmod 700 /root/.ssh

6. Thats up to the server side

Client side Configurations

------------------------

First of all we need to setup a keypair. If you already have the files ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub, We can proceed further with the same. If not, then we need to add them. Use the following command:

ssh-keygen -t rsa

You will then be asked some questions. Simply hit “Enter” to answer them all:

Generating public/private rsa key pair.

Enter file in which to save the key (/home/bestval/.ssh/id_rsa): (By default it will be saved in the .ssh folder of the user's home directory with the name id_rsa )

Enter passphrase (empty for no passphrase): (If you need additional security you can enter the passphrase, which is used to open the generated file.)

Enter same passphrase again:

Your identification has been saved in /home/bestvale/.ssh/id_rsa.

Your public key has been saved in /home/bestval/.ssh/id_rsa.pub.

Answering without putting in a password means that the keys can be unlocked without a password, which is the whole point of “passwordless” login.

Then there is a little steps to be completed.

Either you can copy the Public in to the server by simply SCP the file in to the server

For Eg:

Simply you can use the command

ssh-copy-id -i ~/.ssh/id_rsa.pub username@remote_host

This will ask the password and give the corresponding user's password

scp /home/bestval/.ssh/id_rsa.pub. username@IP address://user's directory name/.ssh/