Wednesday, May 29, 2013

Icons do not show in cPanel Attracta plugin

There are a few reasons that the icons may not show. If you're using a custom theme, you'll need to make sure that theme supports cPanel's dynamicui system.

If you're using x3 or rvksin or CleanPanel and they do not show, please try refreshing them but updating to our latest version.

You can update to our latest version by running the following command via SSH as root:

wget -N www.attracta.com/static/download/cpanel-install;sh cpanel-install

Trendy Site Builder Icon

Prerequisites:
Make sure Ioncube Loaders are installed on the server.

Installation Procedure:

Using SSH, log into your server as root. If you do not have root access, have your system administrator perform these steps:
$ root@my-cpanel-server.com [~]#

Download the installer from trendyflashdownload.com
root@my-cpanel-server.com [~]# wget "http://www.trendyflashdownload.com/installer/cp/ipbased/trendysitebuilder.sh"

Set execute permission for trendysitebuilder.sh
root@my-cpanel-server.com [~]# chmod 755 trendysitebuilder.sh

Run the shellscript trendysitebuilder.sh
root@my-cpanel-server.com [~]# ./trendysitebuilder.sh

Now your users can see the "Trendy Site Builder Icon" under the Software/Services Group in their cPanel.

How do I install the cPanel Varnish Plugin?

How do I install the cPanel Varnish Plugin?

Upon fully processing your order, UNIXY will send you an email with instructions on how to obtain the plugin package. Simply download the package to the destination server under /usr/src/ and extract it as such:
Note: upgrade instructions are available here: http://www.unixy.net/secure/knowledgebase.php?action=displayarticle&id=28
Download the EL5 package for CentOS 5 or Red Hat 5 and the EL6 package for CentOS 6 or Red Hat 6
[root@varnish ~]# cd /usr/src
[root@varnish src]# file varnish.unixy.net-1.6.0-el5.tar.zip
varnish.unixy.net.tar.zip: Zip archive data, at least v2.0 to extract
[root@varnish src]# tar -xzf varnish.unixy.net-1.6.0-el5.tar.zip
[root@varnish src]# cd varnish.unixy.net-1.6.0-el5
[root@varnish src]# vi unixyvarnish.license # Enter the license key string in this file before proceeding
[root@varnish varnish.unixy.net-1.6.0-el5]# python installvarnish

Common Issues:
Q: The following message appears:
Could not find a valid license file!
Be sure to save the license key file unixyvarnish.license here and try again
A: create a file called unixyvarnish.license inside the varnish.unixy.net-1.1b/ directory and save the license key there.

Installing Percona Server on a CentOS VPS

Step 1: Backup existing MySQL data

Make sure to save all existing data just in case there are any issues.

cp -Rf /var/lib/mysql /var/lib/mysql-old
mv /etc/my.cnf /etc/my.cnf-old

Step 2: Disable the targets so cPanel no longer handles MySQL updates

The following will mark the versions of MySQL we distribute as uninstalled so they are no longer maintained by cPanel/WHM

/scripts/update_local_rpm_versions --edit target_settings.MySQL50 uninstalled
/scripts/update_local_rpm_versions --edit target_settings.MySQL51 uninstalled
/scripts/update_local_rpm_versions --edit target_settings.MySQL55 uninstalled

Step 3: Remove existing MySQL RPM’s so theres a clean slate for MariaDB

Important: The below command will uninstall the MySQL RPM’s!
/scripts/check_cpanel_rpms --fix --targets=MySQL50,MySQL51,MySQL55
[20130218.235953]
[20130218.235953] The following RPMs are unneeded on your system and should be uninstalled:
[20130218.235953] MySQL51-devel.5.1.68-1.cp1136
[20130218.235953] MySQL51-test.5.1.68-1.cp1136
[20130218.235953] MySQL51-shared.5.1.68-1.cp1136
[20130218.235953] MySQL51-client.5.1.68-1.cp1136
[20130218.235953] MySQL51-server.5.1.68-1.cp1136
[20130218.235953] Removing 0 broken rpms:
[20130218.235953] rpm: no packages given for erase
[20130218.235953] No new RPMS needed for install
[20130218.235953] Uninstalling unneeded rpms: MySQL51-devel MySQL51-test MySQL51-shared MySQL51-client MySQL51-server
[20130219.000004] Shutting down MySQL........ SUCCESS!

Step 4: Create a yum repository for MariaDB

vi /etc/yum.repos.d/percona.repo
place the following inside of it (it will recognize your OS/arch);

[percona]
name = CentOS $releasever - Percona
baseurl=http://repo.percona.com/centos/$releasever/os/$basearch/
enabled = 1
gpgkey = http://www.percona.com/redir/downloads/percona-release/RPM-GPG-KEY-percona
gpgcheck = 1

Step 5: Remove php from the /etc/yum.conf file then run the following commands

yum install Percona-Server-client-55 Percona-Server-server-55 Percona-Server-devel-55
/etc/init.d/mysql start
mysql_upgrade
/etc/init.d/mysql restart

Step 5: Add php back to the /etc/yum.conf file to ensure future php updates don’t get clobbered

Final Step: Rebuild easyapache/php to ensure modules are intact/working

/scripts/easyapache --build

Exim opening another SMTP port

Choosing A Port
First you want to decide on a port. Many use port 26 as the alternate SMTP port and CPanel recommends it, but several ISPs who do port 25 filtering also filter port 26, so it really isn’t a great choice. I personally recommend conforming (at least partially) to the RFC’s, so I decided to go with port 587 based on RFC4409.

Setting Up Exim To Listen On Your Chosen Port
Login to your Web Host Manager ( http://whatever.yourserver.com/whm ) and navigate to Service Configuration -> Service Manager. Scroll to the bottom and you will see an option for “Exim on another port”. Check this box and set it to the chosen port (in my case 587).

Hmm…Firewall?

Open the ports in firewall too,

Sunday, May 26, 2013

Recovering a cPanel Server From a Crashed Hard Disk using rSync

Recovering a cPanel Server From a Crashed Hard Disk using rSync

Rsync is another very powerful command that is used to synchronize 2 directories between servers and only transfer the new files to the server. This is a great method for backing up data as it is low on bandwidth and it is also commonly used to keep clustered servers working together. The ending slashes are very important when using rsync. If you are not familiar with how it works, always make sure to have an ending slash on both the source and the destination and it should be fine.

In case we fail or accidentally destroy our HDD then we can get a new HDD and operating system from the datacentre and restore the data on a new drive. This concept can be used to migrate cPanel Servers from one server to another without loosing any data or creating any sort of downtime for websites hosted on the server.

This is how it will work:

1) Get the partitions from both the drives with:

# fdisk -l

2) Check to see if there are any drives mounted with:

# df -h

3) Let us assume that /dev/hdb3 is our CRASHED old drive and it is mounted as /mnt/old (yours can be different), but keep in mind that you need to know the mount point of the backup drive before we proceed further with the steps below.

Let us mount the CRASHED HDD if not already mounted with:

# mount /dev/hdb3 /oldHD

4) Now that the drive is mounted you can browse any files with:

# ls /oldHD/home

5) We are all set to move our data over to the new drive:

Run these rSync commands to move everything over:

rsync -vrplogDtH /oldHD/usr/local/apache/conf /usr/local/apache
rsync -vrplogDtH /oldHD/var/named /var
rsync -vrplogDtH /oldHD/home/* /home
rsync -vrplogDtH /oldHD/usr/local/cpanel /usr/local
rsync -vrplogDtH /oldHD/var/lib/mysql /var/lib
rsync -vrplogDtH /oldHD/var/cpanel /var
rsync -vrplogDtH /oldHD/usr/share/ssl /usr/share
rsync -vrplogDtH /oldHD/var/ssl /var
rsync -vrplogDtH /oldHD/usr/local/cpanel/3rdparty/mailman /usr/local/cpanel/3rdparty
rsync -vrplogDtH /oldHD/var/log/bandwidth /var/log
rsync -vrplogDtH /oldHD/usr/local/frontpage /usr/local
rsync -vrplogDtH /oldHD/var/spool/cron /var/spool
rsync -vrplogDtH /oldHD/root/.my.cnf /root
rsync -vrplogDtH /oldHD/etc/httpd/conf/httpd.conf /etc/httpd/conf

cd to the old etc directory:

#cd /oldHD/etc

And copy some files from here:

#rsync -vrplogDtH secondarymx domainalias valiases vfilters exim* proftpd* pure-ftpd* passwd* group* *domain* *named* wwwacct.conf cpupdate.conf quota.conf shadow* *rndc* ips* ipaddrpool* ssl hosts /etc

6) We are done with the copying of all the files and cPanel should start recognizing all the old users and their files, but after we do all this it is highly suggested that you run all updates, and run the cPanel fix scripts i.e:

Updating software and restarting services:

#/scripts/upcp
#/scripts/updatenow
#/scripts/sysup
#/scripts/exim4
#/scripts/easyapache
#/scripts/securetmp
# /scripts/fixeverything

7)This is needed to update cpanel information. Please note, sshd might fail and not start after running fix everything. You have to login to whm, and go to the rpm installer and “FORCE” install opensshd-server, opensshd, opensshd-client and then restart sshd from whm.

Restarting services as:

#/scripts/restartsrv httpd
#/scripts/restartsrv cpanel
#/scripts/restartsrv mysql
#/scripts/restartsrv named
#/scripts/restartsrv exim

That is all we need to recover data from a CRASHED HDD.

Procedure to Migrate live cPanel Server to a new cpanel server :-

Same procedure can be used to migrate one server to another without any data loss or downtime. The following steps will be different in this case and for this particular requirement you will need to go through the following configurations :-

1) Share SSH keys between both servers (only if you have full control of both servers). To share SSH keys you will first need to generate keys on both servers with following command :-

#ssh-keygen -t rsa -b 1024

Run above command only if you dont have any information in ‘/root/.ssh/ directory’. Once the keys are generated you will see the following files in the directory :-
id_rsa id_rsa.pub known_hosts

Now to share the keys you need to copy the contents of id_rsa.pub file and create a new file called authorized_keys in the same directory on the other server. Paste the contents of id_rsa.pub of server1 in server2 and server2 in server1 authorized_keys. Sharing SSH keys in this way will allow you to sync data between both servers without any sort of password authentication. You will need to create this file (authorized_keys) as it won’t be there by default.

Browse to the ‘/etc’ directory on the source server and run following command from that directory :-

#rsync -vrplogDtH secondarymx domainalias valiases vfilters exim* proftpd* pure-ftpd* passwd* group* *domain* *named* wwwacct.conf cpupdate.conf quota.conf shadow* *rndc* ips* ipaddrpool* ssl hosts root@10.10.10.2:/etc

(10.10.10.2 is assumed as the IP of the new server to which we are moving the data.)

Now we need to transfer everything else.

rsync -vrplogDtH /usr/local/apache/conf root@10.10.10.2:/usr/local/apache
rsync -vrplogDtH /var/named root@10.10.10.2:/var
rsync -vrplogDtH /home/* root@10.10.10.2:/home
rsync -vrplogDtH /usr/local/cpanel root@10.10.10.2:/usr/local
rsync -vrplogDtH /var/lib/mysql root@10.10.10.2:/var/lib
rsync -vrplogDtH /var/cpanel root@10.10.10.2:/var
rsync -vrplogDtH /usr/share/ssl root@10.10.10.2:/usr/share
rsync -vrplogDtH /var/ssl root@10.10.10.2:/var
rsync -vrplogDtH /usr/local/cpanel/3rdparty/mailman root@10.10.10.2:/usr/local/cpanel/3rdparty
rsync -vrplogDtH /var/log/bandwidth root@10.10.10.2:/var/log
rsync -vrplogDtH /usr/local/frontpage root@10.10.10.2:/usr/local
rsync -vrplogDtH /var/spool/cron root@10.10.10.2:/var/spool
rsync -vrplogDtH /root/.my.cnf root@10.10.10.2:/root
rsync -vrplogDtH /etc/httpd/conf/httpd.conf root@10.10.10.2:/etc/httpd/conf

One more thing which needs to be done in this case is a mass replace command for changing the IP address in the zone files and httpd.conf. Here’s a command to help you do it in a few seconds :-

replace 10.10.10.1 10.10.10.2 — /var/named/*.db
replace 10.10.10.1 10.10.10.2 — /usr/local/apache/conf/httpd.conf

10.10.10.1 is assumed as the IP of source server.
10.10.10.2 is assumed as the IP of the new destination server which will now run your websites.

Linux Creating a Partition Size Larger Than 2TB-- GPT partition

To create a partition start GNU parted as follows:
# parted /dev/sdb
Output:
GNU Parted 2.3
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted)

Creates a new GPT disklabel i.e. partition table:
(parted) mklabel gpt

Sample outputs:
Warning: The existing disk label on /dev/sdb will be destroyed and all data on this disk will be lost. Do you want to continue?
Yes/No? yes
(parted)

Next, set the default unit to TB, enter:
(parted) unit TB

To create a 3TB partition size, enter:
(parted) mkpart primary 0 0

OR
(parted) mkpart primary 0.00TB 3.00TB

To print the current partitions, enter:
(parted) print

Sample outputs:
Model: ATA ST33000651AS (scsi)
Disk /dev/sdb: 3.00TB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 0.00TB 3.00TB 3.00TB ext4 primary

Quit and save the changes, enter:
(parted) quit

Sample outputs:
Information: You may need to update /etc/fstab.

Use the mkfs.ext3 or mkfs.ext4 command to format the file system, enter:
# mkfs.ext3 /dev/sdb1
OR
# mkfs.ext4 /dev/sdb1
Sample outputs:
mkfs.ext4 /dev/sdb1
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
183148544 inodes, 732566272 blocks
36628313 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=4294967296
22357 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
102400000, 214990848, 512000000, 550731776, 644972544
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 31 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.

Type the following commands to mount /dev/sdb1, enter:
# mkdir /data
# mount /dev/sdb1 /data
df -H

Sample outputs:
Filesystem             Size   Used  Avail Use% Mounted on
/dev/sdc1 16G 819M 14G 6% /
tmpfs 1.6G 0 1.6G 0% /lib/init/rw
udev 1.6G 123k 1.6G 1% /dev
tmpfs 1.6G 0 1.6G 0% /dev/shm
/dev/sdb1 3.0T 211M 2.9T 1% /data

Make sure you replace /dev/sdb1 with actual RAID or Disk name or Block Ethernet device such as /dev/etherd/e0.0. Do not forget to update /etc/fstab, if necessary. Also note that booting from a GPT volume requires support in your BIOS / firmware. This is not supported on non-EFI platforms. I suggest you boot server from another disk such as IDE / SATA / SSD disk and store data on /data.

Mysql backup script

#!/bin/sh

datum=`/bin/date +%Y%m%d-%H`

/usr/bin/mysqladmin --user=root --password=yourrootsqlpassword stop-slave

/usr/bin/mysqldump --user=root --password=yourrootsqlpassword --lock-all-tables \
--all-databases > /home/sqlbackup/backup-${datum}.sql

/usr/bin/mysqladmin --user=root --password=yourrootsqlpassword start-slave

for file in "$( /usr/bin/find /home/sqlbackup -type f -mtime +2 )"
do
/bin/rm -f $file
done

exit 0
=======================================

MHOST=localhost
MUSER=backup
MPASS=OwBPimRc
BACKUPDIR="/mnt/backup"

MYSQL="$(which mysql)"
MYSQLDUMP="$(which mysqldump)"
GZIP="$(which gzip)"

DBPREFIX="$(hostname -s).mysqldb"

echo "Run MySQL backup"
DBS="$($MYSQL -u $MUSER -h $MHOST -p$MPASS -Bse 'show databases')"
for db in $DBS
do
FILE=${BACKUPDIR}/${DBPREFIX}.${db}.`date +%Y%m%d`.gz
$MYSQLDUMP --no-tablespaces --skip-lock-tables -u $MUSER -h $MHOST -p$MPASS $db | $GZIP -9 > $FILE
done

find -name "${BACKUPDIR}/${DBPREFIX}*" -type f -mtime +10 -exec rm -f '{}' ';'

========================================
MyUSER="SET-MYSQL-USER-NAME" # USERNAME
MyPASS="SET-PASSWORD" # PASSWORD
MyHOST="localhost" # Hostname

# Linux bin paths, change this if it can not be autodetected via which command
MYSQL="$(which mysql)"
MYSQLDUMP="$(which mysqldump)"
CHOWN="$(which chown)"
CHMOD="$(which chmod)"
GZIP="$(which gzip)"

# Backup Dest directory, change this if you have someother location
DEST="/backup"

# Main directory where backup will be stored
MBD="$DEST/mysql"

# Get hostname
HOST="$(hostname)"

# Get data in dd-mm-yyyy format
NOW="$(date +"%d-%m-%Y")"

# File to store current backup file
FILE=""
# Store list of databases
DBS=""

# DO NOT BACKUP these databases
IGGY="test"

[ ! -d $MBD ] && mkdir -p $MBD || :

# Only root can access it!
$CHOWN 0.0 -R $DEST
$CHMOD 0600 $DEST

# Get all database list first
DBS="$($MYSQL -u $MyUSER -h $MyHOST -p$MyPASS -Bse 'show databases')"

for db in $DBS
do
skipdb=-1
if [ "$IGGY" != "" ];
then
for i in $IGGY
do
[ "$db" == "$i" ] && skipdb=1 || :
done
fi

if [ "$skipdb" == "-1" ] ; then
FILE="$MBD/$db.$HOST.$NOW.gz"
# do all inone job in pipe,
# connect to mysql using mysqldump for select mysql database
# and pipe it out to gz file in backup dir :)
$MYSQLDUMP -u $MyUSER -h $MyHOST -p$MyPASS $db | $GZIP -9 > $FILE
fi
done
find /backup/mysql/ -mtime +5 -type f |xargs -I {} rm {}

.htaccess rules


Redirecting to or from WWW



Part 1 - How do I redirect all links for www.example.com to example.com ?

Create a 301 redirect forcing all http requests to use either www.example.com or example.com:

  • Example 1 - Redirect example.com to www.example.com:




  • RewriteEngine On
    RewriteCond %{HTTP_HOST} !^www.example.com$ [NC]
    RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]


  • Example 2 - Redirect www.example.com to example.com:
    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^www\.example\.com$
    RewriteRule ^/?$ "http\:\/\/example\.com\/" [R=301,L]



Explanation of this .htaccess 301 redirect:

Let's have a look at the example 1 - Redirect example.com to www.example.com. The first line tells apache to start the rewrite module. The next line:
RewriteCond %{HTTP_HOST} !^www.example.com$ [NC]

specifies that the next rule only fires when the http host (that means the domain of the queried url) is not (- specified with the "!") www.example.com.

The $ means that the host ends with www.example.com - and the result is that all pages from www.example.com will trigger the following rewrite rule. Combined with the inversive "!" is the result every host that is not www.example.com will be redirected to this domain.

The [NC] specifies that the http host is case insensitive. The escapes the "." - because this is a special character (normally, the dot (.) means that one character is unspecified).

The final line describes the action that should be executed:
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]

The ^(.*)$ is a little magic trick. Can you remember the meaning of the dot? If not, this can be any character(but only one). So .* means that you can have a lot of characters, not only one. This is what we need because ^(.*)$ contains the requested url, without the domain.

The next part http://www.example.com/$1 describes the target of the rewrite rule. This is our "final" used domain name, where $1 contains the content of the (.*).

The next part is also important, since it does the 301 redirect for us automatically: [L,R=301]. L means this is the last rule in this run. After this rewrite the webserver will return a result. The R=301 means that the webserver returns a 301 moved permanently to the requesting browser or search engine.

Redirect to example.com/index.php



You have a website with the name example.com and you want to redirect all incoming urls that are going to example.com/ to example.com/index.php
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com$
RewriteRule ^$ http://example.com/index.php [L,R=301]

Explanation of this .htaccess 301 redirect:

What does this code above do? Let's have a look at Example 1 - Redirect example.com to www.example.com. The first line starts the rewrite module. The next line:
RewriteCond %{HTTP_HOST} !www.example.com$

specifies that the next rule only fires when the http host (that means the domain of the queried url) is not (- specified with the "!") www.example.com.

The $ means that the host ends with www.example.com - and the result is that all pages from example.com will trigger the following rewrite rule. Combined with the inversive "!" is the result every host that is not www.example.com will be redirected to this domain.

The [NC] specifies that the http host is case insensitive. The escapes the "." - because this is a special character (normally, the dot (.) means that one character is unspecified).

The final line describes the action that should be executed:
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301].

The ^(.*)$ is a little magic trick. Remember the meaning of the dot? If not, this can be any character(but only one). The .* means that you can have a lot of characters, not only one. This is what was intended. ^(.*)$ contains the requested url, without the domain.

The next part http://www.example.com/$1 [L,R=301] describes the target of the rewrite rule -this is the "final" used domain name, where $1 contains the content of the (.*).

The next part is also important, since it does the 301 redirect for us automatically: [L,R=301]. L means this is the last rule in this run. After this rewrite the webserver will return a result. The R=301 means that the webserver returns a 301 moved permanently to the requesting browser or search engine.

Redirect visitors to a new site



You have an old website that is accessible under oldexample.com and you have a new website that is accessible under newexample.com. Copying the content of the old website to the new website is the first step - but what comes after that? You should do a 301 moved permanently redirect from the old domain to the new domain - which is easy and has some advantages:

  • Users will automatically be redirected to the new domain - you do not have to inform them.

  • Search engines will be redirected to the new domain and all related information will be moved to the new domain (but this might take some time).

  • Google's PageRank รข„¢ will be transfered to the new domain, as well as other internal information that is being used to set the position of pages in the search engine result pages (serp's) - like TrustRank .


Create a 301 redirect for all http requests that are going to the old domain.


    • Example 1 - Redirect from oldexample.com to www.newexample.com:



RewriteEngine On
RewriteCond %{HTTP_HOST} !oldexample.com$ [NC]
RewriteRule ^(.*)$ http://www.newexample.com/$1 [L,R=301]


      This is useful when you use www.newexample.com as your new domain name (see also this article about redirecting www and non-www domains). If not - use the code of example 2.



  • Example 2 - Redirect from oldexample.com to newexample.com:
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTP_HOST} !oldexample.com$ [NC]
    RewriteRule ^(.*)$ http://newexample.com/$1 [L,R=301]




How to add a trailing slash



Some search engines remove the trailing slash from urls that look like directories - e.g. Yahoo does it. However it could result into duplicated content problems when the same page content is accessible under different urls. Apache gives some more information in the Apache Server FAQ.

Let's have a look at an example: example.com/google/ is indexed in Yahoo as example.com/google - which would result in two urls with the same content.

The solution is to create a .htaccess rewrite rule that adds the trailing slashes to these urls. Example - redirect all urls that do not have a trailing slash to urls with a trailing slash:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !example.php
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ http://example.com/$1/ [L,R=301]

Explanation of the add trailing slash .htaccess rewrite rule:

The first line tells Apache that this is code for the rewrite engine of the mod_rewrite module of Apache. The 2nd line sets the current directory as page root. But the interesting part is:
RewriteCond %{REQUEST_FILENAME} !-f

makes sure that existing files will not get a slash added. You shouldn't do the same with directories since this would exclude the rewrite behavior for existing directories. The line
RewriteCond %{REQUEST_URI} !example.php

excludes a sample url that should not be rewritten. This is just an example. If you do not have a file or url that should not be rewritten, remove this line. The condition:
RewriteCond %{REQUEST_URI} !(.*)/$

finally fires when a url does not contain a trailing slash. Now we need to redirect the urls without the trailing slash:
RewriteRule ^(.*)$ http://example.com/$1/ [L,R=301]

does the 301 redirect to the url, with the trailing slash appended. You should replace example.com with your domain.

==========================================================

Create a plain text .htaccess file (click the link for details on this type of file), or add the lines from the example to the top of your existing .htaccess file.
Add the lines from the appropriate example to your file. Note that you should replace example text with your own information. Replace example.com with your own domain, folder1 with your own folder name, file.html with your own file name, etc. Save your changes.
Use FTP to upload the file to the document root of the appropriate domain. If your domain is example.com, you should upload the file to:
domains/example.com/html/
That's it! Once you've uploaded the file, the rewrite rule should take effect immediately.

Some Content Management Systems (CMSs), like WordPress for example, overwrite .htaccess files with their own settings. In that case, you may need to figure out a way to do your rewrite from within the CMS.
http://example.com/folder1/ to http://example.com/folder2/

http://example.com/folder1/ becomes http://example.com/folder2/ or just http://example.com/.

domains/example.com/html/folder2/ must exist and have content in it for this to work.
.htaccess

This .htaccess file will redirect http://example.com/folder1/ to http://example.com/folder2/. Choose this version if you don't have the same file structure in both directories:

Filename: .htaccess

Options +FollowSymLinks
RewriteEngine On
RewriteRule ^folder1.*$ http://example.com/folder2/ [R=301,L]
This .htaccess file will redirect http://example.com/folder1/ to plain http://example.com/. Choose this version if you want people redirected to your home page, not whatever individual page in the old folder they originally requested:
Filename: .htaccess.

Options +FollowSymLinks
RewriteEngine On
RewriteRule ^folder1.*$ http://example.com/ [R=301,L]
This .htaccess file will redirect http://example.com/folder1/file.html to http://example.com/folder2/file.html. Choose this version if your content is duplicated in both directories:
File name: .htaccess

Options +FollowSymLinks
RewriteEngine On
RewriteRule ^folder1/(.*)$ http://gs.mt-example.com/folder2/$1 [R=301,L]
Test

Upload this file to folder2 (if you followed the first or third example) or your html folder (if you followed the second example) with FTP:

Filename: index.html

<html>
<body>
Mod_rewrite is working!
</body>
</html>
Then, if you followed the first or second example, visit http://example.com/folder1/ in your browser. You should see the URL change to http://example.com/folder2/ or http://example.com/ and the test page content.

If you followed the third example, visit http://example.com/folder1/index.html. You should be redirected to http://example.com/folder2/index.html and see the test page content.

Code explanation

Options +FollowSymLinks is an Apache directive, prerequisite for mod_rewrite.
RewriteEngine On enables mod_rewrite.
RewriteRule defines a particular rule.
The first string of characters after RewriteRule defines what the original URL looks like. There's a more detailed explanation of the special characters at the end of this article.
The second string after RewriteRule defines the new URL. This is in relation to the document root (html) directory. / means the html directory itself, and subfolders can also be specified.
$1 at the end matches the part in parentheses () from the first string. Basically, this makes sure that sub-pages get redirected to the same sub-page and not the main page. Leave it out to redirect to the main page. (It is left out in the first two examples for this reason. If you don't have the same content in the new directory that you had in the old directory, leave this out.)
[R=301,L] - this performs a 301 redirect and also stops any later rewrite rules from affecting this URL (a good idea to add after the last rule). It's on the same line as RewriteRule, at the end.
http://example.com/file.html to http://example.com/folder1/file.html

http://example.com/file.html becomes http://example.com/folder1/file.html.

Note: The directory folder1 must be unique in the URL. It won't work for http://example.com/folder1/folder1.html. The directory folder1 must exist and have content in it.

.htaccess

This .htaccess file will redirect http://example.com/file.html to http://example.com/folder1/file.html:
Filename: .htaccess

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} example.com$ [NC]
RewriteCond %{HTTP_HOST} !folder1
RewriteRule ^(.*)$ http://example.com/folder1/$1 [R=301,L]
Test

Upload this file to folder1 with FTP:

Filename: index.html

<html>
<body>
Mod_rewrite is working!
</body>
</html>
Then, visit http://example.com/ in your browser. You should see the URL change to http://example.com/folder1/ and the test page content.

Code explanation

Options +FollowSymLinks is an Apache directive, prerequisite for mod_rewrite.
RewriteEngine On enables mod_rewrite.
RewriteCond %{HTTP_HOST} shows which URLs we do and don't want to run through the rewrite.
In this case, we want to match example.com.
! means "not." We don't want to rewrite a URL that already includes folder1, because then it would keep getting folder1 added, and it would become an infinitely long URL.
[NC] matches both upper- and lower-case versions of the URL.
RewriteRule defines a particular rule.
The first string of characters after RewriteRule defines what the original URL looks like. There's a more detailed explanation of the special characters at the end of this article.
The second string after RewriteRule defines the new URL. This is in relation to the document root (html) directory. / means the html directory itself, and subfolders can also be specified.
$1 at the end matches the part in parentheses () from the first string. Basically, this makes sure that sub-pages get redirected to the same sub-page and not the main page. Leave it out to redirect to the main page of the subdirectory.
[R=301,L] - this performs a 301 redirect and also stops any later rewrite rules from affecting this URL (a good idea to add after the last rule). It's on the same line as RewriteRule, at the end.
Add www or https

http://example.com becomes http://www.example.com. Or, http://example.com becomes https://example.com.

.htaccess

This .htaccess file will redirect http://example.com/ to http://www.example.com/. It will also work if an individual file is requested, such as http://example.com/file.html:
Filename:.htaccess

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
This .htaccess file will redirect http://example.com/ to https://example.com/. It will also work if an individual file is requested, such as http://example.com/file.html:
Filename: .htaccess

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Test

Visit http://example.com in your browser. You should see that the same page is displayed, but the URL has changed to http://www.example.com (first example) or https://example.com (second example).

Also, http://example.com/file.html will become http://www.example.com/file.html or https://example.com/file.html.

Code explanation

Options +FollowSymLinks is an Apache directive, prerequisite for mod_rewrite.
RewriteEngine On enables mod_rewrite.
RewriteCond %{HTTP_HOST} shows which URLs we do and don't want to run through the rewrite.
In this case, we want to match anything that starts with example.com.
[NC] matches both upper- and lower-case versions of the URL.
RewriteRule defines a particular rule.
The first string of characters after RewriteRule defines what the original URL looks like. There's a more detailed explanation of the special characters at the end of this article.
The second string after RewriteRule defines the new URL. This is in relation to the document root (html) directory. / means the html directory itself, and subfolders can also be specified.
$1 at the end matches the part in parentheses () from the first string. Basically, this makes sure that sub-pages get redirected to the same sub-page and not the main page.
[R=301,L] - this performs a 301 redirect and also stops any later rewrite rules from affecting this URL (a good idea to add after the last rule). It's on the same line as RewriteRule, at the end.
Regular expressions

Rewrite rules often contain symbols that make a regular expression (regex). This is how the server knows exactly how you want your URL changed. However, regular expressions can be tricky to decipher at first glance. Here's some common elements you will see in your rewrite rules, along with some specific examples.

^ begins the line to match.
$ ends the line to match.
So, ^folder1$ matches folder1 exactly.
. stands for "any non-whitespace character" (example: a, B, 3).
* means that the previous character can be matched zero or more times.
So, ^uploads.*$ matches uploads2009, uploads2010, etc.
^.*$ means "match anything and everything." This is useful if you don't know what your users might type for the URL.
() designates which portion to preserve for use again in the $1 variable in the second string. This is useful for handling requests for particular files that should be the same in the old and new versions of the URL.
See more regular expressions at perl.org.

Troubleshooting

404 Not Found

Examine the new URL in your browser closely. Does it match a file that exists on the server in the new location specified by the rewrite rule? You may have to make your rewrite rule more broad (you may be able to remove the $1 from the second string). This will direct rewrites to the main index page given in the second string. Or, you may need to copy files from your old location to the new location.

If the URL is just plain wrong (like http://example.com/folder1//file.html - note the two /s) you will need to re-examine your syntax. (mt) Media Temple does not support syntax troubleshooting.

Infinite URL, timeout, redirect loop

If you notice that your URL is ridiculously long, that your page never loads, or that your browser gives you an error message about redirecting, you likely have conflicting redirects in place.

You should check your entire .htaccess file for rewrite rules that might match other rewrite rules. You may also need to check .htaccess files in subdirectories. Note that FTP will not show .htaccess files unless you have enabled the option to view hidden files and folders. See our .htaccess article for details.

Also, it's possible to include redirects inside HTML and PHP pages. Check the page you were testing for its own redirects.

Adding [L] after a rewrite rule can help in some cases, because that tells the server to stop trying to rewrite a URL after it has applied that rule.

Friday, May 24, 2013

Adding path to System Environment linux.

 

root@ [~]# echo $PATH
/usr/local/jdk/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin

root@ [~]# export PATH=$PATH:/usr/sbin/

Saturday, May 18, 2013

Install Grsecurity on 32 bit OS is : Kernel

Ideal way to install Grsecurity on 32 bit OS is : Just follow the steps given below.

Fetch the sources:

Download kernel from kernel.org

#wget http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/linux-2.6.32.51.tar.gz

Downlaod latest Grsecurity patch from below URL :

#wget http://grsecurity.net/stable/grsecurity-2.2.2-2.6.32.51-201201021326.patch

Extract:
tar xjf linux-2.6.32.51.tar.gz

Patch the kernel:

#cd linux-2.6.32.51

#patch -p1 < ../grsecurity-2.2.2-2.6.32.51-201201021326.patch

Now start making the kernel :

# make clean && make mrproper

Edit your kernel as per your need :

# make menuconfig

Compile your kernel and install it:

# make bzImage

# make modules

# make modules_install

Make sure it’s working ok with the help of following command :

# depmod 2.6.32.51-grsec

Installing and booting the new kernel :

# cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.32.51-grsec

There is also a file called “System.map” that must be copied to the same boot directory.

# cp System.map /boot

Do not forget to make changes in /etc/grub.conf

also go to grub prompt after this and fire below command :

# grub > savedefault –-default=0 –-once

Now reboot server :

#Shutdown -r now.

Friday, May 17, 2013

PHP Security .

PHP is the most popular scripting language for apache and mysql. You will need to disable system level functions in the php configuration file.

Suhosin

Suhosin is an advanced protection system for PHP installations. It was designed to protect your servers on the one hand against a number of well known problems in PHP applications and on the other hand against potential unknown vulnerabilities within these applications or the PHP core itself.

You can enable suhosin using /script/easyapache

1. Login as root and fire the following cmds
2. Run: /script/easyapache
3. search for option Suhosin
4. Save and build it.
5. php -m : To verify it.

Disable Dangerous PHP Functions

PHP has a lot of potential to mess up your server and hack user accounts and even get root. I’ve seen many times where users use an insecure PHP script as an entry point to a server to start unleashing dangerous commands and taking control.

Steps:

1. Search the php.ini file for: using command:
php -i | grep php.ini

2. Vi /usr/local/lib/php.ini

disable_functions =Look for the lines and make sure you have the lines as below..
disable_functions = dl, shell_exec, system, passthru, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid

Turn off Register Globals

Register_globals will inject your scripts with all sorts of variables, like request variables from HTML forms. This coupled with the fact that PHP doesn’t require variable initialization means writing insecure code is that much easier.

register_globals = Off

magic_quotes_gpc = On

It is best to keep magic_quotes to on as otherwise you forms using POST may be used for SQL injection attacks.
Run PHP through PHPsuexec/suphp Preventing Nobody Access

The biggest problem with PHP is that on cPanel servers is that PHP will run as nobody. When someone sets a script to 777 access that means the nobody user has write access to that file. So if someone on the same shared server wrote a script to search the system for 777 files they could inject anything they wanted, compromising the unsuspecting users account.

PHPsuexec makes PHP run as the user so 777 permissions are not allowed. There are a few downfalls to PHPsuexec but I think it’s required on a shared environment for the security of everyone. Safe_mode doesn’t prevent you from compromising other users files. This is where PHPsuexec comes in, it stops the user from being able to read another users files. It also makes it easier for you, the administrator, to track PHP mail function spamming and lots of other issues caused by PHP scripts because now you can easily track it ot the users account responsible.

The following settings are all useful ways of adjusting the resources your PHP scripts can consume:

; Maximum execution time of each script, in seconds
max_execution_time = 30

; Maximum amount of time each script may spend parsing request data
max_input_time = 60

; Maximum amount of memory a script may consume (8MB)
memory_limit = 8M

; Maximum size of POST data that PHP will accept.
post_max_size = 8M

; Whether to allow HTTP file uploads.
file_uploads = Off

; Maximum allowed size for uploaded files.
upload_max_filesize = 2M

Avoid Opening Remote Files

One of the useful abilities of PHP is the ability to open files remotely without any complex processing.

Many simple scripts use this ability, for example a comic viewer might open up images from a remote server just using the fopen function – which is ordinarily used to open files.

It is an ability has often been abused in insecure scripts though.

If you have a script which tries to open a file and the filename is controllable by a remote user two things can happen:
Any file on the local system which the web server can read can be viewed by the remote attacker.
Arbitrary commands can be executed upon your server if the user can cause a remote PHP file to be opened.

Hardening PHP for Security

PHP is the most popular scripting language for apache and mysql. You will need to disable system level functions in the php configuration file.

Suhosin

Suhosin is an advanced protection system for PHP installations. It was designed to protect your servers on the one hand against a number of well known problems in PHP applications and on the other hand against potential unknown vulnerabilities within these applications or the PHP core itself.

You can enable suhosin using /script/easyapache

1. Login as root and fire the following cmds
2. Run: /script/easyapache
3. search for option Suhosin
4. Save and build it.
5. php -m : To verify it.

Disable Dangerous PHP Functions

PHP has a lot of potential to mess up your server and hack user accounts and even get root. I’ve seen many times where users use an insecure PHP script as an entry point to a server to start unleashing dangerous commands and taking control.

Steps:

1. Search the php.ini file for: using command:
php -i | grep php.ini

2. Vi /usr/local/lib/php.ini

disable_functions =Look for the lines and make sure you have the lines as below..
disable_functions = dl, shell_exec, system, passthru, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid

Turn off Register Globals

Register_globals will inject your scripts with all sorts of variables, like request variables from HTML forms. This coupled with the fact that PHP doesn’t require variable initialization means writing insecure code is that much easier.

register_globals = Off

magic_quotes_gpc = On

It is best to keep magic_quotes to on as otherwise you forms using POST may be used for SQL injection attacks.
Run PHP through PHPsuexec/suphp Preventing Nobody Access

The biggest problem with PHP is that on cPanel servers is that PHP will run as nobody. When someone sets a script to 777 access that means the nobody user has write access to that file. So if someone on the same shared server wrote a script to search the system for 777 files they could inject anything they wanted, compromising the unsuspecting users account.

PHPsuexec makes PHP run as the user so 777 permissions are not allowed. There are a few downfalls to PHPsuexec but I think it’s required on a shared environment for the security of everyone. Safe_mode doesn’t prevent you from compromising other users files. This is where PHPsuexec comes in, it stops the user from being able to read another users files. It also makes it easier for you, the administrator, to track PHP mail function spamming and lots of other issues caused by PHP scripts because now you can easily track it ot the users account responsible.

The following settings are all useful ways of adjusting the resources your PHP scripts can consume:

; Maximum execution time of each script, in seconds
max_execution_time = 30

; Maximum amount of time each script may spend parsing request data
max_input_time = 60

; Maximum amount of memory a script may consume (8MB)
memory_limit = 8M

; Maximum size of POST data that PHP will accept.
post_max_size = 8M

; Whether to allow HTTP file uploads.
file_uploads = Off

; Maximum allowed size for uploaded files.
upload_max_filesize = 2M

Avoid Opening Remote Files

One of the useful abilities of PHP is the ability to open files remotely without any complex processing.

Many simple scripts use this ability, for example a comic viewer might open up images from a remote server just using the fopen function – which is ordinarily used to open files.

It is an ability has often been abused in insecure scripts though.

If you have a script which tries to open a file and the filename is controllable by a remote user two things can happen:
Any file on the local system which the web server can read can be viewed by the remote attacker.
Arbitrary commands can be executed upon your server if the user can cause a remote PHP file to be opened.

How to install ffmpeg, ffmpeg-PHP, Mplayer, Mencoder, flv2tool, LAME MP3 Encoder, and Libog from source

How to install ffmpeg, ffmpeg-PHP, Mplayer, Mencoder, flv2tool, LAME MP3 Encoder, and Libog from source
MyTrueHost Posted in Installation Comments Off
This article shows how to install ffmpeg, ffmpeg-PHP, Mplayer, Mencoder, flv2tool, LAME MP3 Encoder, and Libog from source. It should work on most systems, however may need some tweaking from system to sytem.

cd /usr/local/src

Download source tarballs:

wget http://rubyforge.org/frs/download.php/9225/flvtool2_1.0.5_rc6.tgz
wget http://easynews.dl.sourceforge.net/sourceforge/lame/lame-3.97.tar.gz
wget http://superb-west.dl.sourceforge.net/sourceforge/ffmpeg-php/ffmpeg-php-0.5.0.tbz2
wget http://downloads.xiph.org/releases/ogg/libogg-1.1.3.tar.gz
wget http://downloads.xiph.org/releases/vorbis/libvorbis-1.1.2.tar.gz
wget http://www4.mplayerhq.hu/MPlayer/releases/codecs/essential-20061022.tar.bz2

Extract the tarballs:

tar zxvf lame-3.97.tar.gz
tar zxvf libogg-1.1.3.tar.gz
tar zxvf libvorbis-1.1.2.tar.gz
tar zxvf flvtool2_1.0.5_rc6.tgz
tar jxvf essential-20061022.tar.bz2
tar jxvf ffmpeg-php-0.5.0.tbz2
tar zxvf flvtool2_1.0.5_rc6.tgz
Make a directory to store all the codecs:

mkdir /usr/local/lib/codecs/
Install any necessary packages:

yum install gcc gmake make libcpp libgcc libstdc++ gcc4 gcc4-c++ gcc4-gfortran
yum install subversion ruby ncurses-devel

svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg
svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer
cd /usr/local/src/mplayer
svn update
cd /usr/local/src

Copy codecs for mplayer:

mv /usr/local/src/essential-20061022/* /usr/local/lib/codecs/
chmod -R 755 /usr/local/lib/codecs/

If you are using secure tmp:

mkdir /usr/local/src/tmp
chmod 777 /usr/local/src/tmp
export TMPDIR=/usr/local/src/tmp

Installing Lame:

cd /usr/local/src/lame-3.97
./configure
make && make install

Installing Libogg:

cd /usr/local/src/libogg-1.1.3
./configure && make && make install

Installing libvorbis:

cd /usr/local/src/libvorbis-1.1.2
./configure && make && make install

Installing flvtool2:

cd /usr/local/src/flvtool2_1.0.5_rc6/
ruby setup.rb config
ruby setup.rb setup
ruby setup.rb install

cd /usr/local/src/mplayer
./configure && make && make install

Installing ffmpeg:

cd /usr/local/src/ffmpeg/
./configure –enable-libmp3lame –enable-libogg –enable-libvorbis –disable-mmx –enable-shared
make && make install

ln -s /usr/local/lib/libavformat.so.50 /usr/lib/libavformat.so.50
ln -s /usr/local/lib/libavcodec.so.51 /usr/lib/libavcodec.so.51
ln -s /usr/local/lib/libavutil.so.49 /usr/lib/libavutil.so.49
ln -s /usr/local/lib/libmp3lame.so.0 /usr/lib/libmp3lame.so.0
ln -s /usr/local/lib/libavformat.so.51 /usr/lib/libavformat.so.51

Installing ffmpeg-php:

cd /usr/local/src/ffmpeg-php-0.5.0/
phpize
./configure
make
make install

Note: Make sure this is the correct php.ini for this server.

echo ‘extension=/usr/local/lib/php/extensions/no-debug-non-zts-20020429/ffmpeg.so’ >> /usr/local/Zend/etc/php.ini

Restart apache:

service httpd restart

cPanel Scripts

cPanel Scripts
cPanel and WHM has a large number of predefined scripts available in the /scripts folder. The available scripts are as follows:

/scripts/adddns — Add a Dns Entry
/scripts/addfpmail — Install Frontpage Mail Exts
/scripts/addservlets — Add JavaServlets to an account (JSP plugin required)
/scripts/adduser — Add a User
/scripts/admin — Run WHM Lite
/scripts/apachelimits — Add Rlimits (CPU and MEM limits) to apache.
/scripts/autorepair — For repairing spam database, horde patch etc.
/scripts/cpbackup — Backing up accounts
/scripts/courierup — Reinstall courier
/scripts/dnstransfer — Resync with a master DNS Server
/scripts/editquota — Edit A User’s Quota
/scripts/eximup — Reinstall exim
/scripts/finddev — Search For Trojans in /dev
/scripts/findtrojans — Locate Trojan Horses
/scripts/findtrojans > /var/log/trojans
/scripts/fixtrojans /var/log/trojans
/scripts/fixcartwithsuexec — Make Interchange work with suexec
/scripts/fixquotas — Fix account’s quota
/scripts/fixhome — Fix Permissions on accounts
/scripts/fixinterchange — Fix Most Problems with Interchange
/scripts/fixndc — To try and fix domain controller
/scripts/fixtrojans — Run on a trojans horse file created by findtrojans to remove them
/scripts/fixwebalizer — Run this if a user’s stats stop working
/scripts/fixvaliases — Fix a broken valias file
scripts/fullhordereset — Reset the horde database
/scripts/generate_maildirsize– Fix mailbox size
/scripts/hdparamify — Turn on DMA and 32bit IDE hard drive access (once per boot)
/scripts/initquotas — Re-scan quotas. Usually fixes Disk space display problems
/scripts/initsuexec — Turn on SUEXEC (probably a bad idea)
/scripts/installzendopt — Fetch + Install Zend Optimizer
/scripts/ipusage — Display IP usage Report
/scripts/killacct — Terminate an Account
/scripts/killbadrpms — Delete \”Security Problem Infested RPMS\”
/scripts/killdns domainname.com
/scripts/mailperm — Fix Various Mail Permission Problems
/scripts/mailtroubleshoot — Attempt to Troubleshoot a Mail Problem
/scripts/makecpphp — Compile cpanel php
/scripts/mysqlpasswd — Change a Mysql Password
/scripts/mysqlup — Reinstall mysql
/scripts/newftpuser — Create a new ftp user
/scripts/quicksecure — Kill Potential Security Problem Services
/scripts/perlinstaller — Install a perl module
/scripts/pkgacct — To take backup of an account
/scripts/rebuildippool — Rebuild Ip Address Pool
/scripts/reinstallmailman — Reinstall MailMan
/scripts/realperlinstaller — Install a perl module
/scripts/remdefssl — Delete Nasty SSL entry in apache default httpd.conf
/scripts/restartsrv — Restart a Service (valid services: httpd,proftpd,exim,sshd,cppop,bind,mysql)
/scripts/restorepkg — Restore an account
/scripts/rpmup — Syncup Security Updates from RedHat/Mandrake
/scripts/runweblogs — Force an awstats update.
/scripts/runlogsnow — Force a webalizer/analog update.
/scripts/secureit — Remove non-important suid binaries
/scripts/setupfp4 — Install Frontpage 4+ on an account.
/scripts/setupfp5 — Install Frontpage 5+ on an account.
/scripts/simpleps — Return a Simple process list. Useful for finding where cgi scripts are running from.
/scripts/suspendacct — Suspend an account
/scripts/sysup — Syncup Cpanel RPM Updates
/scripts/ulimitnamed — RH 6 only. Install a version of bind to handle many many zones.
/scripts/unblockip — Unblock an IP
/scripts/unsuspendacct — UnSuspend an account
/scripts/upcp — Update Cpanel
/scripts/updatenow — Update /scripts
/scripts/updateuserdomains — Update /etc/userdomains file
/scripts/wwwacct — Create a New Account

Enable Extended Logging :: In Exim

Enable Extended Logging :: In Exim

To enable extended loggin in exim to trace nobody mails. Try the following trick .

1. Edit /etc/exim.conf

2. On the second line add :

log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn \

Make sure all that comes on a single line.

3. Save and exit.

4. Restart Exim.

How to change Exim Sending IP Changing Exim Sending IP

How to change Exim Sending IP
Changing Exim Sending IP

For start with second method it needs to turn on “Mail Server IP change feature of cPanel“. This can be done through “Exim Configuration Editor”.

i.e. Main >> Service Configuration >> Exim Configuration Editor

The “Domains and IPs” section of ”Exim Configuration Editor” has a line as following:

** Send outgoing mail from the ip that matches the domain name in /etc/mailips (*: IP can be added to the file to change the main outgoing interface) [?]
Ticking the check box along above stated line will enable that feature.

Or, in /etc/exim.conf.localopts, add/change this line:
per_domain_mailips=1

After editing /etc/exim.conf.localopts run the script “buildeximconf” in “/script” and restart exim server.

i.e. /scripts/buildeximconf; /etc/init.d/exim restart

After this initial step of second method you need to make use of /etc/mailips file to proceed further with mail IP change.
For changing mail interface IP of the server globally, add the IP which want to set as mail IP to /etc/mailips in following given syntax:

*: xxx.xxx.xxx.xxx
where “xxx.xxx.xxx.xxx” stands for the IP which want to set as mail IP in the server.

The second method also provide you a frendly feature to set mail IPs for each domain. For setting mail IP per domain wise, follow below given syntax:

xxx.xxx.xxx.xxx hostname.tld

where “xxx.xxx.xxx.xxx” stands for the IP which want to set as domain mail IP and hostname.tld stands for the domain name.

If you have multiple dedicated IP domains already, I’ve devised a simple one liner using awk and sed to populate /etc/mailips automatically:

awk ‘{ print $2″: “$1 }’ /etc/domianips | sed ‘s/:$//’ >> /etc/mailips

cPanel’s Built-in php.ini File

cPanel’s Built-in php.ini File

Because I lose track of it all the time, this is the location to the php.ini file for cPanel’s built-in PHP installation.

/usr/local/cpanel/3rdparty/etc/php.ini

And, since it’s slightly relevant, you can rebuild the internal PHP installation with this script:

/scripts/makecppphp

Rsync command

Rsync command

Rsync would look at the files in both locations and copy the difference.

If you lost connectivity or if the sync broke for some reason, it would continue the copy from the point the sync was interrupted when you restart the rsync command again

Example :

rsync -av source/public_html/ destination/public_html/

Mails not sending or receiving cpanel

Mails not sending or receiving

clicked “Force ClamAV Update” in WHM -> “ConfigServer MailScanner FE”.

It looks like mails are being delivered now.

Permalinks in WordPress

Permalinks in WordPress

Sometimes you will receive 404 errors in WordPress which may be due to permalink settings

go into your WP admin area and click on settings > permalinks > save changes

Permalinks control the URL’s that WordPress generates, by default it uses “ugly” urls, so the URL to a post would be domain.com/?p=123 But with permalinks you can turn the links into something more readable

So on the permalink page, check “custom structure” and then put this in the box:

/%postname%/

And then save changes

Now on publishing a new post, the link on browser will be the name of the post instead of ugly url

For example :

domain.com/?p=123 would be replaced domain.com/Name_of_post

By default postnames appear in browser, but if the setting is lost, we can follow the steps above

myisamchk “A super tool to view and repair corrupt databases”

myisamchk “A super tool to view and repair corrupt databases”

The myisamchk utility gets information about your database tables or checks, repairs, or optimizes them. myisamchk works with MyISAM tables (tables that have .MYD and .MYI files for storing data and indexes).
Caution
It is best to make a backup of a table before performing a table repair operation; under some circumstances the operation might cause data loss. Possible causes include but are not limited to file system errors.
To find the tables that are corrupt and to output it to a file run the following script

find -name “*.MYI” -exec myisamchk -c {} \; > /root/tbl_chk

To view the number of tables corrupt

cat /root/tbl_chk | grep MyISAM | wc -l

To repair the corrupt tables

find / -name “*.MYI” -exec myisamchk -r {} \;

Suphp Installation

We can use easyapache for suphp installation . Always run easyapache in screen

Installation

screen -S ea

/scripts/easyapache

Select Mod SuPHP pressing space under Exhaustive Options List

Finally build it

Configure suPHP

This step will enable suphp on your server

/usr/local/cpanel/bin/rebuild_phpconf 5 none suphp 1

To verify that above comman worked

/usr/local/cpanel/bin/rebuild_phpconf –current

Available handlers: suphp dso cgi none

DEFAULT PHP: 5

PHP4 SAPI: none

PHP5 SAPI: suphp

SUEXEC: enabled

Then restart apache

/scripts/restartsrv_httpd

The suPHP log file is located here:

/usr/local/apache/logs/suphp_log

Most of the errors generated are related to permissions on PHP files. suPHP is very particular about permissions and file ownership somake sure PHP files have permission 755 and are owned by the same user account. You can change permission on any file using the following command:

find . -type d -exec chmod 755 {} \;

find . -type f -exec chmod 644 {} \;

All the databases are showing size 0 MB in cpanel

All the databases are showing size 0 MB in cpanel

Get into the server

root@server [~]# vi /var/cpanel/cpanel.config

edit the variable entry disk_usage_include_sqldb=0 to

disk_usage_include_sqldb=1

and run the below script

root@server [~]# /scripts/update_db_cache

This must fix the issue. thats it….

Database Replication Master-Slave

 


Database Replication Master-Slave
10 simple steps for creating Database replicationWe need 2 linux systems with mysql installed. One system we call as the master and other we call the slave. Slave will read data from master, there by keeping a replica of data of master in slave and prevents dataloss. Another advantage is that , if master is down, slave can act as masterA. MASTER SET UP

1. Edit /etc/my.cnf and enter the following details under mysqld
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
server-id = 1
log-bin=db-bin
relay-log=db-relay-bin

2.enter into the mysql database

mysql> GRANT REPLICATION SLAVE ON *.* TO 'replication'@'10.10.2.24' IDENTIFIED BY 'password';

Suppose that your slave server is '10.10.2.24' and that you want to create an account with a user name of 'replication' such that slave servers can use the account to access the master server using a password of 'password'.

3.mysql> FLUSH TABLES WITH READ LOCK;
Flush all the tables and block write statements

4.mysql> SHOW MASTER STATUS;
+---------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+---------------+----------+--------------+------------------+
| db-bin.000005 | 792 | | |
+---------------+----------+--------------+------------------+

OR
mysql> SHOW MASTER STATUS \G;
*************************** 1. row ***************************
File: db-bin.000005
Position: 792
Binlog_Do_DB:
Binlog_Ignore_DB:
1 row in set (0.00 sec)

So MASTER Side configuration has over ..
mysql> UNLOCK TABLES;

B SLAVE SERVER CONFIGURATION

1. Edit the file /etc/my.cnf and enter the details as follows
[mysqld]
server-id=2
master-host = 10.10.3.21
master-user = replication
master-password = password
master-port = 3306

10.10.3.21 is the MASTER server IP.

These information will be stored to /var/lib/mysql/master.info

Enter into the Mysql server
2. mysql> stop slave;
3. mysql> reset slave;
4. mysql> CHANGE MASTER TO MASTER_HOST='10.10.3.21', MASTER_USER='replication', MASTER_PASSWORD='password', MASTER_LOG_FILE='db-bin.000005';

Here 10.10.3.21 is your MASTER Server IP 'replication' is the master user 'password' is the password for your master server and 'db-bin.000005' is the Master log file this one you wll get while running the command mysql> SHOW SLAVE STATUS \G; in Master server

5. mysql> START SLAVE;

6. mysql> show slave status \G;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 10.10.3.21
Master_User: replication
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: db-bin.000005
Read_Master_Log_Pos: 792
Relay_Log_File: mysqld-relay-bin.000002
Relay_Log_Pos: 934
Relay_Master_Log_File: db-bin.000005
Slave_IO_Running: Yes
Slave_SQL_Running: Yes

Last_Errno: 0

Exec_Master_Log_Pos: 792
Relay_Log_Space: 1090
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No

Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:

The process:- In Master Server(Alter,Delete) all details execute and 'I/O Thread' save to a log file called Binary Log(ie,db-bin.000005) And in slave(only Read) read the changes from Binary log to relay log and update to slave SQL Thread.

You can verify by checking the Seconds_Behind_Master details and Slave_IO_Running and Slave_SQL_Running

Install Imagick on Cpanel Server

Install Imagick on Cpanel Server
Following commands will guide you through imagemagick and imageck installation
Imagemagick Installation
cd /usr/local/src/
wget ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick.tar.gz

tar zxvf ImageMagick.tar.gz

cd ImageMagick-*

./configure

make

make install

Then install the perl module:

cd PerlMagick

perl Makefile.PL

make

make install

Confirm the installation

which convert

/usr/local/bin/convert
Imagick installation in php

wget http://pecl.php.net/get/imagick-2.3.0.tgz

tar -zxvf imagick-2.3.0.tgz

cd imagick-2.3.0
phpize

./configure

make

make install
vi /usr/local/lib/php.ini
add the below line
extension=”imagick.so”
Now restart the webserver

/scripts/restartsrv_httpd

Set current time as est time

Set current time as est time



To set current time as EST time , just execute the following commands on your server or VE

root@server [/]# cp /usr/share/zoneinfo/EST /etc/localtime
cp: overwrite `/etc/localtime'? y
root@server [/]# date
Thu May 13 12:38:16 EST 2010

Different qouta sizes shown in Cpanel and Server

Different qouta sizes shown in Cpanel and Server
An example for the issue is :

Cpanel Disk usage:
User: test
Disk Space Usage 222.21 Megabytes
In Server
root@server[/home]# du -shc test/
59M test/
59M total
Solution
======

1)Login to the server:

root@server [~]#

2)Run the following scripts:

/scripts/resetquotas
/scripts/fixquotas

3)If its not successful i.e if the quota issue was not solved then go to screen mode.

screen -S ea
sh-3.00# quotacheck -avfumg

To come out of screen mode press Cntrl+A+D.
to got to screen mode again screen -x.

when completed it shows:
quotacheck: Scanning /dev/simfs [/] done
quotacheck: Checked 90761 directories and 772655 files.

4)Now check in WHM to verify whether you have fixed the issue

Creating password free connection between TWO Server's .&Connecting to server A with a private key .

Creating password free connection between TWO Server's .

MAKE SURE ALL THE PERMISSIONS ARE  600

===============================================

Let say you are trying to make connection Between  A and B Server .

In server A and B Do the following step 1.

1.)

ssh-keygen

Creates id_rsa <private> and id_rsa.pub <public>

2.)

Copy the id_rsa.pub of A to authorized_keys of B

Copy the id_rsa.pub of B to authorized_keys of A

Connecting to server A with a private key .

===============================

In server A create the private<id_rsa> and  public key<id_rsa.pub> using ssh-keygen

Then copy the id_rsa.pub to authorized_keys

Then we can use the private key in id-rsa to ssh in to the server .

From Server B using private key of A

ssh user@xxx.xxx.xxx.xxx -i <private>

 

from server zzz.zzz.zzz.zzz

ssh-copy-id root@xxx.xxx.xxx.xxx .. Will copy the public key of this server to server  xxx.xxx.xxx.xx .

Do the vise-versa from the server xxx.xxx.xxx.xxx to get the way round get done.

Thursday, May 16, 2013

Atomic mod security rules

ConfigServer ModSecurity Control provides an easy way of monitoring which rules are being triggered on the server in real time but more importantly, you can whitelist certain rules either globally accross the entire server or on a per account/domain basis if some of the rules conflict with a particular script or functionality (e.g. FrontPage). To install CMC, run the following:

rm -fv cmc.tgz

wget http://www.configserver.com/free/cmc.tgz
tar -xzf cmc.tgz
cd cmc
sh install.sh
cd ..
rm -Rfv cmc/ cmc.tgz
If you log in to WHM you will now see “ConfigServer ModSec Control” under “Plugins”. It’s important that you click on it because when it’s run the first time, it will create the file “modsec2.whitelist.conf” if it doesn’t already exist. If that file doesn’t exist then you’ll find Apache won’t start when we come to the end of this guide. Also while you’re here, click on “Disable modsecparse.pl”. This will disable the cPanel cron job that processes and empties the mod_security log, allowing you to use the log watching tool built in to CMC.

As to help our VPS and Dedicated Server customers who might also be effected by this we have designed the following guide to make installing Atmoic Mod Security into cPanel with little to no fuss.

Stage 1: Run the following commands at command line:

mkdir /var/asl
mkdir /var/asl/tmp
mkdir /var/asl/data
mkdir /var/asl/data/msa
mkdir /var/asl/data/audit
mkdir /var/asl/data/suspicious
chown nobody.nobody /var/asl/data/msa
chown nobody.nobody /var/asl/data/audit
chown nobody.nobody /var/asl/data/suspicious
chmod o-rx -R /var/asl/data/*
chmod ug+rwx -R /var/asl/data/*
mkdir /var/asl/updates
mkdir /var/asl/rules/
mkdir /var/asl/rules/clamav
mkdir /etc/asl/
touch /etc/asl/whitelist
cd /usr/local/src/
wget http://updates.atomicorp.com/channels/rules/delayed/modsec-2.7-free-latest.tar.gz
tar zxvf modsec-2.7-free-latest.tar.gz
mkdir /usr/local/apache/conf/modsec_rules/
cp modsec/* /usr/local/apache/conf/modsec_rules/
These command will create the required directory’s and download the latest free version of the Atomic Mod Security rules. It will also directly install them into the location of Apache designed for cPanel and configure the permission.

Stage 2: Configure cPanel to use the Mod Security Rules

In this stage, you can do everything from WHM as long as you have Mod Security already installed as part of your EasyApache build. If you do not, you will need to rebuild apache with Mod Security.

In go to: WHM -> Plugins -> Mod Security and then click: Edit Config

In this section, delete all the current content and then paste in the following configuration:

SecRequestBodyAccess On
SecAuditLogType Concurrent
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 2621440
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecServerSignature Apache
SecUploadDir /var/asl/data/suspicious
SecUploadKeepFiles Off
SecAuditLogParts ABIFHZ
SecArgumentSeparator "&"
SecCookieFormat 0
SecRequestBodyInMemoryLimit 131072
SecDataDir /var/asl/data/msa
SecTmpDir /tmp
SecAuditLogStorageDir /var/asl/data/audit
SecResponseBodyLimitAction ProcessPartial

Include /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf
Include /usr/local/apache/conf/modsec_rules/10_asl_rules.conf
Include /usr/local/apache/conf/modsec_rules/20_asl_useragents.conf
Include /usr/local/apache/conf/modsec_rules/30_asl_antispam.conf
Include /usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf
Include /usr/local/apache/conf/modsec_rules/60_asl_recons.conf
Include /usr/local/apache/conf/modsec_rules/99_asl_jitp.conf
Include /usr/local/apache/conf/modsec2.whitelist.conf
Save this and restart Apache.

This should now have successfully installed the Atomic mod security rules into cPanel which are a much more secure rule base and include extra protection which is important for the latest hacks.

Testing

http://YOUR_HOST/foo.php?foo=http://www.example.com

should give 403

Sunday, May 12, 2013

odbctest.php test page

--- begin odbctest.php---
<?
// connect to DSN MSSQL with a user and password
$connect = odbc_connect("MSSQLServer", "username", "password") or die
("couldn't connect");
odbc_exec($connect, "use Northwind");
$result = odbc_exec($connect, "SELECT CompanyName, ContactName " .
"FROM Suppliers");
while(odbc_fetch_row($result)){
print(odbc_result($result, "CompanyName") .
' ' . odbc_result($result, "ContactName") . "<br>\n");
}
odbc_free_result($result);
odbc_close($connect);
?>
--- end odbctest.php --

GRsec patched kernel install

Fetch the sources:

Download kernel from kernel.org

#wget http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/linux-2.6.32.51.tar.gz

Downlaod latest Grsecurity patch from below URL :

#wget http://grsecurity.net/stable/grsecurity-2.2.2-2.6.32.51-201201021326.patch

Extract:
tar xjf linux-2.6.32.51.tar.gz

Patch the kernel:

#cd linux-2.6.32.51

#patch -p1 < ../grsecurity-2.2.2-2.6.32.51-201201021326.patch

Now start making the kernel :

# make clean && make mrproper

Edit your kernel as per your need :

# make menuconfig

Compile your kernel and install it:

# make bzImage

# make modules

# make modules_install

Make sure it’s working ok with the help of following command :

# depmod 2.6.32.51-grsec

Installing and booting the new kernel :

# cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.32.51-grsec

There is also a file called “System.map” that must be copied to the same boot directory.

# cp System.map /boot

Do not forget to make changes in /etc/grub.conf

also go to grub prompt after this and fire below command :

# grub > savedefault –-default=0 –-once

Now reboot server :

#Shutdown -r now.

FFmpeg

Download all the files needed

cd /usr/local/src
wget http://www3.mplayerhq.hu/MPlayer/releases/codecs/essential-20071007.tar.bz2
wget http://rubyforge.org/frs/download.php/17497/flvtool2-1.0.6.tgz
wget http://easynews.dl.sourceforge.net/sourceforge/lame/lame-3.97.tar.gz
wget http://superb-west.dl.sourceforge.net/sourceforge/ffmpeg-php/ffmpeg-php-0.5.0.tbz2
wget http://downloads.xiph.org/releases/ogg/libogg-1.1.3.tar.gz
wget http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.gz
wget http://ftp.penguin.cz/pub/users/utx/amr/amrnb-7.0.0.2.tar.bz2
wget http://ftp.penguin.cz/pub/users/utx/amr/amrwb-7.0.0.3.tar.bz2
wget http://downloads.xiph.org/releases/theora/libtheora-1.0beta3.tar.gz

Extract all the files

tar zxvf lame-3.97.tar.gz
tar zxvf libogg-1.1.3.tar.gz
tar zxvf libvorbis-1.2.0.tar.gz
tar zxvf flvtool2-1.0.6.tgz
tar jxvf essential-20071007.tar.bz2
tar jxvf ffmpeg-php-0.5.0.tbz2
bzip2 -cd amrnb-7.0.0.2.tar.bz2 | tar xvf -
bzip2 -cd amrwb-7.0.0.3.tar.bz2 | tar xvf -
tar zxvf libtheora-1.0beta3.tar.gz

We need a codec directory

mkdir /usr/local/lib/codecs/

Install Ruby on Rails, subversion & ncurses

apt-get install subversion ruby libcurses-ruby

Run some SVN queries

svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg
svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer
cd /usr/local/src/mplayer
svn update

Copy Codecs for mplayer

mkdir /usr/local/lib/codecs
mv /usr/local/src/essential-20071007/* /usr/local/lib/codecs/
chmod -R 755 /usr/local/lib/codecs/

We also need to secure the tmp directory

mkdir /usr/local/src/tmp
chmod 777 /usr/local/src/tmp
export TMPDIR=/usr/local/src/tmp

Install lame

cd /usr/local/src/lame-3.97
./configure
make && make install

Install libogg

cd /usr/local/src/libogg-1.1.3
./configure && make && make install

Install libvorbis

cd /usr/local/src/libvorbis-1.2.0
./configure && make && make install

Install flvtool2

cd /usr/local/src/flvtool2-1.0.6/
ruby setup.rb config
ruby setup.rb setup
ruby setup.rb install

Install mplayer & mencoder

cd /usr/local/src/mplayer
./configure –enable-jpeg
make && make install

Install AMR (for 3gp conversion)

cd /usr/local/src/amrnb-7.0.0.2
./configure
make && make install

cd /usr/local/src/amrwb-7.0.0.3
./configure
make && make install

Install libtheora (for ogg video encoding)

cd /usr/local/src/libtheora-1.0beta3
./configure
make && make install

Install ffmpeg

cd /usr/local/src/ffmpeg/
./configure –enable-libmp3lame –enable-libogg –enable-libvorbis –disable-mmx –enable-shared –enable-amr-nb –enable-libtheora

Saturday, May 11, 2013

MSSQL Connection Testpage

<?php
$Server = "localhost";
$User = "your_name";
$Pass = "your_password";
$DB = "examples";

//connection to the database
$dbconn = mssql_connect($Server, $User, $Pass)
or die("Couldn't connect to SQL Server on $Server");

//select a database to work with
$selected = mssql_select_db($DB, $dbconn)
or die("Couldn't open database $myDB");

//declare the SQL statement that will query the database
$query = "SELECT name from test ";

//execute the SQL query and return records
$result = mssql_query($query);

$numRows = mssql_num_rows($result);
echo "<h1>" . $numRows . " Row" . ($numRows == 1 ? "" : "s") . " Returned </h1>";

//display the results
while($row = mssql_fetch_array($result))
{
echo "<br>" . $row["name"];
}
//close the connection
mssql_close($dbconn);
?>

Friday, May 10, 2013

FFMPEG on CentOS 6 cPanel Server

FFMPEG on CentOS 6 cPanel server




This article describes installation of ffmpeg, flvtool2, mplayer, mencoder, MP4Box, ffmpeg-php and many other video conversion tools on a CentOS 6 server with cPanel hosting control panel.

1. Enable SubHosting.net and EPEL yum repositories

The CentOS 6 RPM packages of ffmpeg, mplayer and MP4Box packages are available on Subhosting.net. These RPM packages are copied from ATrpms and RPM Fusion YUM repositories for a simplified installation.

Some packages on Subhosting.net YUM repo depend on EPEL repo. To enable EPEL repo, install the epel-release RPM package:


rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm


To enable SubHosting.net YUM repository, create the file /etc/yum.repos.d/subhosting.repo and add following repository configuration:


[SubHosting]
name=SubHosting Packages CentOS 6 - $basearch
baseurl=http://dl.subhosting.net/yumrepo/centos/6/$basearch/
enabled=1
gpgcheck=0


Note: with following 'yum' commands, use the switch --exclude "*.i386" on 64-bit systems so as to avoid installing 32-bit packages along with 64-bit packages. Of course, DO NOT use this switch on 32-bit systems.

2. Install ffmpeg mplayer and mencoder

Install these packages using following yum command:


yum install ffmpeg mplayer


Note: there is no separate package for mencoder. It is also provided by mplayer package.

This will also install various dependency packages like libtheora, libvorbis, libogg, lame, opencore-amr, x264, xvidcore etc.

3. Install flvtool2

cPanel has its own ruby installer script. So install ruby using following cPanel script:


/scripts/installruby


Flvtool2 is available as a Ruby Gems package. Use following gem command to install flvtool2:


gem install flvtool2


4. Install MP4Box2

MP4Box is provided by gpac package. Install gpac and its library packages:


yum install gpac gpac-libs


5. Install ffmpeg-php

Ffmpeg-php requires ffmpeg development package. Install it using yum:


yum install ffmpeg-devel


Now download the latest ffmpeg-php package:


wget http://downloads.sourceforge.net/ffmpeg-php/ffmpeg-php-0.6.0.tbz2


Untar this package, build and install it with following commands:


tar xjf ffmpeg-php-0.6.0.tbz2
cd ffmpeg-php-0.6.0
sed -i ‘s/PIX_FMT_RGBA32/PIX_FMT_RGB32/g’ ffmpeg_frame.c
phpize
./configure
make
make install


The make install command will show PHP extensions path where ffmpeg PHP extension is installed:


root@server [~/ffmpeg-php-0.6.0]# make install
Installing shared extensions: /usr/local/lib/php/extensions/no-debug-non-zts-20060613/


Now edit php.ini file (/usr/local/lib/php.ini) and make sure that value of extension_dir is set to PHP extension directory as given by above make install command:


extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20060613"


Add following line just below extension_dir and this will enable ffmpeg PHP extension:


extension="ffmpeg.so"


Restart Apache to make this change effective:


/scripts/restartsrv_httpd


You can verify the status of ffmpeg extension on a PHP info web page or from command line as given below:


root@server [~]# php -i | grep ffmpeg
ffmpeg
ffmpeg-php version => 0.6.0-svn
ffmpeg-php built on => Jun 2 2012 20:48:04
ffmpeg-php gd support => enabled
ffmpeg libavcodec version => Lavc52.123.0
ffmpeg libavformat version => Lavf52.111.0
ffmpeg swscaler version => SwS0.14.1
ffmpeg.allow_persistent => 0 => 0
ffmpeg.show_warnings => 0 => 0
OLDPWD => /root/ffmpeg-php-0.6.0
_SERVER["OLDPWD"] => /root/ffmpeg-php-0.6.0
_ENV["OLDPWD"] => /root/ffmpeg-php-0.6.0


6. Installation paths

Following are the file system paths of tools that we installed:


ffmpeg: /usr/bin/ffmpeg
mplayer: /usr/bin/mplayer
mencoder: /usr/bin/mencoder
flvtool2: /usr/bin/flvtool2
MP4Box: /usr/bin/MP4Box


Installing ffmpeg-php

Installing ffmpeg-php

Now we are ready to install ffmpeg-php. This can be done in six easy steps:

Download the latest ffmpeg-php release

http://sourceforge.net/projects/ffmpeg-php/files/ffmpeg-php/

Extract the archive:
tar -xjf ffmpeg-php-X.x.x.tbz2
cd ffmpeg-php-X.x.x/
phpize
./configure && make
sudo make install

ffmpeg installation centos

Install FFmpeg on CentOS or RedHat EL 6.x

The following install steps have been proven to work on RedHat Enterprise Linux 6.2. You can check which version you are running with

cat /etc/redhat-release
Additionally, we assume that you are connected and registered with the Red Hat network and/or updated the system with the latest updates from the repositories.

Follow this guide step by step!

Install the additional repo

rpm -Uhv http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
Update repository

yum -y update
Install all necessary packages

yum install SDL-devel a52dec a52dec-devel alsa-lib-devel faac faac-devel faad2 faad2-devel
yum install freetype-devel giflib gsm gsm-devel imlib2 imlib2-devel lame lame-devel libICE-devel libSM-devel libX11-devel
yum install libXau-devel libXdmcp-devel libXext-devel libXrandr-devel libXrender-devel libXt-devel
yum install id3tag-devel libogg libvorbis vorbis-tools mesa-libGL-devel mesa-libGLU-devel xorg-x11-proto-devel xvidcore xvidcore-devel zlib-devel
yum install amrnb-devel amrwb-devel
yum install libtheora theora-tools
yum install glibc gcc gcc-c++ autoconf automake libtool
yum install ncurses-devel
yum install libdc1394 libdc1394-devel
yum install yasm nasm
yum install libvpx*
yum install git-core
yum install opencore-amr-devel
Install the essential codecs

wget http://www8.mplayerhq.hu/MPlayer/releases/codecs/all-20110131.tar.bz2
bunzip2 all-20110131.tar.bz2; tar xvf all-20110131.tar

mkdir /usr/local/lib/codecs/
mkdir /usr/local/lib64/codecs/
cp all-20110131/* /usr/local/lib/codecs/
cp all-20110131/* /usr/local/lib64/codecs/
chmod -R 755 /usr/local/lib/codecs/
chmod -R 755 /usr/local/lib64/codecs/
Install LibOgg

wget http://downloads.xiph.org/releases/ogg/libogg-1.3.0.tar.gz
tar xzvf libogg-1.3.0.tar.gz
cd libogg-1.3.0
./configure
make
make install
Install Libvorbis

wget http://downloads.xiph.org/releases/vorbis/libvorbis-1.3.3.tar.gz
tar xzvf libvorbis-1.3.3.tar.gz
cd libvorbis-1.3.3
./configure
make
make install
Install Libtheora

wget http://downloads.xiph.org/releases/theora/libtheora-1.1.1.tar.gz
tar xzvf libtheora-1.1.1.tar.gz
cd libtheora-1.1.1
./configure
make
make install
Install Libvpx

git clone http://git.chromium.org/webm/libvpx.git
cd libvpx
./configure --enable-shared --extra-cflags=-fPIC
make
make install
Install Aacenc

wget http://downloads.sourceforge.net/opencore-amr/vo-aacenc-0.1.2.tar.gz
tar xzvf vo-aacenc-0.1.2.tar.gz
cd vo-aacenc-0.1.2
./configure --enable-shared
make
make install
Install X264

git clone git://git.videolan.org/x264.git
cd x264
./configure --enable-shared --extra-cflags=-fPIC --extra-asflags=-D__PIC__
make
make install
Note: (Sometimes the network might be down. Then you can also grab it via wget at ftp://ftp.videolan.org/pub/videolan/x264/snapshots/last_stable_x264.tar.bz2)

Configure Libraries

export LD_LIBRARY_PATH=/usr/local/lib/
echo /usr/local/lib > /etc/ld.so.conf.d/custom-libs.conf
ldconfig
Compile FFmpeg (the configure options have to be on one line)

git clone git://source.ffmpeg.org/ffmpeg.git
cd ffmpeg
git checkout n1.2
./configure --enable-version3 --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libvpx --enable-libfaac \
--enable-libmp3lame --enable-libtheora --enable-libvorbis --enable-libx264 --enable-libvo-aacenc --enable-libxvid --disable-ffplay \
--enable-shared --enable-gpl --enable-postproc --enable-nonfree --enable-avfilter --enable-pthreads --extra-cflags=-fPIC
make
make install
(The --arch=x86_64 option should only be used if you are on a 64Bit System!)

You can also use their Github repository at https://github.com/FFmpeg/FFmpeg.git.

That's it. This should give you a full functional FFMpeg installation for Razuna. Test it now with;

ffmpeg
This should give you the following back (yours might vary a bit);

FFmpeg version SVN-r20525, Copyright (c) 2000-2009 Fabrice Bellard, et al.
configuration: --enable-gpl --enable-nonfree --enable-postproc --enable-libfaad --enable-avfilter
--enable-pthreads --enable-libxvid --enable-libx264 --enable-libmp3lame --enable-libfaac
--disable-ffserver --disable-ffplay --enable-libamr-nb --enable-libamr-wb --enable-libtheora
--enable-libvorbis --disable-ffplay --enable-shared
libavutil 50. 4. 0 / 50. 4. 0
libavcodec 52.39. 0 / 52.39. 0
libavformat 52.39. 2 / 52.39. 2
libavdevice 52. 2. 0 / 52. 2. 0
libavfilter 1. 8. 0 / 1. 8. 0
libswscale 0. 7. 1 / 0. 7. 1
libpostproc 51. 2. 0 / 51. 2. 0
Try to convert a movie with;

ffmpeg -i movie.mov -vcodec libx264 -vpre hq -acodec libfaac movie.mp4

http://ffmpeg.org/trac/ffmpeg/wiki/CentosCompilationGuide

http://wiki.razuna.com/display/ecp/FFMpeg+Installation+on+CentOS+and+RedHat

Sunday, May 5, 2013

Memcached installation

http://www.sohailriaz.com/how-to-install-memcached-with-memcache-php-extension-on-centos-5x/

1) Install memcached.

Enable rpmforge respository to install latest memcached rpm using yum.

For i386 / i686

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

For x86_64

rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Use yum to install memcached

yum -y install memcached

As soon as memcached installation completed, edit options for memcached in /etc/sysconfig/memcached to meet your need.

vi /etc/sysconfig/memcached

PORT=”11211″ #define on which port to urn

USER=”nobody” #same as apache user

MAXCONN=”1024″ #maximum number of connections allowed

CACHESIZE=”64″ #memory used for caching

OPTIONS=”" #use for any custom options

Save the file. All options can be seen by using following command

memcached -h

Start memcached

/etc/init.d/memcached start

Starting Distributed memory caching (memcached): [ OK ]

to check the running status of memcached

/etc/init.d/memcached status

memcached (pid 6475) is running…

and

netstat -anp | grep 11211

tcp 0 0 :::11211 :::* LISTEN 6475/memcached

udp 0 0 0.0.0.0:11211 0.0.0.0:* 6475/memcached

2) Install PHP Extension.

Download and install latest stable memcache version from PECL.

cd /usr/src

wget http://pecl.php.net/get/memcache-2.2.5.tgz

tar zxvf memcache-2.2.5.tgz

cd memcache-2.2.5

phpize

./configure

make

make install

memcache.so will be install in php modules directory, now enable memcache.so extension in php.ini

To find out your php.ini location, execute following command

php -i | grep php.ini

Configuration File (php.ini) Path => /usr/local/lib

Loaded Configuration File => /usr/local/lib/php.ini

vi /usr/local/lib/php.ini

extension = “memcache.so”

save the file and restart httpd server.

/etc/init.d/httpd restart

To check is memcache extension loaded in php, execute following command.

php -i | grep memcache

memcache

memcache support => enabled

memcache.allow_failover => 1 => 1

memcache.chunk_size => 8192 => 8192

memcache.default_port => 11211 => 11211

memcache.default_timeout_ms => 1000 => 1000

memcache.hash_function => crc32 => crc32

memcache.hash_strategy => standard => standard

memcache.max_failover_attempts => 20 => 20

Registered save handlers => files user sqlite memcache

PWD => /usr/src/memcache-2.2.5

_SERVER["PWD"] => /usr/src/memcache-2.2.5
_ENV["PWD"] => /usr/src/memcache-2.2.5

Friday, May 3, 2013

Setting password for mysql user in .my.cnf

Setting password for mysql user in .my.cnf

Sometimes you want automated access for root on your MySQL database. One way of accomplishing that is by doing this:

# cd /root
# touch .my.cnf
# chmod 640 .my.cnf

And put in it:

[client]
user=root
password=<password of mysql root user>
Once you have done the following steps, the root user can login to mysql as root user without giving password.
root@server [~]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 749
Server version: 5.1.68-cll MySQL Community Server (GPL)

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

mysql>

Hide Apache, PHP and Bind Versions

Hide Apache, PHP and Bind Versions
To Check Apache Version:

By default, Apache will send version and modules information like mod_php, mod_perl, mod_ssl in every HTTP header.

If you want to view Apache web server version and sofware of a remote server, follow this procedure.

# telnet example.com 80

Trying example.com...
Connected to example.com.
Escape character is ‘^]'.
HEAD / HTTP/1.0 <- after this press 2 times ENTER
HTTP/1.1 200 OK
Date: Sun, 07 Oct 2012 12:57:57 GMT
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 JRun/4.0
Last-Modified: Tue, 03 Jan 2012 11:41:16 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Connection closed by foreign host.

In the above example it is showing all the details about your web server and php this is not recommended for security reasons.We need to hide this information with the following procedure.
To Hide Apache Information:
To hide the information, add the following two apache directives in Apache configuration file, (httpd.conf or apache2.conf)

ServerTokens ProductOnly

ServerSignature Off

# /etc/init.d/httpd restart

Now the output for apache header looks like below

Server: Apache
To Hide PHP Version Details

Locate php.ini loaded in the server.

Change the following option in php.ini

expose_php On

to

expose_php Off

# /etc/init.d/httpd restart
To Hide BIND Version
You can check the Bind version of a server by using the following command.

# dig +short @XXX.XXX.XXX.XXX -c CH -t txt version.bind
"9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.4"

To hide your version of bind, change the version value in named.conf as like the following.
You can give any string for the version.

options {
directory "/var/named";
version "We Just Hide It";
};

# dig +short @XXX.XXX.XXX.XXX -c CH -t txt version.bind
"We Just Hide It"

Complile and install PHP from source

Complile and install PHP from source

You can follow the steps shown below to install PHP5.2.x , PHP5.3.x and PHP5.4.x . You can download and install the desired PHP version. Please reade the Important notes before starting the installation.

Here i am using Centos 5.8 64 bit to install PHP. It will work in all the other CentOS 64 bit versions. In the 32 bit OS, there will be corresponding changes in yum install packages. You have to make sure that the installing packages are for 32 bit or not.

I have followed the steps in the following urls to setup LAMP server, i have tested and verified installation by following the steps described in there.

http://linuxadmintips4u.blogspot.in/2012/07/configure-apache.html

http://linuxadmintips4u.blogspot.in/2012/07/configuration-of-mysql.html
PHP
Important Notes:

***If you are using Apache2.4.x with PHP, it is recommanded PHP version above 5.3.x. There some complilation errors in using PHP5.2.x. There are some module mismatches in Apache2.4.x with PHP5.2.x.

***If you are planning to install SUPHP, there some changes in PHP complilation in PHP5.2.x and PHP5.3.x. If you are using PHP5.4.x, you can use the same installation as descripbed below.

***If you are using Apache2.4.x, it is not possible to install SUPHP with any of the PHP versions with the suphp-0.7.1. I am awaiting for the next version of suphp.

***You can follow the below url to install SUPHP in PHP5.2.x , PHP5.3.x and PHP5.4.x .
Installation

[root@vps ~]# cd /usr/local/src/

Download one of the following PHP packages and extract the packges as per the selected packages.

[root@vps src]# wget http://in1.php.net/distributions/php-5.2.17.tar.gz
or
[root@vps src]# wget http://in1.php.net/distributions/php-5.3.24.tar.gz
or
[root@vps src]# wget http://in1.php.net/distributions/php-5.4.14.tar.gz
[root@vps src]# tar -xzf php-5.2.17.tar.gz
[root@vps src]# cd php-5.2.17

Create a script, configure.sh with the following contents. I have tested the following script with all the versions of PHP and it is working fine for me.

#================================================================
#!/bin/bash

"./configure" \
"--prefix=/usr/local/php" \
"--with-apxs2=/usr/local/apache/bin/apxs" \
"--with-config-file-path=/usr/local/apache/conf" \
"--disable-debug" \
"--disable-rpath" \
"--enable-inline-optimization" \
"--enable-sockets" \
"--enable-wddx" \
"--enable-calendar" \
"--enable-ftp" \
"--enable-mbstring=all" \
"--enable-dom" \
"--enable-mbregex" \
"--enable-bcmath" \
"--with-openssl" \
"--with-kerberos" \
"--with-mcrypt" \
"--with-curl" \
"--with-gd" \
"--with-zlib-dir=/usr/lib" \
"--with-jpeg-dir=/usr/lib" \
"--with-png-dir=/usr/lib" \
"--with-freetype-dir=/usr/lib" \
"--with-regex=system" \
"--with-gettext" \
"--with-bz2" \
"--with-iconv" \
"--with-layout=GNU" \
"--with-imap=/usr/local/src/imap-2007f" \
"--with-imap-ssl" \
"--enable-soap" \
"--with-snmp" \
"--with-libdir=lib64" \
"--with-mysql=/usr/local/mysql" \
"--with-pdo-mysql"

#================================================================

[root@vps php-5.2.17]# chmod +x configure.sh
[root@vps php-5.2.17]# sh configure.sh

[root@vps php-5.2.17]# make
[root@vps php-5.2.17]# make install

Once the installation completed, create the following link to use the php command directly in terminal.

[root@vps ~]# ln -s /usr/local/php/bin/php /usr/bin/php

Once you done the above steps, check the version of PHP using the following command

[root@vps ~]# php -v
The above compilation command will enable the following modules. You can remove unwanted php modules from the compilation step. You may encounter errors while the compilation. All the errors which i got is added in the 'Possible Error' section at the end of this article. Please check there if you encountered an error during complilation.

Modules Installed During Installation
bcmath bz2 calendar Core ctype curl date dom filter ftp gd gettext hash iconv imap json libxml mbstring mcrypt mime_magic mysql openssl pcre PDO pdo_mysql pdo_sqlite posix Reflection session SimpleXML snmp soap sockets SPL SQLite standard tokenizer wddx xml xmlreader xmlwriter zlib
Possible Errors
I got the following errors while installing php with above modules and the solution i have given fixed those errors.

Compile Time Errors:

Error:
checking libxml2 install dir... no
checking for xml2-config path...
configure: error: xml2-config not found. Please check your libxml2 installation.

Solution:
[root@vps php-5.2.17]# yum install libxml2-devel -y

-------------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: Cannot find OpenSSL's <evp.h>

Solution:
[root@vps php-5.2.17]# yum install openssl-devel -y

-------------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: Please reinstall the BZip2 distribution

Solution:
[root@vps php-5.2.17]# yum install bzip2-devel.x86_64 -y

--------------------------------------------------------------------------------------------------------------------------------------------------

Error:
checking for cURL in default path... not found
configure: error: Please reinstall the libcurl distribution

Solution:
[root@vps php-5.2.17]# yum install curl-devel.x86_64 -y

-----------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: libjpeg.(a|so) not found.

Solution:
[root@vps php-5.2.17]# yum install libjpeg-devel.x86_64 -y

------------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: libpng.(a|so) not found.

Solution:
[root@vps php-5.2.17]# yum install libpng-devel.x86_64 -y

----------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: freetype.h not found.

Solution:
[root@vps php-5.2.17]# yum install freetype-devel.x86_64 -y

-----------------------------------------------------------------------------------------------------------------------------------------------

Error:
checking OpenSSL dir for SNMP... no
checking whether to enable UCD SNMP hack... no
checking for net-snmp-config... no
configure: error: snmp.h not found. Check your SNMP installation

Solution:
[root@vps php-5.2.17]# yum install net-snmp-devel -y

-----------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: mcrypt.h not found. Please reinstall libmcrypt

Solution:
[root@vps php-5.2.17]# yum install libmcrypt.x86_64 libmcrypt-devel.x86_64 -y

------------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: utf8_mime2text() has new signature, but U8T_CANONICAL is missing. This should not happen. Check config.log for additional information.

Solution:

Install imap using the script described in the following url.

http://linuxadmintips4u.blogspot.in/2013/04/error-utf8mime2text-has-new-signature.html

----------------------------------------------------------------------------------------------------------------------------------------

Error:
checking for specified location of the MySQL UNIX socket... no
checking for MySQL UNIX socket location... no
configure: error: Cannot find libmysqlclient_r under /usr/local/mysql.
Note that the MySQL client library is not bundled anymore!

Solution:

http://linuxadmintips4u.blogspot.in/2013/04/error-cannot-find-libmysqlclientr-under.html

--------------------------------------------------------------------------------------------------------------------------------------------

Errors in Make
Error:
/usr/bin/ld: cannot find -lltdl
collect2: ld returned 1 exit status
make: *** [libphp5.la] Error 1

Solution:

Here's what you need to do to fix this issue,
1.Verify that the libtool and libtool-ltdl packages are installed.
[root@vps php-5.2.17]# yum install libtool-ltdl.x86_64 libtool.x86_64 -y

2.Symlink libltdl.so to libltdl.so.x.x.x

PHP looks for the libltdl library only at (for x64 at least) /usr/lib64/libltdl.so. The symlink to this file is not included in the libtool packages,you'll have to make it yourself
[root@vps php-5.2.17]# cd /usr/lib64
[root@vps lib64]# ln -s libltdl.so.3.1.4 libltdl.so

Try once again...

------------------------------------------------------------------------------------------------------------------------------------------------

Error:
/usr/local/imap-2007f/lib/libc-client.a: could not read symbols: Bad value
collect2: ld returned 1 exit status
make: *** [libphp5.la] Error 1
Solution:

Install imap using the script described in the following url.

http://linuxadmintips4u.blogspot.in/2013/04/error-utf8mime2text-has-new-signature.html