Linux Info
Simple Linux Tips and most of them are related with the Web hosting industry
Search This Blog
Tuesday, September 10, 2013
Use of stat command....
=> File size
=> File type
=> Inode number
=> UID/GID
=> File access , modify and creation time etc.
stat command example
$ stat /etc/passwd
Display file system status
You can display file system status instead of file status. For example, display status for / file system:
$ stat -f /
Set timezone using /etc/localtime configuration file [any Linux distro]
Often /etc/localtime is a symlink to the file localtime or to the correct time zone file in the system time zone directory.
Create a symlink to file localtime:
# ln -sf /usr/share/zoneinfo/EST /etc/localtime
Eg: # ln -sf /usr/share/zoneinfo/Asia/Calcutta /etc/localtime
date -s "10/15/2005 09:40:00 EDT"
date -s "10/15/2005 09:40:00"
/sbin/hwclock --systohc
Edit the /etc/sysconfig/clock text file so that it looks like this:
ZONE="America/Denver"
UTC=true
ARC=false
Of course, this assumes that your hardware clock is running UTC time...
3. Delete the following file: /etc/localtime
4. Create a new soft link for /etc/localtime. Here is an example of step 3 and step 4:
# cd /etc
# ls -al localtime
lrwxrwxrwx 1 root root 39 Mar 28 07:00 localtime -> /usr/share/zoneinfo/America/Los_Angeles
# rm /etc/localtime
# ln -s /usr/share/zoneinfo/America/Denver /etc/localtime
# ls -al localtime
lrwxrwxrwx 1 root root 34 Mar 28 08:59 localtime -> /usr/share/zoneinfo/America/Denver
# date
Fri Mar 28 09:00:04 MST 2003
date; date > ~/date."bak-`/bin/date`"; cat /etc/sysconfig/clock; ls -l /etc/localtime
NTP Configuration and Usage:
Various Port Numbers for Quick Ref.
22 => SSH
23 => Telnet
25 => SMTP Mail Transfer
43 => WHOIS service
53 => name server (DNS)
80 => HTTP (Web server)
110 => POP protocol (for email)
443 => HTTP Secure (SSL for https:// )
995 => POP over SSL/TLS
9999 => Urchin
3306 = > MysQL Server
2082 => CPANEL Default
2083 => CPANEL - Secure/SSL
2086 => CPANEL WHM
2087 => CPANEL WHM - Secure/SSL
2095 => cpanel webmail
2096 => cpanel webmail - secure/SSL
Plesk Control Panel => 8880
Plesk Control Panel => 8443
DirectAdmin Control Panel => 2222
Webmin Control Panel => 10000
A simple script that will help you to understand the usage of [if elif else fi] and check whether file or directory.
#code goes here.
#!/bin/bash
echo -n "Enter the filename : ";
read myfile;
echo -n "Are you sure (Yes/No)?"
read confirm;
#Checking the entered file type
if [ -f $myfile ]; then
value="File"
elif [ -d $myfile ]; then
value="Directory"
else
value="Special file"
fi
#user confirmation for deletion
confirm="$(echo ${confirm} | tr 'A-Z' 'a-z')"
if [ "$confirm" == "yes" ]; then
#deleting the file/directory
[ -f $myfile ] || [ -d $myfile ] && /bin/rm -r $myfile && echo "$value $myfile has been deleted"|| echo "Error - Unable to locate the file $myfile"
else
echo " Program exiting...."
fi
#------------------------------
Monday, September 09, 2013
View the Content of initrd image in Linux
How can the content of initrd can be viewed?
Go to the /boot directory of linux and copy the initrd file to another location.
1. Create a folder
[ajasoman@oc1120611582 ~]$ mkdir initrd
2. Change to that directory and copy the initrd file to there..
[ajasoman@oc1120611582 ~]$ cd initrd
[ajasoman@oc1120611582 initrd]$ cp /boot/initramfs-2.6.32-358.11.1.el6.x86_64.img /home/ajasoman/initrd
[ajasoman@oc1120611582 initrd]$ ls initramfs-2.6.32-358.11.1.el6.x86_64.img
3. Rename the file to .gz
mv initramfs-2.6.32-358.11.1.el6.x86_64.img initramfs-2.6.32-358.11.1.el6.x86_64.gz
4. Use gunzip command to un-compress the file
gunzip initramfs-2.6.32-358.11.1.el6.x86_64.gz
5. Use cpio command to convert
[ajasoman@oc1120611582 initrd]$ cpio -ivd < initramfs-2.6.32-358.11.1.el6.x86_64
.
initqueue-finished
proc
pre-udev
pre-udev/30block-genrules.sh
pre-udev/30dmsquash-liveiso-genrules.sh
pre-udev/30dm-pre-udev.sh
pre-udev/30resume-genrules.sh
pre-udev/30mdmon-pre-udev.sh
dracut-004-303.el6
lib64
lib64/li
6. See the o/p using ls
[ajasoman@oc1120611582 initrd]$ ls -l
total 50300
drwxr-xr-x 2 ajasoman ajasoman 4096 Sep 9 23:40 bin
drwxr-xr-x 2 ajasoman ajasoman 4096 Sep 9 23:40 cmdline
drwxr-xr-x 3 ajasoman ajasoman 4096 Sep 9 23:40 dev
-rw-r--r-- 1 ajasoman ajasoman 19 Sep 9 23:40 dracut-004-303.el6
drwxr-xr-x 2 ajasoman ajasoman 4096 Sep 9 23:40 emergency
drwxr-xr-x 7 ajasoman ajasoman 4096 Sep 9 23:40 etc
-rwxr-xr-x 1 ajasoman ajasoman 8879 Sep 9 23:40 init
drwxr-xr-x 2 ajasoman ajasoman 4096 Sep 9 23:40 initqueue
drwxr-xr-x 2 ajasoman ajasoman 4096 Sep 9 23:40 initqueue-finished
drwxr-xr-x 2 ajasoman ajasoman 4096 Sep 9 23:40 initqueue-settled
drwxr-xr-x 2 ajasoman ajasoman 4096 Sep 9 23:40 initqueue-timeout
-rw-r--r-- 1 ajasoman ajasoman 51398656 Sep 9 23:11 initramfs-2.6.32-358.11.1.el6.x86_64
drwxr-xr-x 7 ajasoman ajasoman 4096 Sep 9 23:40 lib
drwxr-xr-x 4 ajasoman ajasoman 4096 Sep 9 23:40 lib64
drwxr-xr-x 2 ajasoman ajasoman 4096 Sep 9 23:40 mount
drwxr-xr-x 2 ajasoman ajasoman 4096 Sep 9 23:40 pre-pivot
drwxr-xr-x 2 ajasoman ajasoman 4096 Sep 9 23:40 pre-trigger
drwxr-xr-x 2 ajasoman ajasoman 4096 Sep 9 23:40 pre-udev
drwxr-xr-x 2 ajasoman ajasoman 4096 Sep 9 23:40 proc
drwxr-xr-x 2 ajasoman ajasoman 4096 Sep 9 23:40 sbin
drwxr-xr-x 2 ajasoman ajasoman 4096 Sep 9 23:40 sys
drwxr-xr-x 2 ajasoman ajasoman 4096 Sep 9 23:40 sysroot
drwxrwxrwt 2 ajasoman ajasoman 4096 Sep 9 23:40 tmp
drwxr-xr-x 7 ajasoman ajasoman 4096 Sep 9 23:40 usr
drwxr-xr-x 4 ajasoman ajasoman 4096 Sep 9 23:40 var
[ajasoman@oc1120611582 initrd]$
Monday, June 07, 2010
Running Multiple Mysql on same Mechine
The easiest way is to run multiple servers on Unix is to compile them with different TCP/IP ports and Unix socket files so that each one is listening on different network interfaces. Compiling in different base directories for each installation also results automatically in a separate, compiled-in data directory, log file, and PID file location for each server.
If the existing Mysql server is configured for the default TCP/IP port number (3306) and Unix socket file (/tmp/mysql.sock).
To configure a new My sql server to have different operating parameters, use a configure command something like this:
shell> ./configure --with-tcp-port=port_number (3307)\
--with-unix-socket-path=file_name (/tmp/new.mysql.sock \
--prefix=/usr/local/mysql-5.1.46
Here, port_number and file_name must be different from the default TCP/IP port number and Unix socket file path name, and the --prefix value should specify an installation directory different from the one under which the existing MySQL installation is located. As mentioned above.
Open the new port in the firewall.
shell> mysqld_safe --socket=file_name --port=port_number
To start a second server, provide different --socket and --port option values, and pass a --datadir=path option to mysqld_safe so that the server uses a different data directory.
Or we can Install multiple Mysql Using the Mysql sandbox tool.
Mysql sandbox :: -- MySQL Sandbox is a tool for installing one or more MySQL servers in isolation, without affecting other servers
Sunday, June 06, 2010
Running Multiple Mysql
The easiest way is to run multiple servers on Unix is to compile them with different TCP/IP ports and Unix socket files so that each one is listening on different network interfaces. Compiling in different base directories for each installation also results automatically in a separate, compiled-in data directory, log file, and PID file location for each server.
If the existing Mysql server is configured for the default TCP/IP port number (3306) and Unix socket file (/tmp/mysql.sock).
To configure a new My sql server to have different operating parameters, use a configure command something like this:
shell> ./configure --with-tcp-port=port_number (3307)\
--with-unix-socket-path=file_name (/tmp/new.mysql.sock \
--prefix=/usr/local/mysql-5.1.46
Here, port_number and file_name must be different from the default TCP/IP port number and Unix socket file path name, and the --prefix value should specify an installation directory different from the one under which the existing MySQL installation is located. As mentioned above.
Open the new port in the firewall.
shell> mysqld_safe --socket=file_name --port=port_number
To start a second server, provide different --socket and --port option values, and pass a --datadir=path option to mysqld_safe so that the server uses a different data directory.
Or we can Install multiple Mysql Using the Mysql sandbox tool.
Mysql sandbox :: -- MySQL Sandbox is a tool for installing one or more MySQL servers in isolation, without affecting other servers
Enable remote Mysql Procedure.
1. Login to the server.
2. Edit /etc/my.cnf file (vi /etc/my.cnf)
3. Comment the Line Skip-networking or delete the Line
4. bind-address = Give the IP of the remote server.
bind-address : IP address to bind to
skip-networking : Don’t listen for TCP/IP connections at all. All interaction with mysqld must be made via Unix sockets. This option is highly recommended for systems where only local requests are allowed. Since you need to allow remote connection this line should be removed from my.cnf or put it in comment state.
5. Save the file and restart the service Mysql.
6. Grant access t the database
Eg :
mysql> CREATE DATABASE bvs;
mysql> GRANT ALL ON bvs.* TO bar@'IP address' IDENTIFIED BY 'PASSWORD';
7. If you want to Grant Access To An Existing Database?
Eg:
mysql> update db set Host='IP address' where Db='Database Name';
mysql> update user set Host='IP address' where user='Database User';
8. Open the port 3306 In the firewall
Eg : If you are using iptables.
iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT
only allow remote connection from your web server located at Particular IP address
iptables -A INPUT -i eth0 -s 10.5.1.3 -p tcp --destination-port 3306 -j ACCEPT
only allow remote connection from your lan subnet 192.168.1.0/24
iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --destination-port 3306 -j ACCEPT
Save the IP tables and restart.
My SQL Optimization
You can edit this in the my.cnf file
A typical configuration that can be used by a shared server is given below.
[mysqld]
max_connections = 800
The number of simultaneous client connections allowed.
key_buffer = 36M
Index blocks for MyISAM and ISAM tables are buffered and are shared by all threads.
myisam_sort_buffer_size = 64M
The size of the buffer that is allocated when sorting MyISAM indexes during a REPAIR TABLE or when creating indexes with CREATE INDEX or ALTER TABLE.
join_buffer_size = 2M
The size of the buffer that is used for plain index scans, range index scans, and joins that do not use indexes and thus perform full table scans
Increase the value ofjoin_buffer_size to get a faster full join when adding indexes is not possible.
read_buffer_size = 2M
Each thread that does a sequential scan allocates a buffer of this size (in bytes) for each table it scans. If you do many sequential scans, you might want to increase this value.
sort_buffer_size = 3M
Each thread that needs to do a sort allocates a buffer of this size. Increase this value for faster ORDER BY orGROUP BY operations.
table_cache = 1024
The number of open tables for all threads. Increasing this value increases the number of file descriptors thatmysqld requires. You can check whether you need to increase the table cache by checking the Opened_tablesstatus variable
thread_cache_size = 286
How many threads the server should cache for reuse. When a client disconnects, the client's threads are put in the cache if there are fewer than thread_cache_size threads there
interactive_timeout = 25
The number of seconds the server waits for activity on an interactive connection before closing it
wait_timeout = 1800
The number of seconds the server waits for activity on a noninteractive connection before closing it. This timeout applies only to TCP/IP and Unix socket file connections, not to connections made via named pipes, or shared memory.
connect_timeout = 5
The number of seconds that the mysqld server waits for a connect packet before responding with Bad handshake. The default value is 5 seconds
max_allowed_packet = 16M
The maximum size of one packet or any generated/intermediate string.
max_connect_errors = 10
If there are more than this number of interrupted connections from a host, that host is blocked from further connections. You can unblock blocked hosts with the FLUSH HOSTS statement
query_cache_limit = 1M
Don't cache results that are larger than this number of bytes. The default value is 1MB.
query_cache_size = 16M
The amount of memory allocated for caching query results. The default value is 0, which disables the query cache. The allowable values are multiples of 1024;
query_cache_type = 1
Set the query cache type. Setting the GLOBAL value sets the type for all clients that connect thereafter. Individual clients can set the SESSION value to affect their own use of the query cache.
tmp_table_size = 16M
The maximum size of internal in-memory temporary tables. (The actual limit is determined as the minimum oftmp_table_size and max_heap_table_size.) If an in-memory temporary table exceeds the limit, MySQL automatically converts it to an on-disk MyISAM table.
skip-innodb
[mysqld_safe]
open_files_limit = 8192
Changes the number of file descriptors available to mysqld. You should try increasing the value of this option ifmysqld gives you the error Too many open files
Limiting the intensity of httpd Attack
First of all we need to check whether the attack is from a specified IP
You can check the number of connections from an IP using the Following script
netstat -plan|grep :80|awk '{print $5}'|cut -d: -f 1|sort|uniq -c|sort –n
You can block the IP from which the attack is going on.
Reload the Firewall after added the IP to the server (Good firewall
such as CSF and APF can be used for this purpose)
Tools for limiting the Httpd attacks
Install mod security
The DDOS attacks are generally targeted on HTTP. So its always good to have a filtering system for apache . So that the request gets analyzed before web server handles it.
Installation step of mod_security in DSO (Dynamic Shared Object) mode below
# wget Download the mod_Security module from the appropriate server
# Untar It
# cd mod_
# /usr/local/apache/bin/apxs -cia mod_security.c
Create a file named mod_security.conf under the folder /usr/local/apache/conf
# vi /usr/local/apache/conf/mod_security.conf
Create the rule with reference to the link http://www.modsecurity.org/documentation/quick-examples.html
and add it in the mod_security.conf file.
Add the location of mod_security.conf to httpd.conf
# vi /usr/local/apache/conf/httpd.conf
Add the string below Include /usr/local/apache/conf/mod_security.conf
# /usr/local/apache/bin/apachectl stop
# /usr/local/apache/bin/apachectl start
3. You can install Mod_dosevasive in the server to protect against the DDOS attack
# wget Download the mod_evasive module from the appropriate server
# Untar It
# cd mod_evasive …
# $APACHE_ROOT/bin/apxs -iac mod_evasive.c
Change the variable ``$APACHE_ROOT'' . It’s the variable which stores the location of the apache installation (eg $APACHE_ROOT =/usr/local/apache)
# vi /usr/loca/apache/conf/httpd.conf
After this add the below code in httpd.conf
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
# /usr/loca/apache/bin/apachectl restart
Common Issues in apache
In the case of apache server configured in Cpanel the error log is
/usr/local/apache/log/error_log
1# ) "500: Internal Server Error"
Fix
This may be a error with
1. File Permissions
2. script uploaded to the Improper location in the server.
3. Uploaded the script in binary mode while trying to uploaded through the FTP client
a. If it is a perl script you can check the script in the following ways
1. perl -wc scriptname.pl
This will check for the syntax errors in the script
2. perl -w scriptname.pl
This will help to diagnose the error from the error message from perl interpreter
4. Also check the Executable bit settings.
2#) The Error 404 "Page not found”
Fix
First we have to check the error log of the server.
Check for the file whether it existing or not.
Note that sometimes the file may present at the location but the page may be redirected to somewhere else through the .htaccess redirection.
Also we need to check that whether the URL specified by the client is correct
Also check whether is loading from the cached server. That means if a site containing a section which is changing frequently the error may occur due to the caching problem.
3# ) Domain is not loading.
1. Check whois record of the domain name.
You can verify this from the several sites such as (www.whois.net, centralops.net) etc.
2. If it is correct , check whether it is updated recently. (There will be certain propagation delay for the proper resolving of the domain globally, If it is updated recently)
3. Check the /etc/named.conf
4. Check the nameservers are pointing to the correct server. If yes please check the A record in the DB record is correct.
4#) Apache is not loading after some changes made in the httpd.conf
And if you don’t have a backup file for it
Then do a ./apachectl configtest (From the Binary directory of it.)
5#) “connection reset by peer” Issue
1. This may due to , someone typed in the wrong address or just got impatient while waiting for your site to load (May be trying to reload the site several time while loading the site)
2. Conjunction issues due to several connection to the server.
You can check the number of connections by the script given below.
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
6# ) When we are facing the issue "setgid: Invalid argument" at startup?
Group directive (probably in conf/httpd.conf) needs to name a group that actually exists in the /etc/group file. This may be due to when a negative number is used in the Group directive
7#) The domains not loading. If it is showing a blank page.
Please check whether there is more than two PHP versions are installed if add proper add handler.
May the sites requires fastcgi for its proper functioning.
Solution::
Compile PHP with fastcgi option and Add the following in the .htaccess file
AddHandler fastcgi-script fcgi
AddHandler php-cgi .php
Action php-cgi /cgi-sys/php5
8#) "Error 1.1 while fetching url http://localhost//cgi-sys/cp_ea3_cgi_test.cgi"
If you are getting the below error while recompiling apache using Easyapache, check whether the permissions for /usr/local/bin/perl is 755, if the permissions are wrong gave the correct permissions are check.
9#) If you are getting errors on easyapache like.
Internal Server Error
Premature end of script headers: /usr/local/cpanel/whostmgr/docroot/cgi/easyapache.pl: Please check / usr / local / cpanel / logs / error_log for the exact error.
cpsrvd/11.24 Server at 66.207.175.114
Try updating cpanel and if it does not fix the issue, try the below steps.
==
mv /home/.cpan /root
cpan (this puts you into cpan command prompt)
install Bundle::CPAN
reload cpan
reload index
exit (this returns you to normal command prompt)
/scripts/checkperlmodules --full
==
10#) If you find the errors in Apache error logs as follows:
No space left on device: Couldn’t create accept lock [or]
No space left on device: mod_rewrite: could not create rewrite_log_lock Configuration Failed
Fix:
ipcs -s | grep nobody
for i in `ipcs -s | grep nobody | awk ‘{print $2}’`; do ipcrm -s $i; done
The above errors will occur if the Apache user occupies a great number of semaphores
11#) Error from domain’s error log:
mod_security: Access denied with code 403. Error reading request body, error code 70007: The timeout specified has expired
Fix :
Increase the value of timeout in the /usr/local/apache/http.conf to 300
Then restart the apache server.
12#) Apache is not starting..
build_apache_conf
Path: /usr/local/cpanel/bin/build_apache_conf
Running this script may resolve the issue.
Then try to start the apache
/etc/init.d/httpd start
Apache Optimization
You can configure the Apache software by modifying text configuration files. These files contain instructions. These instructions are created in a format known as "directives".
For Example:
Directives typically look like this:
ServerRoot /usr/local/lib/apache
OR
Order allow,deny
Allow from all
Deny from badusers.com
Directives are used in all configuration files
Optimizing the Directives
Timeout
The number of seconds before receives and sends is known as time out
By default the Timeout directive is set to 300 seconds.
We can decrease the Value of the timeout up to 15 Sec to avoid the potential effect of the DDOS attack or there is a heavy load in the server.
KeepAlive
The KeepAlive directive allows multiple requests to be sent over the same TCP connection.
For Eg:
If a particular page consists of lot of images in it, If KeepAlive is set to Off, then for each images, a separate TCP connection has to be made
Issues due to establishing lot of TCP connections can be eliminated by turning on the KeepAlive to On.
MaxKeepAliveRequests
The MaxKeepAliveRequests means that the maximum number of connections allowed in persistent connection.
Keep this value as 0 means that unlimited connections are possible. For the Maximum performance keep the value intact.
KeepAliveTimeout
It determines how long to wait for the next request for the processing. Generally we will set this value to a small one. That is in between 2-5 Secs.
MaxClients
It sets the limit on maximum simultaneous requests that can be supported by the server.
It is the maximum number of child processes spawned. It should be a medium value.
Setting this value to very low number creates the unused resources, since the new connections are put in queue, which eventually time-out.
Setting this value to very high number will cause the server to start swapping and the response time will degrade drastically
The apt value for the MaxClients can be calculated from the following equation.
MaxClients = Total RAM dedicated to the web server / Max child process size
DirectoryIndex
The DirectoryIndex directive sets the list of resources to look for, when the client requests an index of the directory.
DirectoryIndex index.html.var index.htm index.html index.shtml index.xhtml index.wml index.perl index.pl index.plx index.ppl index.cgi index.jsp index.js index.jp index.php4 index.php3 index.php index.phtml default.htm default.html home.htm index.php5 Default.html Default.htm home.html
Use the above given format rather than using the Wildcard method.
MPM (Multi-Processing Modules)
It is designed to allow more requests to be served simultaneously by passing off some processing work to supporting threads, freeing up the main threads to work on new requests.
StartServers
StartServers controls the number of child-processes that Apache forks before starting to accept connections
It is better to keep StartServers and MinSpareServers to high numbers,so that if you get a high load just after the server has been restarted, the fresh servers will be ready to serve requests immediately
FollowSymLinks and SymLinksIfOwnerMatch
For maximum performance, set FollowSymLinks everywhere and never set SymLinksIfOwnerMatch. Or else, if SymLinksIfOwnerMatch is required for a directory, then set it for that directory alone.
Common Configuration used in the Apache
Timeout 120
KeepAlive On
MaxKeepAliveRequests 300
KeepAliveTimeout 5
MinSpareServers 5
MaxSpareServers 20
StartServers 8
MaxClients 300
MaxRequestsPerChild 10
Saturday, June 05, 2010
Spamming Related issues
====
LOG SELECTOR
---------------------
log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
CATCH NOBODY SPAM
------------------
Step 1)
Login to your server and su - to root.
Step 2)
Turn off exim while we do this so it doesn't freak out.
/etc/init.d/exim stop
Step 3)
Backup your original /usr/sbin/sendmail file. On systems using Exim MTA, the
sendmail file is just basically a pointer to Exim itself.
mv /usr/sbin/sendmail /usr/sbin/sendmail.hidden
Step 4)
Create the spam monitoring script for the new sendmail.
pico /usr/sbin/sendmail
Paste in the following:
#!/usr/local/bin/perl
# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, ">>/var/log/spam_log") || die "Failed to open file ::$!";
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n";
}
else {
print INFO "$date - $PWD - @infon";
}
my $mailprog = '/usr/sbin/sendmail.hidden';
foreach (@ARGV) {
$arg="$arg" . " $_";
}
open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!n";
while ( ) {
print MAIL;
}
close (INFO);
close (MAIL);
Step 5)
Change the new sendmail permissions
chmod +x /usr/sbin/sendmail
Step 6)
Create a new log file to keep a history of all mail going out of the server
using web scripts
touch /var/log/spam_log
chmod 0777 /var/log/spam_log
Step 7)
Start Exim up again.
/etc/init.d/exim start
Step 8)
Monitor your spam_log file for spam, try using any formmail or script that
uses a mail function - a message board, a contact script.
tail - f /var/log/spam_log
Sample Log Output
Mon Apr 11 07:12:21 EDT 2005
- /home/username/public_html/directory/subdirectory - nobody x 99 99
Nobody / /sbin/nologin
Log Rotation Details
Your spam_log file isn't set to be rotated so it might get to be very large
quickly. Keep an eye on it and consider adding it to your logrotation.
pico /etc/logrotate.conf
FIND:
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
ADD BELOW:
# SPAM LOG rotation
/var/log/spam_log {
monthly
create 0777 root root
rotate 1
}
Notes:
You may also want to chattr + i /usr/sbin/sendmail so it doesn't get
overwritten.
SPAM SCRIPT
-------------------
grep "blacklisted" /var/log/exim_mainlog -i > kilme
tail -100 kilme
tail /var/log/exim_paniclog
printf "\n"
printf "Spam Count = "
grep "blacklisted" kilme -c -i
printf "njabl.org = "
grep "njabl.org" kilme -c
printf "spamcop = "
grep "bl.spamcop" kilme -c
printf "spamhaus = "
grep "sbl.spamhaus" kilme -c
printf "dsbl.org = "
grep "dsbl" kilme -c
printf "abuseat = "
grep "abuseat.org" kilme -c
printf "ordb.org = "
grep "ordb" kilme -c
printf "Manual = "
grep "manual" kilme -c
printf "verify fail= "
grep "verify fail" /var/log/exim_mainlog -c
printf "No Relay = "
grep "not permitted" /var/log/exim_mainlog -c
printf "\n"
printf "All Spam: \n"
zgrep -ci "blacklisted" /var/log/exim_mainlog*
printf "\n"
DELETE JUNK MAILS
-------------------
#!/usr/bin/perl -w
#Removes junk mails including bounce backs from the mail queue
# Usage perl killmail &>
system "/etc/init.d/chkservd stop";
system "/etc/init.d/exim stop";
open FD, "exim -bpru |";
while () {
# Remove mails older than a day, ie >= 1d
if (/^[\s]*?[\d]+[d][\s]+[\d.]+\w?[\s]+([\w\d-]+).*/) {
print "$&\n";
system "exim -Mrm $1";
}
# Remove mails older than 9 hours
if (/^[\s]*?\d{2,}[h][\s]+[\d.]+\w?[\s]+([\w\d-]+).*/) {
print "$&\n";
system "exim -Mrm $1";
}
# Remove bounce backs, if any
if (/^[\s]*?\d+[mhd][\s]+[\d.]+\w?[\s]+([\w\d-]+)\s+<>/) {
print "$&\n";
system "exim -Mrm $1";
}
}
Web hosting related FAQ's
You can set up a default site in the directory /root/cpanel3-skel/public_html/ and it will be the default website for all accounts added afterwards.
How can I create a demo version of cPanel?
To do this, create a new "dummy" account in WebHost Manager. Feel free to use a fake domain name. Then, you can use branding to modify the account with your company's logo and look if you'd like.
Now, go to Account Functions >> Disable or Enable Demo Mode in WebHost? Manager and turn the account into a demo account.
How do I increase the maximum number of IMAP or POP3 connections?
Go to Service Configuration >> Courier Configuration and set the values as required.
How do I stop users from getting the "There is a problem with this website's security certificate" message when logging into cPanel?
Under Manage Service SSL Certificates in the Service Configuration section of WHM, you can change the certificates for cPanel/WHM/Webmail, your mail servers, etc. You'll need to replace the self-signed certificate with one trusted by the common browsers.
To do this, you can purchase a SSL certificate through WHM for your hostname by using Purchase & Install SSL Certificate under SSL/TLS.
How do I setup personal nameservers in WHM?
You will need an IP address for each nameserver.
Under Basic cPanel/WHM Setup, scroll down to Primary Nameserver.
Now add your nameservers in the fields available. Click on Assign IP Address next to each nameserver to assign it an IP. Then add an A entry so they will resolve through DNS. Finally, make sure that you scroll down and click on Nameserver Setup under Service Configuration and enable the nameserver.
Various Security Related Softwares used in Linux and its installation Procedures
======
APF
cd /usr/local/src/;
wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz;
tar -xvzf apf-current.tar.gz;
rm -rf apf-current.tar.gz;
cd apf-0*;
./install.sh
BFD
cd /usr/local/src/;
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz;
tar -xvzf bfd-current.tar.gz;
rm -rf bfd-current.tar.gz;
cd bfd-0*;
./install.sh
CSF
http://configserver.com/cp/csf.html
cd /usr/local/src/;
wget http://www.configserver.com/free/csf.tgz;
tar -xzf csf.tgz;
cd csf;
sh install.sh
RkHunter
cd /usr/local/src/;
wget http://downloads.rootkit.nl/rkhunter-1.1.4.tar.gz;
tar -xzvf rkhunter-1.1.4.tar.gz;
rm -rf rkhunter-*;
cd rkhunter;
./installer.sh
Run
rkhunter -c
ChkRootkit
cd /usr/local/src/;
wget http://www.net-security.org/dl/software/chkrootkit.tar.gz;
tar zxvf chkrootkit.tar.gz;
rm -rf chkrootkit.tar.gz;
cd chkrootkit-0*;
make sense
Run
./chkrootkit -x
DDOS-Deflate
Description:
When you run this Perl script, it will then run an netstat command check how many times each IP is connected and if there are more then the number of connections you specified then it will automatically run a command in APF for the IP to be banned.
Installing:
wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh
Uninstalling:
wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos
Secure Nobody
wget -O securenobody.rpm servstra.com/securenobody.rpm;
rpm -Uvh securenobody.rpm;
cd /usr/local/securenobody ;
./securenobody
PLESK Backend Files
---------
CONF FILES /etc/httpd/conf/httpd.conf
LOG FILES /var/log/http/
START/STOP /etc/rc.d/init.d/httpd start/stop
Comments /etc/rc.d/init.d/psa for starting https
DNS:-
---------
CONF FILE /var/named/ run-root/etc/
DB FILES /etc/rc.d/init.d/named start/stop
START/STOP /var/named/ run-root/var/
MAIL:-QMAIL
--------
CONF FILE /var/qmail/control/
LOG FILES /var/log/maillog
START/STOP /etc/rc.d/init.d/courier-imap,pop start/stop
MAIL DIRECTORY /var/qmail/mailnames/domainname/user/Maildir/new,cur,tmp
DATABASE:-
-----------------
CONF FILE /etc/my.cnf
DATABASE PATH /var/lib/mysql/
START/STOP /etc/rc.d/init.d/mysqld start/stop
FTP:-
-------
CONF FILE /etc/proftpd.conf
START/STOP /etc/rc.d/init.d/xinetd ftp start/stop
Various Port Number Commonly used (Web hosting industry)
=====
ftp :21
ssh :22
telnet :23
smtp :25
dns :53
http :80
https :443
pop3 :110
pop3s :990
imap :143
imaps :993
nfs :2049
MSSQL :1433
rdesk :3389
MySql :3306
WHM :2086 Secure :2087
Cpanel :2082 Secure :2083
Plesk :8880 Secure :8443
Vps :4643
Vdeck :8080 Secure :8087
Webmail:2095
How to change hostname of a VPS?
vzctl set VEID --hostname
eg:
vzctl set 101 --hostname sample.hostname.com --save
Do not forget to give the option --save otherwise it will be removed on the next restart.
Aliasing and Functions : This will make things simpler
alias clean="rm -f `find . -name "*.*"`" (Take Care while using dangerous rm command at any time while navigating through unix)
if you need to go to a lengthy path every time for eg
cd src/best/value/support/com many times put an alias
alias in=" cd src/best/value/support/com "
How to create a .htaccess file with a specified rule
http://www.htaccesseditor.com/en.shtml
How to add awstats in your website using php
Just create a php file like awstats.php and add the below given content to it. You need to edit the 2nd, 3rd and 4th line of the code with your cpanel username, cpanel password and your website address.
$user = 'cpanel username'; //your cpanel username
$pass = 'cpanel password'; //your cpanel password
$domain = 'your website'; //do not include 'http://' or 'www.'
//retrieves the file, either .pl or .png
function getFile($fileQuery){
global $user, $pass, $domain;
return file_get_contents("http://$user:$pass@$domain:2082/".$fileQuery,'r');
}
//it's a .png file...
if(strpos($_SERVER['QUERY_STRING'],'.png')!==false) {
$fileQuery = $_SERVER['QUERY_STRING'];
}
//probably first time to access page...
elseif(empty($_SERVER['QUERY_STRING'])){
$fileQuery = "awstats.pl?config=$domain";
}
//otherwise, all other accesses
else {
$fileQuery = 'awstats.pl?'.$_SERVER['QUERY_STRING'];
}
//now get the file
$file = getFile($fileQuery);
//check again to see if it was a .png file
//if it's not, replace the links
if(strpos($_SERVER['QUERY_STRING'],'.png')===false) {
$file = str_replace('awstats.pl', basename($_SERVER['PHP_SELF']), $file);
$file = str_replace('="/images','="'.basename($_SERVER['PHP_SELF']).'?images',$file);
}
//if it is a png, output appropriate header
else {
header("Content-type: image/png");
}
//output the file
echo $file;
?>