Sunday, June 30, 2013

RESET MYSQL PASSWORD

RESET MYSQL PASSWORD
====================

In cpanel
======
Login WHM ---> mysql root password --> Given the new password.
cat /root/.my.cnf will list the password for mysql

In Kloxo
======

Search ---> passwordMysql ---> reset the password,
In Direct admin
==========

 

For manually change
=================

service mysqld stop

mysqld_safe --skip-grant-tables &

then exit from the mysql by typing quit

then type #mysql -u root mysql (Since you’ve skipped the grant table, this time when you try to login to mysql, it will not ask for password.)
Set MySQL Root Password to a New Password Using UPDATE Command below,

mysql> UPDATE user SET password=PASSWORD('newpassword') WHERE user='root';

eg, mysql> UPDATE user SET password=PASSWORD('test123') WHERE user='root';

then service mysql restart the mysql

then you can use the new mysql password "test1223"

How to clean mailman archives in cPanel

You need to have root access to your server using SSH.

The commands required to clean the mailman archives and attachments disk space are:

1. To clean the old archives (keeping just the last 3 months):

cd /usr/local/cpanel/3rdparty/mailman/archives/private/
cd listname_clientdomain.ext

NOTE: replace listname_clientdomain.ext for your corresponding mailing list name and domain.

Then delete the files related to your list executing (as an example):

rm -fR 2009*
rm -fR 2010*
rm -fR 2011-Jan*
rm -fR 2011-Feb*
rm -fR 2011-Feb*
rm -fR 2011-Mar*
rm -fR 2011-Apr*
rm -fR 2011-May*
rm -fR 2011-Jun*
rm -fR 2011-Jul*
rm -fR 2011-Aug*
rm -fR 2011-Sep*
etc …

In the example above we deleted all the archived files for 2009, 2010 and all month until September 2011.

2. To clean the attachments (keeping just the last 3 months):

cd attachments
tmpwatch –mtime –all 744 /usr/local/cpanel/3rdparty/mailman/archives/private/listname_clientdomain.ext/attachments

NOTE: replace listname_clientdomain.ext for your corresponding mailing list name and domain.

3. To clean the cache for mailman once done the previous two steps please run:

/scripts/update_mailman_cache

So, you will see the right quota at the account disk space used.

 

Steps to forward mails from/to all accounts under a domain to another email

Steps to forward mails from/to all accounts under a domain to another email

Check which exim filter is used in the exim configuration file

grep filter /etc/exim.conf

Add the following entries to the filter file.

vi /etc/cpanel_exim_system_filter

##send a copy of all mails from domain.com to gmail

if $header_from: contains “@domain.com”
then
unseen deliver “test@gmail.com”
endif

##to forward gmail a copy of all mails to domain.com

if $recipients contains “@domain.com”
then
unseen deliver “test@gmail.com”
endif

Restart exim once this is done.

How to clear eximstats db

If the size of your eximstats database is getting large, you can do the following steps to clear it. Login to mysql

mysql

mysql> use eximstats

mysql> delete from sends;

mysql> delete from smtp;

mysql> delete from failures

; mysql> delete from defers;

Thursday, June 27, 2013

How to reset my WordPress admin password?

You have to do this through the WordPress database directly. The most convenient way to manage the database is via the phpMyAdmin tool at your web hosting account.

Once in phpMyAdmin select the WordPress database from the drop-down menu on the left. The page will refresh and the database’s tables will be displayed on it. Open theSQL tab (look at the top navigation bar).

In the text field write the following SQL query:

UPDATE `wp_users` SET `user_pass` = MD5( ‘new_password_here‘ ) WHERE `wp_users`.`user_login` = “admin_username“;

“new_password_here” – replace this with the new password you wish to use.
“admin_username” – replace this with the username the password should be updated for.

Once you are ready, click on the GO button to submit the query. If everything goes fine without errors, you should be able to login to WordPress with the new password.

How to protect your bandwidth from hotlinking images

To protect your images from being accessed on other websites and consuming your bandwidth, you can put the following code in the .htaccess file under your public_html folder :
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg|js|css)$ - [F]
Please make sure that you replace ‘mydomain.com’ with your own domain name, the hotlinked image will be broken if its not loaded at your website.

How to enable Mysql query log

If you need to log down all queries executed by Mysql for troubleshooting:

vi /etc/my.cnf
#add in this line:
log=/tmp/mysql.log
After that restart your mysqld service

/etc/init.d/mysqld restart
you can then use commands such as tail command to trace from the log file

tail -f /tmp/mysql.log
Please do turn off the logging by removing the log configuration and restart the mysqld service again, as the log file could grow huge and using up space in /tmp partition

Wednesday, June 26, 2013

Use “shopt -s cdspell” to automatically correct mistyped directory names on cd

Use “shopt -s cdspell” to automatically correct mistyped directory names on cd

Use shopt -s cdspell to correct the typos in the cd command automatically as shown below. If you are not good at typing and make lot of mistakes, this will be very helpful.

# cd /etc/mall
-bash: cd: /etc/mall: No such file or directory

# shopt -s cdspell
# cd /etc/mall
# pwd
/etc/mail
[Note: By mistake, when I typed mall instead of mail,
cd corrected it automatically]

 

Use dirs, pushd and popd to manipulate directory stack

Use dirs, pushd and popd to manipulate directory stack

You can use directory stack to push directories into it and later pop directory from the stack. Following three commands are used in this example.

dirs: Display the directory stack
pushd: Push directory into the stack
popd: Pop directory from the stack and cd to it
Dirs will always print the current directory followed by the content of the stack. Even when the directory stack is empty, dirs command will still print only the current directory as shown below.

# popd
-bash: popd: directory stack empty

# dirs
~

# pwd
/home/ramesh
How to use pushd and popd? Let us first create some temporary directories and push them to the directory stack as shown below.

# mkdir /tmp/dir1
# mkdir /tmp/dir2
# mkdir /tmp/dir3
# mkdir /tmp/dir4

# cd /tmp/dir1
# pushd .

# cd /tmp/dir2
# pushd .

# cd /tmp/dir3
# pushd .

# cd /tmp/dir4
# pushd .

# dirs
/tmp/dir4 /tmp/dir4 /tmp/dir3 /tmp/dir2 /tmp/dir1
[Note: The first directory (/tmp/dir4) of the dir command output is always
the current directory and not the content from the stack.]
At this stage, the directory stack contains the following directories:

/tmp/dir4
/tmp/dir3
/tmp/dir2
/tmp/dir1
The last directory that was pushed to the stack will be at the top. When you perform popd, it will cd to the top directory entry in the stack and remove it from the stack. As shown above, the last directory that was pushed into the stack is /tmp/dir4. So, when we do a popd, it will cd to the /tmp/dir4 and remove it from the directory stack as shown below.

# popd
# pwd
/tmp/dir4

[Note: After the above popd, directory Stack Contains:
/tmp/dir3
/tmp/dir2
/tmp/dir1]

# popd
# pwd
/tmp/dir3

[Note: After the above popd, directory Stack Contains:

/tmp/dir2
/tmp/dir1]

# popd
# pwd
/tmp/dir2

[Note: After the above popd, directory Stack Contains: /tmp/dir1]

# popd
# pwd
/tmp/dir1

[Note: After the above popd, directory Stack is empty!]

# popd
-bash: popd: directory stack empty

How to Enable TUN/TAP Module in OpenVZ

How to Enable TUN/TAP Module in OpenVZ
OpenVZ supports VPN inside a container via kernel TUN/TAP module and device. To allow VPS #101 to use the TUN/TAP device the following should be done:

#101 - VPS id. Replace #101 with your VPS id.

Make sure the tun module has already loaded on the Node.
[root@Node /]# lsmod | grep tun

If not listed, then load the tun module with the below command
[root@Node /]# modprobe tun

[root@Node /]# lsmod | grep tun
tun 82432 6

Run the following command in Node:
[root@Node /]# vzctl set 101 --devnodes net/tun:rw --save
[root@Node /]# vzctl set 101 --devices c:10:200:rw --save
[root@Node /]# vzctl stop 101
[root@Node /]# vzctl set 101 --capability net_admin:on --save
[root@Node /]# vzctl start 101
[root@Node /]# vzctl exec 101 mkdir -p /dev/net
[root@Node /]# vzctl exec 101 chmod 600 /dev/net/tun

To check TUN/TAP is enabled or not :
[root@Node /]# vzctl enter 101

Inside the VPS:
[root@vps /]# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state # It means the TUN/TAP is enabled on your VPS.

cat: /dev/net/tun: No such device # If you receive like this, then the TUN/TAP has not enabled on your VPS . Try to enable TUN/TAP again and check.

Grep-In Detail

 Search for the given string in a single file

The basic usage of grep command is to search for a specific string in the specified file as shown below.

Syntax:
grep "literal_string" filename

$ grep "this" demo_file
this line is the 1st lower case line in this file.
Two lines above this line is empty.


Checking for the given string in multiple files.

Syntax:
grep "string" FILE_PATTERN

This is also a basic usage of grep command. For this example, let us copy the demo_file to demo_file1. The grep output will also include the file name in front of the line that matched the specific pattern as shown below. When the Linux shell sees the meta character, it does the expansion and gives all the files as input to grep.

$ cp demo_file demo_file1

$ grep "this" demo_*
demo_file:this line is the 1st lower case line in this file.
demo_file:Two lines above this line is empty.
demo_file:And this is the last line.
demo_file1:this line is the 1st lower case line in this file.
demo_file1:Two lines above this line is empty.
demo_file1:And this is the last line.

Case insensitive search using grep -i

Syntax:
grep -i "string" FILE

This is also a basic usage of the grep. This searches for the given string/pattern case insensitively. So it matches all the words such as “the”, “THE” and “The” case insensitively as shown below.

$ grep -i "the" demo_file
THIS LINE IS THE 1ST UPPER CASE LINE IN THIS FILE.
this line is the 1st lower case line in this file.
This Line Has All Its First Character Of The Word With Upper Case.
And this is the last line.

 Match regular expression in files

Syntax:
grep "REGEX" filename

This is a very powerful feature, if you can use use regular expression effectively. In the following example, it searches for all the pattern that starts with “lines” and ends with “empty” with anything in-between. i.e To search “lines[anything in-between]empty” in the demo_file.

$ grep "lines.*empty" demo_file
Two lines above this line is empty.
From documentation of grep: A regular expression may be followed by one of several repetition operators:

? The preceding item is optional and matched at most once.
* The preceding item will be matched zero or more times.
+ The preceding item will be matched one or more times.
{n} The preceding item is matched exactly n times.
{n,} The preceding item is matched n or more times.
{,m} The preceding item is matched at most m times.
{n,m} The preceding item is matched at least n times, but not more than m times.

Checking for full words, not for sub-strings using grep -w

If you want to search for a word, and to avoid it to match the substrings use -w option. Just doing out a normal search will show out all the lines.

The following example is the regular grep where it is searching for “is”. When you search for “is”, without any option it will show out “is”, “his”, “this” and everything which has the substring “is”.

$ grep -i "is" demo_file
THIS LINE IS THE 1ST UPPER CASE LINE IN THIS FILE.
this line is the 1st lower case line in this file.
This Line Has All Its First Character Of The Word With Upper Case.
Two lines above this line is empty.
And this is the last line.

The following example is the WORD grep where it is searching only for the word “is”. Please note that this output does not contain the line “This Line Has All Its First Character Of The Word With Upper Case”, even though “is” is there in the “This”, as the following is looking only for the word “is” and not for “this”.

$ grep -iw "is" demo_file
THIS LINE IS THE 1ST UPPER CASE LINE IN THIS FILE.
this line is the 1st lower case line in this file.
Two lines above this line is empty.
And this is the last line.
 Displaying lines before/after/around the match using grep -A, -B and -C

When doing a grep on a huge file, it may be useful to see some lines after the match. You might feel handy if grep can show you not only the matching lines but also the lines after/before/around the match.
Please create the following demo_text file for this example.

$ cat demo_text
4. Vim Word Navigation

You may want to do several navigation in relation to the words, such as:

* e - go to the end of the current word.
* E - go to the end of the current WORD.
* b - go to the previous (before) word.
* B - go to the previous (before) WORD.
* w - go to the next word.
* W - go to the next WORD.

WORD - WORD consists of a sequence of non-blank characters, separated with white space.
word - word consists of a sequence of letters, digits and underscores.

Example to show the difference between WORD and word

* 192.168.1.1 - single WORD
* 192.168.1.1 - seven words.

Display N lines after match
-A is the option which prints the specified N lines after the match as shown below.

Syntax:
grep -A <N> "string" FILENAME

The following example prints the matched line, along with the 3 lines after it.

$ grep -A 3 -i "example" demo_text
Example to show the difference between WORD and word

* 192.168.1.1 - single WORD
* 192.168.1.1 - seven words.


Display N lines before match

-B is the option which prints the specified N lines before the match.

Syntax:
grep -B <N> "string" FILENAME

When you had option to show the N lines after match, you have the -B option for the opposite.

$ grep -B 2 "single WORD" demo_text
Example to show the difference between WORD and word

* 192.168.1.1 - single WORD

Display N lines around match


-C is the option which prints the specified N lines before the match. In some occasion you might want the match to be appeared with the lines from both the side. This options shows N lines in both the side(before & after) of match.

$ grep -C 2 "Example" demo_text
word - word consists of a sequence of letters, digits and underscores.

Example to show the difference between WORD and word

* 192.168.1.1 - single WORD

Highlighting the search using GREP_OPTIONS

As grep prints out lines from the file by the pattern / string you had given, if you wanted it to highlight which part matches the line, then you need to follow the following way.

When you do the following export you will get the highlighting of the matched searches. In the following example, it will highlight all the this when you set the GREP_OPTIONS environment variable as shown below.

$ export GREP_OPTIONS='--color=auto' GREP_COLOR='100;8'

$ grep this demo_file
this line is the 1st lower case line in this file.
Two lines above this line is empty.
And this is the last line.

Searching in all files recursively using grep -r

When you want to search in all the files under the current directory and its sub directory. -r option is the one which you need to use. The following example will look for the string “ramesh” in all the files in the current directory and all it’s subdirectory.

$ grep -r "ramesh" *
9. Invert match using grep -v

You had different options to show the lines matched, to show the lines before match, and to show the lines after match, and to highlight match. So definitely You’d also want the option -v to do invert match.

When you want to display the lines which does not matches the given string/pattern, use the option -v as shown below. This example will display all the lines that did not match the word “go”.

$ grep -v "go" demo_text
4. Vim Word Navigation

You may want to do several navigation in relation to the words, such as:

WORD - WORD consists of a sequence of non-blank characters, separated with white space.
word - word consists of a sequence of letters, digits and underscores.

Example to show the difference between WORD and word

* 192.168.1.1 - single WORD
* 192.168.1.1 - seven words.

display the lines which does not matches all the given pattern.

Syntax:
grep -v -e "pattern" -e "pattern"

$ cat test-file.txt
a
b
c
d

$ grep -v -e "a" -e "b" -e "c" test-file.txt
d

Counting the number of matches using grep -c

When you want to count that how many lines matches the given pattern/string, then use the option -c.

Syntax:
grep -c "pattern" filename

$ grep -c "go" demo_text
6

When you want do find out how many lines matches the pattern

$ grep -c this demo_file
3

When you want do find out how many lines that does not match the pattern

$ grep -v -c this demo_file
4

Display only the file names which matches the given pattern using grep -l

If you want the grep to show out only the file names which matched the given pattern, use the -l (lower-case L) option.

When you give multiple files to the grep as input, it displays the names of file which contains the text that matches the pattern, will be very handy when you try to find some notes in your whole directory structure.

$ grep -l this demo_*
demo_file
demo_file1

Show only the matched string

By default grep will show the line which matches the given pattern/string, but if you want the grep to show out only the matched string of the pattern then use the -o option.

It might not be that much useful when you give the string straight forward. But it becomes very useful when you give a regex pattern and trying to see what it matches as

$ grep -o "is.*line" demo_file
is line is the 1st lower case line
is line
is is the last line

Show the position of match in the line

When you want grep to show the position where it matches the pattern in the file, use the following options as

Syntax:
grep -o -b "pattern" file

$ cat temp-file.txt
12345
12345

$ grep -o -b "3" temp-file.txt
2:3
8:3

Note: The output of the grep command above is not the position in the line, it is byte offset of the whole file.
Show line number while displaying the output using grep -n

To show the line number of file with the line matched. It does 1-based line numbering for each file. Use -n option to utilize this feature.

$ grep -n "go" demo_text
5: * e - go to the end of the current word.
6: * E - go to the end of the current WORD.
7: * b - go to the previous (before) word.
8: * B - go to the previous (before) WORD.
9: * w - go to the next word.
10: * W - go to the next WORD.

Ramfs and Tmpfs

Using ramfs or tmpfs you can allocate part of the physical memory to be used as a partition. You can mount this partition and start writing and reading files like a hard disk partition. Since you’ll be reading and writing to the RAM, it will be faster.

When a vital process becomes drastically slow because of disk writes, you can choose either ramfs or tmpfs file systems for writing files to the RAM.
Both tmpfs and ramfs mount will give you the power of fast reading and writing files from and to the primary memory. When you test this on a small file, you may not see a huge difference. You’ll notice the difference only when you write large amount of data to a file with some other processing overhead such as network.

1. How to mount Tmpfs

# mkdir -p /mnt/tmp

# mount -t tmpfs -o size=20m tmpfs /mnt/tmp
The last line in the following df -k shows the above mounted /mnt/tmp tmpfs file system.

# df -k
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda2 32705400 5002488 26041576 17% /
/dev/sda1 194442 18567 165836 11% /boot
tmpfs 517320 0 517320 0% /dev/shm
tmpfs 20480 0 20480 0% /mnt/tmp
2. How to mount Ramfs

# mkdir -p /mnt/ram

# mount -t ramfs -o size=20m ramfs /mnt/ram
The last line in the following mount command shows the above mounted /mnt/ram ramfs file system.

# mount
/dev/sda2 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
tmpfs on /mnt/tmp type tmpfs (rw,size=20m)
ramfs on /mnt/ram type ramfs (rw,size=20m)
You can mount ramfs and tmpfs during boot time by adding an entry to the /etc/fstab.

3. Ramfs vs Tmpfs

Primarily both ramfs and tmpfs does the same thing with few minor differences.

Ramfs will grow dynamically. So, you need control the process that writes the data to make sure ramfs doesn’t go above the available RAM size in the system. Let us say you have 2GB of RAM on your system and created a 1 GB ramfs and mounted as /tmp/ram. When the total size of the /tmp/ram crosses 1GB, you can still write data to it. System will not stop you from writing data more than 1GB. However, when it goes above total RAM size of 2GB, the system may hang, as there is no place in the RAM to keep the data.
Tmpfs will not grow dynamically. It would not allow you to write more than the size you’ve specified while mounting the tmpfs. So, you don’t need to worry about controlling the process that writes the data to make sure tmpfs doesn’t go above the specified limit. It may give errors similar to “No space left on device”.
Tmpfs uses swap.
Ramfs does not use swap.
4. Disadvantages of Ramfs and Tmpfs

Since both ramfs and tmpfs is writing to the system RAM, it would get deleted once the system gets rebooted, or crashed. So, you should write a process to pick up the data from ramfs/tmpfs to disk in periodic intervals. You can also write a process to write down the data from ramfs/tmpfs to disk while the system is shutting down. But, this will not help you in the time of system crash.

Table: Comparison of ramfs and tmpfs
Experimentation                                                  Tmpfs                                   Ramfs
Fill maximum space and continue writing      Will display error            Will continue writing
Fixed Size                                                              Yes                                        No
Uses Swap                                                            Yes                                        No
Volatile Storage                                                     Yes                                       Yes

If you want your process to write faster, opting for tmpfs is a better choice with precautions about the system crash.

Add IP using ifconfig command line

You can use ifconfig command to configure a network interface and alias. For example:



  • eth0 NIC IP 192.168.1.5

  • eth0:0 first NIC alias: 192.168.1.6


To setup eth0:0 alias type the following command as the root user:
# ifconfig eth0:0 192.168.1.6 up
Verify alias is up and running using following command:
# ifconfig -a

# ping 192.168.1.6
However, if you reboot the system you will lost all your alias. To make it permanent you need to add it network configuration file.

========================

Copy etc/sysconfig/network-scripts/ifcfg-eth0 file as /etc/sysconfig/network-scripts/ifcfg-eth0:0
# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0

Open file /etc/sysconfig/network-scripts/ifcfg-eth0:0 using vi text editor:
# vi /etc/sysconfig/network-scripts/ifcfg-eth0:0

Find entry that read as follows:

DEVICE=eth0

Replace with:

DEVICE=eth0:0

Find entry that read as follows:

IPADDR=xxx.xxx.xxx.xxx
Replace it with your actual IP address:

IPADDR=192.168.1.7
At the end your file should like as follows:

DEVICE=eth0:0
IPADDR=192.168.1.7
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
NAME=eth0:0
Open file /etc/sysconfig/network-scripts/ifcfg-eth0 and make sure file does not have a GATEWAY= entry:
# vi /etc/sysconfig/network-scripts/ifcfg-eth0

Find the entry that read as follows:

GATEWAY=your-ip
Remove or comment it out by prefixing # (hash) :

# GATEWAY=192.168.1.254
Save the file. Add the GATEWAY= to your /etc/sysconfig/network:

# vi /etc/sysconfig/network
Append or modify GATEWAY entry:

GATEWAY=192.168.1.254
Save the file. Reboot the system or run the following command:

# ifup eth0:0
OR

# service network restart
Red Hat / CentOS / Fedora Multiple IP address range

You can assign multiple ip address range as follows to eth0:
vi /etc/sysconfig/network-scripts/ifcfg-eth0-range0

Append following code from 202.54.112.120 to 202.54.112.140:

IPADDR_START=202.54.112.120
IPADDR_END=202.54.112.140
CLONENUM_START=0
NETMASK=255.255.255.0
Save and close the file.

 

How do I assign additional IP addresses in RedHat/CentOS?

If you are using CPanel, you should add the IP addresses through WHM. Do not follow these instructions if you are using CPanel.
If you want to assign the addresses 3.2.1.1 – 3.2.1.20 to your server, you will need to create a RANGE file.
cd /etc/sysconfig/network-scripts
ls ifcfg-eth1-range*

If you already have a range file, you will need to create a new one for the new range of IPs you are adding, eg ‘nano ifcfg-eth1-range1` . If you have one named range1, name the next range2 and so on.
nano ifcfg-eth1-range1
Place the following text in the file:
IPADDR_START=192.168.0.10
IPADDR_END=192.168.0.110
CLONENUM_START=0
Note: CLONENUM_START defines where the alias will start. If this is the second range file, you will need to set CLONENUM_START to a value higher than the number of IP addresses assigned. To check what you currently have used, you can run ‘ifconfig –a | grep eth1’. This will list devices such as eth1:0, eth1:1, eth1:2, and so on. If you are currently using upto eth1:16, you will need to set CLONENUM_START to 17 to assign the IPs correctly.

Read File using Shell Script

Read File using Shell Script
#!/bin/bashFILENAME=”filename.txt”exec 0< $FILENAMEwhile read LINEdo echo $LINEdone
#!/bin/bash

FILENAME=”filename.txt”

exec 0< $FILENAME

while read LINE

do

echo $LINE

done

Tuesday, June 25, 2013

Crond Predefined scheduling definitions

Predefined scheduling definitions[edit]
Several special predefined values can substitute in the CRON expression. Note that in some uses of the CRON format there is also a seconds field at the beginning of the pattern (e.g., Quartz).
Entry                 Description                                                                                                Equivalent To
@yearly          (or @annually) Run once a year at midnight in the morning of January        1 0 0 1 1 *
@monthly       Run once a month at midnight in the morning of the first of the month        0 0 1 * *
@weekly         Run once a week at midnight in the morning of Sunday                                 0 0 * * 0
@daily             Run once a day at midnight                                                                             0 0 * * *
@hourly          Run once an hour at the beginning of the hour                                                 0 * * * *
@reboot          Run at startup                                                                                                  @reboot

Exim Ip rotation script

/etc/eximserverip
/etc/eximiprotate
/etc/script_eximrotate

Sample script . Please don't use this of you don't know what you are doing . Please contact me if you need assistance .
# cat /etc/eximserverip
15

xxx.xxx.xxx.xxx

xxx.xxx.xxx.xxx

 xxx.xxx.xxx.xxx

  [~]# cat /etc/eximiprotate

#/bin/bash
#IP Selcetor

ipnumber=$(head -n 1 /etc/eximserverip)
if [ "$ipnumber" -eq 16 ]; then
ipnumber=2;
fi

#IP to be used for changing
head -$ipnumber /etc/eximserverip |tail -1
#Increamenting the no of Ip to be used .
ipnumber=$(($ipnumber+1))
sed -i -e '1 s/\S\+/'"${ipnumber}"'/' /etc/eximserverip

cat /etc/script_eximrotate
#script to change the exim IP

interface=0
interface="interface = $(sh /etc/eximiprotate)"
echo $interface;
sed -i -e '1666 s/.*/'"${interface}"'/1' /etc/exim.conf
/etc/init.d/exim restart

Installing VNC SERVER

1. Installing the required packages

The server package is called 'vnc-server'. Run the command: rpm -q vnc-server

The result will be either package vnc-server is not installed or something like vnc-server-4.0-11.el4.

If the server is not installed, install it with the command: yum install vnc-server

The client program is 'vnc'. You can use the command: yum install vnc to install the client if: rpm -q vnc shows that it is not already installed.

Make sure to install a window manager in order to get a full-featured GUI desktop. You can use the command yum groupinstall "GNOME Desktop Environment" to install the Gnome Desktop and requirements, for example. Other popular desktop environments are "KDE" and "XFCE-4.4". XFCE is more light-weight than Gnome or KDE and available from the "extras" repository.

If you are a minimalist, or simply testing, however, it is sufficient to have yum install a simple XTERM client: yum install xterm

If you are running CentOS 6, the command is yum groupinstall Desktop

If you are running CentOS 5, yum groupinstall "GNOME Desktop Environment" may complain about a missing libgaim.so.0. This is a known bug. Please see CentOS-5 FAQ for details.

If you are running CentOS 6, the server is: tigervnc-server not: vnc-server

2. Configuring un-encrypted VNC

We will be setting up VNC for 3 users. These will be 'larry', 'moe', and 'curly'

You will perform the following steps to configure your VNC server:

Create the VNC users accounts.
Edit the server configuration.
Set your users' VNC passwords.
Confirm that the vncserver will start and stop cleanly.
Create and customize xstartup scripts.
Amend the iptables.
Start the VNC service.
Test each VNC user.
Additional optional enhancements
2.1. Create the VNC user accounts
As root:
$ su -
# useradd larry
# useradd moe
# useradd curly
# passwd larry
# passwd moe
# passwd curly
2.2. Edit the server configuration
Edit /etc/sysconfig/vncservers, and add the following to the end of the file.
VNCSERVERS="1:larry 2:moe 3:curly"
VNCSERVERARGS[1]="-geometry 640x480"
VNCSERVERARGS[2]="-geometry 640x480"
VNCSERVERARGS[3]="-geometry 800x600"
Larry will have a 640 by 480 screen, as will Moe. Curly will have an 800 by 600 screen.

Note: This step is NOT out of sequence, but is placed here so that the next following step will fall adjacent to the step in which failure to perform it, will permit immediate fault diagnosis.

2.3. Set your users' VNC passwords
Switch user into the account for each user, and as noted below, run: vncpasswd This will create the ~/.vnc directory for that userid:
[~]# su - larry
[~]$ vncpasswd
[~]$ cd .vnc
[.vnc]$ ls
passwd
[.vnc]$ exit
[~]#
2.4. Confirm that the vncserver will start and stop cleanly
We will create the xstartup scripts by starting and stopping the vncserver as root. We also enable the vncserver service to be automatically started.

# /sbin/service vncserver start
# /sbin/service vncserver stop
# /sbin/chkconfig vncserver on...

 

2.8.1. Testing with a java enabled browser

Let us assume that mymachine has an IP address of 192.168.0.10. The URL to connect to each of the users will be:
Larry is http://192.168.0.10:5801
Moe is http://192.168.0.10:5802
Curly is http://192.168.0.10:5803
Connect to http://192.168.0.10:5801. A java applet window will pop-up showing a connection to your machine at port 1. Click the [ok] button. Enter larry's VNC password, and a 640x480 window should open using the default window manager selected for larry . The above ports 5801, 5802 and 5803 must be open in the firewall {iptables) for the source IP addresses or subnets of a given client.

2.8.2. Testing with a vnc client
For Larry: vncviewer 192.168.0.10:1
For Moe: vncviewer 192.168.0.10:2
For Curly: vncviewer 192.168.0.10:3
To test larry using vncviewer, vncviewer 192.168.0.10:1 An authentication box will pop up, and you may enter Larry's VNC password. Once authenticated, a 640x480 window should open using Larry's default window manager. The vncviewer client will connect to port 590X where X is an offset of 1,2,3 for Larry, Moe, and Curly respectively, so these ports must be open in the firewall for the IP addresses or subnets of the clients.

If your local account userid is not, say, larry, you may 'switch user' for purposes of vncviewer thus:

export USER=larry ; vncviewer 192.168.0.10:1

 

Send mail through Telnet

telnet mail.sparkinnovators.com 25
ehlo me
auth login
b64 encoded email address (via this page: http://ostermiller.org/calc/encode.html)
b64 encoded password (via this page: http://ostermiller.org/calc/encode.html)
(I then receive an Authentication succeeded message)
mail from:<email address i used above>
rcpt to:<mbressman@gmail.com>
Data
Subject: this is a test
test123
test456
.
quit

Tuesday, June 18, 2013

How to Fix RPM Installation Failures in WHM- cpanel update

http://docs.cpanel.net/twiki/bin/view/AllDocumentation/InstallationGuide/RPMTroubleshoot

================

check YUM

Check repo's

check wget

check rpm version conflicts .

to list rps

rpm -qa

to erase rpm

rpm -e

CPANEL BACKEND FILES

CPANEL:
/usr/local/cpanel : Cpanel directory
/usr/local/cpanel/3rdparty/ : tools like fantastico, mailman files are located here
/usr/local/cpanel/addons/ : AdvancedGuestBook, phpBB etc
/usr/local/cpanel/base/ : phpmyadmin, squirrelmail, skins, webmail etc
/usr/local/cpanel/bin/ : cpanel binaries
/usr/local/cpanel/cgi-sys/ : cgi files like cgiemail, formmail.cgi, formmail.pl etc
/usr/local/cpanel/logs/ : cpanel access log and error log
/usr/local/cpanel/whostmgr/ : whm related files

WHM related files:

/etc/httpd/conf/httpd.conf apache configuration file
/etc/exim.conf mail server configuration file
/etc/named.conf name server (named) configuration file
/etc/proftpd.conf proftpd server configuration file
/etc/pure-ftpd.conf pure-ftpd server configuration file
/etc/valiases/domainname catchall and forwarders are set here
/etc/vfilters/domainname email filters are set here
/etc/userdomains all domains are listed here – addons, parked,subdomains
along with their usernames
/etc/localdomains exim related file – all domains should be listed here to
be able to send mails
/var/cpanel/users/username cpanel user file
/var/cpanel/cpanel.config cpanel configuration file ( Tweak Settings )*
/etc/sysconfig/network Networking Setup*
/etc/hosts -
/var/spool/exim -
/var/spool/cron -
/etc/resolv.conf Networking Setup–> Resolver Configuration
/etc/nameserverips Networking Setup–> Nameserver IPs
/var/cpanel/resellers For addpkg, etc permissions for resellers.
/etc/chkserv.d Main >> Service Configuration >> Service Manager
/var/run/chkservd Main >> Server Status >> Service Status
/var/log/dcpumon top log process
/root/cpanel3-skel skel directory. Eg: public_ftp, public_html. (Account
Functions–>Skeleton Directory )
/etc/wwwacct.conf account creation defaults file in WHM (Basic cPanel/WHM
Setup)
/etc/cpupdate.conf Update Config
/etc//etc/clamav.conf clamav (antivirus configuration file )
/etc/my.cnf mysql configuration file
/usr/local/Zend/etc/php.ini OR /usr/local/lib/php.ini php configuration file
/etc/ips – ip addresses on the server (except the shared ip) (IP Functions–>Show IP Address Usage )
/etc/ipaddrpool IP Addresses which are free
/etc/ips.dnsmaster name server ips
/var/cpanel/Counters To get the counter of each users.
/var/cpanel/bandwidth To get bandwith usage of domains
/var/cpanel/bandwidth : rrd files of domains
/var/cpanel/username.accts : reseller accounts are listed in this files
/var/cpanel/packages : hosting packages are listed here
/var/cpanel/root.accts : root owned domains are listed here
/var/cpanel/suspended : suspended accounts are listed here
/var/cpanel/users/ : cpanel user file – theme, bwlimit, addon, parked, sub-domains all are listed in this files
/var/cpanel/zonetemplates/ : dns zone template files are taken from here
Common CPanel scripts:
/scripts/addns :add a dns zone
/scripts/addfpmail :Add frontpage mail extensions to all domains without them
/scripts/addfpmail2 : Add frontpage mail extensions to all domains without them
/scripts/addnobodygrp :Adds the gorup nobody and activates security
/scripts/addpop :add a pop account
/scripts/addservlets :Add JSP support to an account (requires )
/scripts/addstatus: Internal use never called by user)
/scripts/adduser : Ad a user to the system
/scripts/bandwidth : Bandwidth
/scripts/betaexim :Installs the latest version of exim
/scripts/biglogcheck :looks for logs nearing 2 gigabytes in size
/scripts/bsdcryptoinstall :Installs crypto on FreeBSD
/scripts/bsdldconfig : Configures the proper lib directories in FreeBSD
/scripts/bsdpkgpingtest :Tests the connection speed for downloading FreeBSD packages
/scripts/buildbsdexpect : Install expect on FreeBSD
/scripts/builddomainaddr : build domain address
/scripts/buildeximconf :Rebuilds exim.conf
/scripts/buildpostgrebsd-dev Installs postgresql on FreeBSD.
/scripts/chcpass change cpanel passwords
/scripts/easyapache recompile/upgrade apache and/or php
/scripts/exim4 reinstall exim and fix permissions
/scripts/fixcommonproblems fixes most common problems
/scripts/fixfrontpageperm fixes permission issues with Front Page
/scripts/fixmailman fixes common mailman issues
/scripts/fixnamed fixes common named issues
/scripts/fixndc fixes rndc errors with named
/scripts/fixquotas fixes quota problems
/scripts/fullhordereset resets horde database to a fresh one – all previous user
data are lost
/scripts/initquotas initializes quotas
/scripts/installzendopt installs zend optimizer
/scripts/killacct terminate an account – make sure you take a backup of the account
first
/scripts/mailperm fixes permission problems with inboxes
/scripts/park to park a domain
/scripts/pkgacct used to backup an account
/scripts/restartsrv restart script for services
/scripts/restorepkg restores an account from a backup file ( pkgacct file)
/scripts/runlogsnow update logs of all users
/scripts/runweblogs update stats for a particular user
/scripts/securetmp secures /tmp partition with options nosuexec and nosuid
/scripts/suspendacct suspends an account
/scripts/unsuspendacct unsuspends a suspended account
/scripts/upcp updates cpanel to the latest version
/scripts/updatenow updates the cpanel scripts
/scripts/updateuserdomains updates userdomain entries

APACHE:
————
/usr/local/apache/bin apache binaries are stored here – httpd, apachectl, apxs
/usr/local/apache/conf configuration files – httpd.conf
/usr/local/apache/cgi-bin
/usr/local/apache/domlogs domain log files are stored here
/usr/local/apache/htdocs
/usr/local/apache/include header files
/usr/local/apache/ libexec shared object (.so) files are stored here -
libphp4.so,mod_rewrite.so
/usr/local/apache/logs apache logs – access_log, error_log, suexec_log
/usr/local/apache/man apache manual pages

Exim:
/etc/exim.conf exim main configuration file
/etc/localdomains list of domains allowed to relay mail
/var/log/exim_mainlog incoming/outgoing mails are logged here
/var/log/exim_rejectlog exim rejected mails are reported here
/var/log/exim_paniclog exim errors are logged here
var/spool/exim/input Mail queue
/scripts/restartsrv_exim Cpanel script to restart exim
/etc/valiases/domainname.com Email forwarders and catchall address file
/etc/vfilters/domainname.com Email filters file
/home/username/etc/domainname/passwd POP user authentication file
/home/username/mail/inbox catchall inbox
/home/username/mail/domainname/popusername/inbox POP user inbox
/home/username/mail/domainname/popusername/spam POP user spambox

ProFTPD:
========
Start /etc/rc.d/init.d/proftpd
Conf /etc/proftpd.conf
Log /var/log/messages, /var/log/xferlog
FTP accounts file /etc/proftpd/username – all ftp accounts for the domain
are listed here

Pure-FTPD:
Start /etc/rc.d/init.d/pure-ftpd
Conf /etc/pure-ftpd.conf
Anonymous ftp document root – /etc/pure-ftpd/ip-address

Mysql:
start /etc/rc.d/init.d/mysql
Conf /etc/my.cnf, /root/.my.cnf
Data directory /var/lib/mysql – Where all databases are stored.
Database naming convention username_dbname (eg: john_sales)
Permissions on databases drwx 2 mysql mysql
Socket file /var/lib/mysql/mysql.sock, /tmp/ mysql.sock
SSH Service
Start /etc/rc.d/init.d/sshd
Conf /etc/ssh/sshd_config
Log /var/log/messages

PHP

ini file /usr/local/lib/php.ini – apache must be restarted after any change to this file
php can be recompiled using /scripts/easyapache
Named(BIND)
Start /etc/rc.d/init.d/named
Conf /etc/named.conf
db records /var/named/
log /var/log/messages

Increasing /tmp partition in cPanel servers

Sometimes we may have to increase the /tmp partition in a cPanel server. cPanel has got an inbuilt script for this and the procedure to do this is as follows:

1) Stop mysql, apache, cpanel, litespeed to prevent using /tmp partition
===
/etc/init.d/mysql stop
/etc/init.d/cpanel stop
/etc/init.d/httpd stop
/etc/init.d/lsws stop
===

Now, move /usr/tmpDSK to a different location(sometimes we may have to prefer this for later)
====
mv /usr/tmpDSK /usr/tmpDSK_back
====

2) Umount /var/tmp and /tmp.

If you find partition busy then do an (lsof | grep /tmp) and kill the process.

Or go a lazy umount as follows:
===
umount -l /tmp
umount -l /var/tmp
====

Modify the following script as below:
===
vi /scripts/securetmp

Look for following line:
----
my $tmpdsksize = 512000; # Must be larger than 250000
----
Increase the value to a desired value and re-run the script:
===
/scripts/securetmp
===
This will recreate /tmp (tmpDSK) partition.

After this restart cpanel,apache and mysql.

Allow SSH only a particular user and IP

Allow SSH only a particular user and IP
In this article I will explain you a SSH security tips, which will allow only a particular user or IP to access the server.

Using "AllowUsers" parameters
======

In the SSH configuration file /etc/ssh/sshd_config ( location of SSH configuration file in centos ), search for the parameter "AllowUsers".

====
AllowUsers root
====

This will allow only allow user root to access the server and prevent the brute force attack on the server, as any user.

You can allow a particular IP using the following setting:
====
AllowUsers root@139.4.5.10
====

Now, this will allow only root to SSH into the server from the IP address 139.4.5.10

Now,lets see how to allow multiple users using this setting:
====
AllowUsers root@139.4.5.10 manoj@139.4.5.11 shawn
====

The above setting will allow root and manoj to SSH from the IP address 139.4.5.10 and 139.4.5.11 respectively. The user "shawn" can SSH into the server from any IP address.

After, setting this you must restart ssh service using the following command:
====
/etc/init.d/sshd restart
====

Using the parameter "AllowGroups"
====
There is also the AllowGroups function. For instance you can set AllowGroups Wheel which will allow only root and any one added into the wheel group for su
===

Cannot lock VE

Cannot lock VE

==========
This issue is related to either virtuzzo or openvz vps server.

If you rebooted the server and none of the nodes come up you can try the following,

# /etc/init.d/vz restart
Virtuozzo is locked [FAILED]
Virtuozzo is locked [FAILED]

Then try to start a single node

# vzctl start 110
Cannot lock VE

Solution : Check the lock folder /vz/lock . Here you can see a lock file

# more /vz/lock/113.lck
27275
starting

Now kill the process in (here 27275) and remove the lock file.

Again start the node with command vzctl start

Command to check load in all the VPS nodes

Command to check load in all the VPS nodes

============


You can check the load in all the VPS nodes from the main server using the following commandfor vps in

`vzlist -1`; do echo "$vps: `vzctl exec2 $vps uptime`";

 done


Enter into VE 101 failed,Unable to open pty: No such file or directory

Enter into VE 101 failed,Unable to open pty: No such file or directory

============
If you are getting the following error, while trying to get into the VPS node,

enter into VE 101 failed Unable to open pty: No such file or directory

Usually, this type of errors occurs when the 'udev' is getting updated.

You can execute the following commands to fix this issue.

vzctl exec 101 /sbin/MAKEDEV ptyp
vzctl exec 101 /dev/MAKEDEV tty
vzctl exec 101 /dev/MAKEDEV pty

FATAL error while starting VPS

FATAL error while starting VPS

=========
Problem:

Error "FATAL: kernel too old" while creating VPS with Fedora Core 5.

Solution:

Fedora Core 5 is compiled to require kernel 2.6.9. Still, it works fine with OpenVZ stable kernel based on 2.6.8. You can solve this problem by using following command:

echo 2.6.9 > /proc/sys/kernel/virt_osrelease

FTP not connecting with VE

FTP not connecting with VE

=========
You need to add rules in the IPtables to enable the FTP port.

Add the following lines in the /etc/sysconfig/iptables

-A VZ_INPUT -p tcp -m tcp --dport 8000:8250 -j ACCEPT
-A VZ_INPUT -p udp -m udp --dport 8000:8250 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 20 -j ACCEPT

service iptables restart

Here the ports 8000, 8250 are the passive ports.

How configure ip table modules for a vps node

How configure ip table modules for a vps node

========

The procedure is given below.

i) You may need to login to the vps host

ii) Add the module entry as follws

Syntax: vzctl set <vid> --iptables <iptable module> --save
example:
[root@vps12 ~]# vzctl set 113 --iptables ip_conntrack_ftp --save

How do I add or remove an IP address to a VPS?

How do I add or remove an IP address to a VPS?
To add IP address 192.168.0.1 to VPS 101 run the following command on the hardware node:

# vzctl set 101 --ipadd 192.168.0.1 --save

To release an IP address from a VPS use the similar command with --ipdel option.
Please, note that it's impossible to add an IP address from inside a VPS.

How do I login into VE without knowing its root password?

How do I login into VE without knowing its root password?

==========

There are many ways for a hardware node owner to login into a VE or execute a command in VE context.

# vzctl exec 101 /bin/ls

will execute '/bin/ls' command inside VE #101.

# vzctl enter 101

will run a shell in VE #101.

If you need to log into VE #101 as root by SSH you can add a user with UID=0 to /vz/root/101/etc/passwd and set a password for this user using

# vzctl exec 101 passwd username

VPS COMMANDS GUIDE

VPS COMMANDS GUIDE

1) vzlist -a : Shows list of all the VPS’s hosted on the Node.
====================
(This is the ID)
CTID NPROC STATUS IP_ADDR HOSTNAME
1 96 running 67.xx.xx.xxx
358 77 running 67.xx.xx.xxx
454 124 running 67.xx.xx.xxx
525 79 running 74.xx.xx.xxx
527 92 running 67.xx.xx.xxx
568 73 running 74.xx.xx.xxx
570 86 running 67.xx.xx.xxx
574 11 running 75.xx.xx.xxx
579 13 running 75.xx.xx.xxx
583 79 running 67.xx.xx.xxx
====================

2) vzctl start ID: To start the VPS.
====================
[root@virtuozzo06 ~]# vzctl start 111
Starting Container …
Container is mounted
Setup slm memory limit
Setup slm subgroup (default)
Setting devperms 20002 dev 0x7d00
Adding port redirection to Container(1): 8443 4643
Adding IP address(es) to pool:
Adding IP address(es):
arpsend: 4 is detected on another computer : 00:1a:30:38:90:00
vz-net_add WARNING: arpsend -c 1 -w 1 -D -e 67.228.31.50 -e 67.228.43.67 -e 67.228.43.78 -e 75.126.196.183 -e 10.10.16.154 eth1 FAILED
Hostname for Container set:
File resolv.conf was modified
Container start in progress…
[root@virtuozzo06 ~]#
====================

3) vzctl stop ID : To stop (Shut Down) the VPS
====================
[root@virtuozzo06 ~]# vzctl stop 111
Stopping Container …
Container was stopped
Container is unmounted
====================

4) vzctl status ID : To view the status of the particular VPS
[root@virtuozzo06 ~]# vzctl status 111
VEID 111 exist mounted running

5) vzctl stop ID –fast : to stop the VPS quickly and forcefully
====================
[root@virtuozzo06 ~]# vzctl status 111
VEID 111 exist mounted running
[root@virtuozzo06 ~]# vzctl stop 111 –fast
Stopping Container …
Container was stopped
Container is unmounted
====================

6) vzctl enter VPS_ID : To enter in a particular VPS
====================
[root@virtuozzo06 ~]# vzctl enter 111
entered into Container 111
-bash-3.00#
====================

Configuration Commands
1) vzctl set ID –hostname vps.domain.com –save : To set the Hostname of a VPS.
2) vzctl set ID –ipadd 1.2.3.4 –save : To add a new IP to the hosting VPS.
3) vzctl set ID –ipdel 1.2.3.4 –save : To delete the IP from VPS.
4) vzctl set ID –userpasswd root:new_password –save : to reset root password of a VPS.
5) vzctl set ID –nameserver 1.2.3.4 –save : To add the nameserver IP’s to the VPS.
6) vzctl exec ID command : To run any command on a VPS from Node.
7) vzyum ID install package_name : To install any package/Software on a VPS from Node.

Apache:No space left on device: Couldn't create accept lock

Apache:No space left on device: Couldn't create accept lock
This is a common issue. Apache fail to start once you try to start and once you check the error logs you will be able to see the following error:

=====
No space left on device: Couldn't create accept lock
=====

First of all, check to make sure that you really aren't out of disk space, or have hit a inode limit.( Use df -h and df -ih)

If both are fine then it means apache is out of semaphores.

What is Semaphore ?
==========
Semaphore can be described as counters used to control access to shared resources by multiple processes. They are most often used as a locking mechanism to prevent processes from accessing a particular resource while another process is performing operations on it.

Think of semaphores as bouncers at a nightclub. There are a dedicated number of people that are allowed in the club at once. If the club is full no one is allowed to enter, but as soon as one person leaves another person might enter.

Fix:
==

You can check this using the following command

#ipcs|grep apache

If you can still see semaphore entries while apache is stop, you will have to remove these semaphore locks. The following script will be handy in that case:

#for i in `ipcs -s | awk '/apache/ {print $2}'`; do (ipcrm -s $i); done

Note:
====
The above script is only for clearing apache semaphores

To clear the shared memory and semaphore pids you can also follow this

for i in `ipcs | awk '{print $2}' | grep -v \[a-zA-Z\]`;do ipcrm -s $i; echo $i; done

php5 and php4 on same server as CGI

php5 and php4 on same server as CGI
Sometimes we may have to run php4 and php5 on the same server. There is procedure to do this in cPanel server, otherwise you may end up in messing up whole server.

Steps:
====
cd /usr/src

wget http://us.php.net/get/php-5.2.11.tar.gz/from/us.php.net/mirror

tar -zxf php-5.2.11.tar.gz
cd php-5.2.11
./configure --prefix=/usr/local/php5 –add_the_remaining_options_from_php4_expect_apxs
make
make install
===

Now, check if binary is installed:

===
/usr/local/php5/bin/php-cgi -v
===

It should show as cgi.

Now add the following lines on top of the httpd.conf file
===
ScriptAlias /php5/ /usr/local/php5/bin/
Action application/x-httpd-php5 /php5/php-cgi
<Directory "/usr/local/php5/bin/">
Allow from all
</Directory>
===

Save httpd.conf file and restart apache.

Open a .htaccess file inside the folder where you need php5 and add the following code to it. Make sure .htaccess support is enabled in your apache configuration.

===
AddHandler application/x-httpd-php5 .php
===

Make a phpinfo.php file in this directory and see what is shows when taken in browser. It should be php5.

See what it shows when the .htaccess line is commented. It should be php4 then.

Compiling custom php to the server and adding it to cpanel suphp

Compiling custom php to the server and adding it to cpanel suphp
To know the current settings in the server, use the following command:
===
/usr/local/cpanel/bin/rebuild_phpconf --current
====
Download the latest version of php. As of now the latest version of php is php-5.3.8.

====
cd /usr/src
wget http://us.php.net/get/php-5.3.8.tar.gz/from/this/mirror
tar -zvxf php-5.3.8.tar.gz
cd php-5.3.8
====

Collect the configuration options from the remote server and configure it using those options on the new server. Make sure the prefix is set as /usr/local/php-5.3.8 and the existing prefix option is removed from the compiling options. Also, make sure to check whether cgi is enabled in the configure options

./configure --prefix=/usr/local/php-5.3.8 --enable-cgi --other-options

make
make install
/usr/local/php-5.3.8/bin/php -v

The version will be shown by the php binary.

Adding new php binary to suphp: Add the line in the suphp.conf file to include the newly compiled php binary to suphp

vi /opt/suphp/etc/suphp.conf
[handlers]
application/x-httpd-php5.3="php:/usr/local/php-5.3.8/bin/php-cgi"

Add the following lines in the file /usr/local/apache/conf/includes/pre_main_2.conf if only the domain with the username "username" needs custom php.

<Directory "/usr/local/php-5.3.8/bin">
Allow from All
</Directory>
<Directory /home/username/public_html>
suPHP_AddHandler application/x-httpd-php5.3
AddType application/x-httpd-php5.3 .php
</Directory>

Restart apache if there is no error

/etc/rc.d/init.d/httpd configtest
/etc/rc.d/init.d/httpd restart

Note: confirm that the php.ini file is present in /usr/local/php-5.3.8/lib directory.Also check if the extension_dir in php.ini for 5.3 is the correct path. That is, /usr/local/php-5.3.8/lib/php/extensions/no-debug-non-zts-20090626.

If the new php should be set as global php, then edit the file /usr/local/apache/conf/php.conf as follows.

<Directory "/usr/local/php-5.3.8/bin">
Allow from All
</Directory>
<Directory />
suPHP_AddHandler application/x-httpd-php5.3
AddType application/x-httpd-php5.3 .php
</Directory>

Restart apache if there is no error

/etc/rc.d/init.d/httpd configtest
/etc/rc.d/init.d/httpd restart

Compiling custom php for a domain in the Apache mod fcgid environment

Compiling custom php for a domain in the Apache mod fcgid environment

See if the server has got mod_fcgid installed. You can verify this by checking the following line in the file /usr/local/apache/conf/php.conf

FCGIWrapper /usr/local/cpanel/cgi-sys/php5 .php

If it is enabled, to create a custom php for a domain follow the steps below.

Download the latest version of php. As of now the latest version of php is php-5.3.8.

cd /usr/src
wget http://us.php.net/get/php-5.3.8.tar.gz/from/this/mirror
tar -zvxf php-5.3.8.tar.gz
cd php-5.3.8

Collect the configuration options from the remote server and configure it using those options on the new server. Make sure the prefix is set as /usr/local/php-5.3.8 and the existing prefix option is removed from the compiling options.

./configure --prefix=/usr/local/php-5.3.8 --other-options
make
make install

Now,check the binaries using the following command:

/usr/local/php-5.3/bin/php-cgi -v
=====
PHP 5.3.8 (cgi-fcgi) (built: Jan 12 2012 01:33:10)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
with the ionCube PHP Loader v4.0.12, Copyright (c) 2002-2011, by ionCube Ltd.
=====
Once the php binary has been created, copy it to the home directory of the user. This is to be done as the apache server will be having suexec enabled. In this case if we are going to execute a binary fro inside a VH entry, it needs to have the user permission.

Eg: To enable custom php for the user "manoj" (manoj.com)

cp /usr/local/php-5.3/bin/php-cgi /home/manoj/php-cgi
chown manoj:manoj /home/manoj/php-cgi

We need to specify this binary in the apache Virtual Host.
====
vi /usr/local/apache/conf/httpd.conf
====

go to the Virtualhost section of domain manoj.com, you can see the following line. For any VH entry modification, you need to create a config file in the path and add it there. The directory itself may be absent.
====
Include "/usr/local/apache/conf/userdata/std/2/manoj/manoj.com/*.conf"
===
Create a custom config file

mkdir -p /usr/local/apache/conf/userdata/std/2/manoj/manoj.com/
touch /usr/local/apache/conf/userdata/std/2/manoj/manoj.com/custom_php.conf

Add the following line to custom_php.conf
====
FCGIWrapper /home/manoj/php-cgi .php
====

HSPHERE BACKEND FILES

 



Location of domains – /hsphere/local/home//
Qmail – /hsphere/local/var/qmail(A symbolic link given to /var/qmail)
Mails – /hsphere/local/var/vpopmail/domains
DNS – /hsphere/local/var/named
MySQL – /var/lib/mysql
Control Panel features – /hsphere/local/home/cpanel
Scripts in hsphere – /hsphere/shared/scripts/
Configuration files


Common path is /hsphere/local/config
Control panel – /hsphere/local/home/cpanel/shiva/psoft_config/hsphere.properties
FTP – /hsphere/local/config/ftpd/proftpd.conf
HTTP – /hsphere/local/config/httpd/httpd.conf
Mysql – /etc/my.cnf
Qmail – /hsphere/local/var/qmail/control/
DNS – /etc/named.conf
php.ini – /hsphere/local/config/httpd/php.ini OR /usr/local/lib/php.ini

Log files

FTP – /hsphere/local/var/proftpd/xferlog OR /var/log/proftpd/auth.log
HTTP – /hsphere/local/var/httpd/logs/
MySQL – /var/log/mysqld.log
Horde – /hsphere/local/var/horde/log
Mail – /var/log/maillog
DNS – /var/log/messages
HSphere – /var/log/hsphere/hsphere.log

Safe restart of SSH port to 22 via WHM

Safe restart of SSH port to 22 via WHM
If you come across a situation such that you are unable to connect to a cPanel server over SSH:

Reasons:

====
1) because of a forgotten custom SSH port. ( Other than port 22)
2) restarted sshd service after making any wrong changes in sshd_config file
====

Don't get panic, follow the steps below:

Step1: Log in to WHM as root and browse to the following URL.
===
http://x.x.x.x:2086/scripts2/autofixer (Replace x.x.x.x with the server IP address)

http://serverip:2086/scripts2/doautofixer?autofix=safesshrestart
===

Now, you will get into an AutoFixer window.

Enter "safesshrestart" in the given field and click Submit.

It will kill all running sshd processes and start a new one listening on the default 22 port using the configuration file at /var/cpanel/safe_sshd.

Now, connect to the server over SSH via port 22 and restart sshd service. You should now be able to connect to the regular ssh service running on your custom port if set any.

More information about autofixers can be found in http://httpupdate.cpanel.net/autofixer/

PHP compilation errors & Fix

configure: error: mcrypt.h not found. Please reinstall libmcrypt.

Fix:-
#yum install libmcrypt libmcrypt-devel

configure: error: xslt-config not found. Please reinstall the libxslt >= 1.1.0 distribution

Fix:-
#yum install libxslt-devel

configure: error: Cannot find libmysqlclient under /usr.
Note that the MySQL client library is not bundled anymore!

Fix:-
#ln -s /usr/lib64/libmysqlclient.so /usr/lib/libmysqlclient.so
#ln -s /usr/lib64/libmysqlclient.so /usr/local/libmysqlclient.so

gcc: /usr/lib/mysql/libmysqlclient.so: No such file or directory

Fix:-
#ln -s /usr/lib64/libmysqlclient.so /usr/lib64/mysql/libmysqlclient.so

checking for BZip2 in default path… not found
configure: error: Please reinstall the BZip2 distribution
Fix:
#yum install bzip2-devel

checking for cURL in default path… not found
configure: error: Please reinstall the libcurl distribution -
easy.h should be in <curl-dir>/include/curl/

Fix:
yum install curl-devel

checking for png_write_image in -lpng… yes
If configure fails try –with-xpm-dir=<DIR>
configure: error: freetype.h not found.

Fix:

Reconfigure your PHP with the option.
–with-xpm-dir=/usr

checking for jpeg_read_header in -ljpeg… yes
configure: error: png.h not found.

Fix:
yum install libpng-devel

configure: error: Unable to locate gmp.h

Fix:
yum install gmp-devel

configure: error: utf8_mime2text() has new signature, but U8T_CANONICAL is missing. This should not happen. Check config.log for additional information.

Fix:
yum install libc-client-devel

checking for pg_config… not found
configure: error: Cannot find libpq-fe.h. Please specify correct PostgreSQL installation path

Fix:
yum install postgresql-devel

checking for sqlite3 files in default path… not found
configure: error: Please reinstall the sqlite3 distribution

Fix:
yum install sqlite-devel

checking for PCRE headers location… configure: error: Could not find pcre.h in /usr

Fix:
yum install pcre-devel

configure: error: xslt-config not found. Please reinstall the libxslt >= 1.1.0 distribution

Fix:
yum install libxslt-devel

configure: error: SNMP sanity check failed. Please check config.log for more information.

Fix:
yum install net-snmp-devel

configure: error: Unable to detect ICU prefix or no failed. Please verify ICU install prefix and make sure icu-config works.

FiX:
yum install libicu-devel

configure: error: Cannot find libpq-fe.h. Please specify correct PostgreSQL installation path

Fix:
yum install postgresql-devel

checking for location of ICU headers and libraries... not found
configure: error: Unable to detect ICU prefix or no failed. Please verify ICU install prefix and make sure icu-config works.

fix install package libicu and libicu-devel.

configure: error: Please reinstall the BZip2 distribution
Fehlende Bibliothek: libbz2

1
apt-get install libbz2-dev
configure: error: Please reinstall the libcurl distribution - easy.h should be in <curl-dir>/include/curl/
Fehlende Bibliothek: libcurl

1
apt-get install libcurl3-dev

Debian Lenny:
1
libcurl4-openssl-dev

configure: error: Cannot find MySQL header files under yes.
Fehlende Bibliothek: libmysql

1
apt-get install libmysqlclient15-dev

configure: error: DBA: Could not find necessary header file(s)
Fehlende Bibliothek: libgdbm

1
apt-get install libgdbm-dev

configure: error: libjpeg.(a|so) not found
Fehlende Bibliothek: libjpeg

1
apt-get install libjpeg62 libjpeg62-dev

configure: error: libpng.(a|so) not found
Fehlende Bibliothek: libpng

1
apt-get install libpng12-0 libpng12-dev

configure: error: xml2-config not found. Please check your libxml2 installation.
Fehlende Bibliothek: libxml2

1
apt-get install libxml2 libxml2-dev

configure: error: mcrypt.h not found. Please reinstall libmcrypt.
Fehlende Bibliothek: libmcrypt

1
apt-get install libmcrypt4 libmcrypt-dev

configure: error: Please reinstall libmhash - I cannot find mhash.h
Fehlende Bibliothek: libmhash

1
apt-get install libmhash2 libmhash-dev

configure: error: Please reinstall readline - I cannot find readline.h
Fehlende Bibliothek: libreadline

1
apt-get install libreadline5-dev

configure: error: cannot find mm library
Fehlende Bibliothek: libmm

1
apt-get install libmm-dev libmm14

configure: error: Cannot find libtidy
Fehlende Bibliothek: libtidy

1
apt-get install libtidy-dev libtidy-0.99-0

configure: error: xslt-config not found. Please reinstall the libxslt >= 1.1.0 distribution
Fehlende Bibliothek: libxslt

1
apt-get install libxslt1-dev libxslt1.1

1) Configure: error: xml2-config not found. Please check your libxml2 installation.

Solutions :
#yum install libxml2-devel
2) Checking for pkg-config... /usr/bin/pkg-config
configure: error: Cannot find OpenSSL's <evp.h>

Solutions :
#yum install openssl-devel
3) Configure: error: Please reinstall the BZip2 distribution

Solutions :
# yum install bzip2-devel
4) Configure: error: Please reinstall the libcurl distribution -
easy.h should be in <curl-dir>/include/curl/

Solutions :
# yum install curl-devel
5) Configure: error: libjpeg.(also) not found.

Solutions :
# yum install libjpeg-devel
6) Configure: error: libpng.(also) not found.

Solutions :
# yum install libpng-devel
7) Configure: error: freetype.h not found.
Solutions :
#yum install freetype-devel
8) Configure: error: Unable to locate gmp.h

Solutions :
# yum install gmp-devel
9) Configure: error: Cannot find MySQL header files under /usr.
Note that the MySQL client library is not bundled anymore!

Solutions :
# yum install mysql-devel
10) Configure: error: Please reinstall the ncurses distribution

Solutions :
# yum install ncurses-devel
11) Checking for unixODBC support... configure: error: ODBC header file '/usr/include/sqlext.h' not found!

Solutions :
# yum install unixODBC-devel
12) Configure: error: Cannot find pspell

Solutions :
# yum install pspell-devel
13) Configure: error: snmp.h not found. Check your SNMP installation.

Solutions :
# yum install net-snmp-devel
If you have any doubts or face any errors, please feel free to approach me with your queries..
Last edited by AlexP; 02-10-2008 at 23:14. Reason: typo

Sunday, June 16, 2013

Iptables- Rules

1) This will let you view the rules one page at a time. You can use “q” to quit.

=========

# iptables -L -n | less

=========

2) To block an IP Address:

=========

# iptables -A INPUT -s 123.123.123.123 -j DROP

then above would suffice. Follow it up with:

# service iptables save
# service iptables restart

=========

3) How to check if an IP Address is blocked:

=========

# iptables -L INPUT -v -n | grep ‘IP address’

=========

4) You can also check the list of blocked IP addresses by:

=========

# iptables -L INPUT -v -n

=========

5) If you want, you can store the data into a file and check it up later or email it to yourself:

=========

# iptables -L INPUT -v -n > nameoffile

This will create a file called nameoffile which will store the list of all blocked IP addresses on your server.

=========

6) How to unblock an IP Address:

So, if the IP address to be unblocked is 123.123.123.123:

=========

# iptables -D INPUT -s 123.123.123.123 -j DROP

The above would suffice. Follow it up with:

# service iptables save

# service iptables restart

=========

7) To see your current rules in iptables (IPv4), enter:

=========

$ sudo iptables -L

=========

8) How Do I Disable (flush) IPv4 Firewall

If you need to disable the firewall, you can flush all the rules using the following command:

=========

$ sudo iptables -F

=========
# 1. Delete all existing rules
iptables -F

# 2. Set default chain policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

# 3. Block a specific ip-address
#BLOCK_THIS_IP="x.x.x.x"
#iptables -A INPUT -s "$BLOCK_THIS_IP" -j DROP

# 4. Allow ALL incoming SSH
#iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

# 5. Allow incoming SSH only from a sepcific network
#iptables -A INPUT -i eth0 -p tcp -s 192.168.200.0/24 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

# 6. Allow incoming HTTP
#iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

# Allow incoming HTTPS
#iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT

# 7. MultiPorts (Allow incoming SSH, HTTP, and HTTPS)
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 22,80,443 -m state --state ESTABLISHED -j ACCEPT

# 8. Allow outgoing SSH
iptables -A OUTPUT -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

# 9. Allow outgoing SSH only to a specific network
#iptables -A OUTPUT -o eth0 -p tcp -d 192.168.101.0/24 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

# 10. Allow outgoing HTTPS
iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT

# 11. Load balance incoming HTTPS traffic
#iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 0 -j DNAT --to-destination 192.168.1.101:443
#iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 1 -j DNAT --to-destination 192.168.1.102:443
#iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 2 -j DNAT --to-destination 192.168.1.103:443

# 12. Ping from inside to outside
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT

# 13. Ping from outside to inside
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

# 14. Allow loopback access
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# 15. Allow packets from internal network to reach external network.
# if eth1 is connected to external network (internet)
# if eth0 is connected to internal network (192.168.1.x)
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

# 16. Allow outbound DNS
#iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT
#iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT

# 17. Allow NIS Connections
# rpcinfo -p | grep ypbind ; This port is 853 and 850
#iptables -A INPUT -p tcp --dport 111 -j ACCEPT
#iptables -A INPUT -p udp --dport 111 -j ACCEPT
#iptables -A INPUT -p tcp --dport 853 -j ACCEPT
#iptables -A INPUT -p udp --dport 853 -j ACCEPT
#iptables -A INPUT -p tcp --dport 850 -j ACCEPT
#iptables -A INPUT -p udp --dport 850 -j ACCEPT

# 18. Allow rsync from a specific network
iptables -A INPUT -i eth0 -p tcp -s 192.168.101.0/24 --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 873 -m state --state ESTABLISHED -j ACCEPT

# 19. Allow MySQL connection only from a specific network
iptables -A INPUT -i eth0 -p tcp -s 192.168.200.0/24 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT

# 20. Allow Sendmail or Postfix
iptables -A INPUT -i eth0 -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT

# 21. Allow IMAP and IMAPS
iptables -A INPUT -i eth0 -p tcp --dport 143 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 143 -m state --state ESTABLISHED -j ACCEPT

iptables -A INPUT -i eth0 -p tcp --dport 993 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 993 -m state --state ESTABLISHED -j ACCEPT

# 22. Allow POP3 and POP3S
iptables -A INPUT -i eth0 -p tcp --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 110 -m state --state ESTABLISHED -j ACCEPT

iptables -A INPUT -i eth0 -p tcp --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 995 -m state --state ESTABLISHED -j ACCEPT

# 23. Prevent DoS attack
iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT

# 24. Port forwarding 422 to 22
iptables -t nat -A PREROUTING -p tcp -d 192.168.102.37 --dport 422 -j DNAT --to 192.168.102.37:22
iptables -A INPUT -i eth0 -p tcp --dport 422 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 422 -m state --state ESTABLISHED -j ACCEPT

# 25. Log dropped packets
iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7
iptables -A LOGGING -j DROP

 

Friday, June 14, 2013

remove the .html / .php extension from the URL’S ?

If you want to remove the .html extension from URL’s then just add the below code in the .htaccess file :
======================
Options +FollowSymLinks
Options +Indexes
RewriteEngine on
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^([^\.]+)$ $index.html [NC,L]
======================

If you want to remove the .php extension from URL’s then just add the below code in the .htaccess file :
======================
Options +FollowSymLinks
Options +Indexes
RewriteEngine on
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^([^\.]+)$ $index.php [NC,L]
======================

enable Mysql 3306 port for a particular IP and deny for all

f you want to disable the Mysql Access for all IPs except your ip then follow the below steps :
root@server[#] vi /etc/csf/csf.conf

Then search for the line :
# Allow incoming TCP ports
and the remove the port : 3306

and also search for the line :

# Allow outgoing TCP ports
and remove the port : 3306

Save and Quit.

then open the csf.allow file
root@server[#] vi /etc/csf/csf.allow
and add the entry as :

tcp:in:d=3306:s=10.10.10.10

And then restart the CSF service
root@server[#] csf -r

Wednesday, June 12, 2013

custom modules to php with custombuild DirectAdmin

custom modules to php with custombuild
If you want to add any extra modules to php, they'll most likely need to be compiled in. Any module that needs to be compiled in will have a --with-module type flag which will need to be used. To add this flag, run the following:
cd /usr/local/directadmin/custombuild
mkdir -p custom/ap2
cp -fp configure/ap2/configure.php5 custom/ap2/configure.php5

Add your --with-module line to the end of the custom/ap2/configure.php5 file, and make sure the \ character exists at the end of all lines except the last one. The \ character tells the line configure line to loop to the next line, making the configure settings easier to read. Without the \ character to trigger the wrap, the next line becomes a separate command, which is not correct. (see error below). Once set, type:
./build php n

change configure.php5 to configure.php4 if you're using php4.
If you're using suphp, the paths would be configure/suphp/configure.php5 and custom/suphp/configure.php5.

Restart apache:

RedHat:
/sbin/service httpd restart
FreeBSD:
/usr/local/etc/rc.d/httpd restart
Please keep in mind that any changes to your stock DirectAdmin setup are beyond our techinal support, and you do so at your own risk.

To confirm that you're actually editing the correct configure file, type the following to see which configure files the custombuild script is using:
./build used_configs

A common error people run into looks like this:
/usr/local/directadmin/custombuild/custom/ap2/configure.php5: line 32: --with-module: command not found

which simply means that the \ character was not correctly added on the line before --with-module.

install ImageMagick PHP extension on DirectAdmin based servers

How to install ImageMagick PHP extension on DirectAdmin based servers
Last updated on October 1, 2012 under Dedicated Server, DirectAdmin, Linux, PHP , by Max Chai
Note: This is for DirectAdmin servers only, below are the commands to install the extension:

wget http://pecl.php.net/get/imagick-2.3.0.tgz
tar -zxf imagick-2.3.0.tgz
cd imagick-2.3.0
phpize
./configure —with-imagick=/usr/local
make
make install
In case you get this error when trying to perform the installation steps shown earlier:

configure: error: not found. Please provide a path to MagickWand-config or
Wand-config program.
Install ImageMagick-devel package and try again: (Not necessary if you do not get the error message)

yum install ImageMagick-devel
Once the above steps are done, edit the file below:

vi /usr/local/DirectAdmin/custombuild/configure/ap2/configure.php5
Add this line and save changes:

--with-imagick=/usr/local
Finally, recompile PHP with DirectAdmin’s custombuild:

cd /usr/local/DirectAdmin/custombuild
./build php n

HOW TO ENABLE PHP SOAP, INTL AND XMLRPC IN DIRECTADMIN

cd /usr/local/directadmin/custombuild
./build set php5_ver 5.3
./build update
./build php n
ok, once the compilation of PHP completed I verified the PHP version by running ‘php -v‘ and proceeded with enabling the PHP-SOAP, PHP-INTL and PHP-XMLRPC in the DirectAdmin’s custombuild PHP configure script by first navigating over to the ‘custombuild‘ directory and then creating a custom ‘configure‘ script because otherwise the default one will be overwritten when running ‘./build update‘ so:

cd /usr/local/directadmin/custombuild
mkdir -p custom/ap2
cp -pf configure/ap2/configure.php5 custom/ap2/configure.php5
vim custom/ap2/configure.php5
and appended the following three lines (mbstring was already there):

...
--enable-mbstring \
--enable-soap \
--enable-intl \
--with-xmlrpc \
followed by:

./build php n
I then faced an error like this:

checking for location of ICU headers and libraries... not found
configure: error: Unable to detect ICU prefix or no failed. Please verify ICU install prefix and make sure icu-config works.
cool, installed ‘libicu-devel‘:

yum install libicu-devel
and tried to build PHP again using:

./build php n
that recompiled the PHP with the required extensions and moodle also detected them as OK so the final thing I needed to complete was to upgrade the MySQL version to 5.1 by executing:

cd /usr/local/directadmin/custombuild
./build set mysql 5.1
./build set mysql_inst yes
./build set mysql_backup yes
./build update
./build mysql
once the MySQL upgrade completed I needed to recompile PHP as recommended by DirectAdmin by simply doing:

cd /usr/local/directadmin/custombuild
./build php n
that’s it as far as this thing goes out…

openvz--OS--template

http://openvz.org/Download/template/precreated

Country Codes required for CC_DENY/ALLOW in CSF Firewall



To block or allow website access to certain countries, following country codes are used in the CC_DENY or CC_ALLOW option in CSf Firewall.


AD Andorra
AE United Arab Emirates
AF Afghanistan
AG Antigua and Barbuda
AI Anguilla
AL Albania
AM Armenia
AN Netherlands Antilles
AO Angola
AQ Antarctica
AR Argentina
AS American Samoa
AT Austria
AU Australia
AW Aruba
AZ Azerbaijan
BA Bosnia and Herzegovina
BB Barbados
BD Bangladesh
BE Belgium
BF Burkina Faso
BG Bulgaria
BH Bahrain
BI Burundi
BJ Benin
BM Bermuda
BN Brunei Darussalam
BO Bolivia
BR Brazil
BS Bahamas
BT Bhutan
BV Bouvet Island
BW Botswana
BY Belarus
BZ Belize
CA Canada
CC Cocos (Keeling) Islands
CF Central African Republic
CG Congo
CH Switzerland
CI Cote D'Ivoire (Ivory Coast)
CK Cook Islands
CL Chile
CM Cameroon
CN China
CO Colombia
CR Costa Rica
CS Czechoslovakia (former)
CU Cuba
CV Cape Verde
CX Christmas Island
CY Cyprus
CZ Czech Republic
DE Germany
DJ Djibouti
DK Denmark
DM Dominica
DO Dominican Republic
DZ Algeria
EC Ecuador
EE Estonia
EG Egypt
EH Western Sahara
ER Eritrea
ES Spain
ET Ethiopia
FI Finland
FJ Fiji
FK Falkland Islands (Malvinas)
FM Micronesia
FO Faroe Islands
FR France
FX France, Metropolitan
GA Gabon
GB Great Britain (UK)
GD Grenada
GE Georgia
GF French Guiana
GH Ghana
GI Gibraltar
GL Greenland
GM Gambia
GN Guinea
GP Guadeloupe
GQ Equatorial Guinea
GR Greece
GS S. Georgia and S. Sandwich Isls.
GT Guatemala
GU Guam
GW Guinea-Bissau
GY Guyana
HK Hong Kong
HM Heard and McDonald Islands
HN Honduras
HR Croatia (Hrvatska)
HT Haiti
HU Hungary
ID Indonesia
IE Ireland
IL Israel
IN India
IO British Indian Ocean Territory
IQ Iraq
IR Iran
IS Iceland
IT Italy
JM Jamaica
JO Jordan
JP Japan
KE Kenya
KG Kyrgyzstan
KH Cambodia
KI Kiribati
KM Comoros
KN Saint Kitts and Nevis
KP Korea (North)
KR Korea (South)
KW Kuwait
KY Cayman Islands
KZ Kazakhstan
LA Laos
LB Lebanon
LC Saint Lucia
LI Liechtenstein
LK Sri Lanka
LR Liberia
LS Lesotho
LT Lithuania
LU Luxembourg
LV Latvia
LY Libya
MA Morocco
MC Monaco
MD Moldova
MG Madagascar
MH Marshall Islands
MK Macedonia
ML Mali
MM Myanmar
MN Mongolia
MO Macau
MP Northern Mariana Islands
MQ Martinique
MR Mauritania
MS Montserrat
MT Malta
MU Mauritius
MV Maldives
MW Malawi
MX Mexico
MY Malaysia
MZ Mozambique
NA Namibia
NC New Caledonia
NE Niger
NF Norfolk Island
NG Nigeria
NI Nicaragua
NL Netherlands
NO Norway
NP Nepal
NR Nauru
NT Neutral Zone
NU Niue
NZ New Zealand (Aotearoa)
OM Oman
PA Panama
PE Peru
PF French Polynesia
PG Papua New Guinea
PH Philippines
PK Pakistan
PL Poland
PM St. Pierre and Miquelon
PN Pitcairn
PR Puerto Rico
PT Portugal
PW Palau
PY Paraguay
QA Qatar
RE Reunion
RO Romania
RU Russian Federation
RW Rwanda
SA Saudi Arabia
Sb Solomon Islands
SC Seychelles
SD Sudan
SE Sweden
SG Singapore
SH St. Helena
SI Slovenia
SJ Svalbard and Jan Mayen Islands
SK Slovak Republic
SL Sierra Leone
SM San Marino
SN Senegal
SO Somalia
SR Suriname
ST Sao Tome and Principe
SU USSR (former)
SV El Salvador
SY Syria
SZ Swaziland
TC Turks and Caicos Islands
TD Chad
TF French Southern Territories
TG Togo
TH Thailand
TJ Tajikistan
TK Tokelau
TM Turkmenistan
TN Tunisia
TO Tonga
TP East Timor
TR Turkey
TT Trinidad and Tobago
TV Tuvalu
TW Taiwan
TZ Tanzania
UA Ukraine
UG Uganda
UK United Kingdom
UM US Minor Outlying Islands
US United States
UY Uruguay
UZ Uzbekistan
VA Vatican City State (Holy See)
VC Saint Vincent and the Grenadines
VE Venezuela
VG Virgin Islands (British)
VI Virgin Islands (U.S.)
VN Viet Nam
VU Vanuatu
WF Wallis and Futuna Islands
WS Samoa
YE Yemen
YT Mayotte
YU Yugoslavia
ZA South Africa
ZM Zambia
ZR Zaire
ZW Zimbabwe
COM US Commercial
EDU US Educational
GOV US Government
INT International
MIL US Military
NET Network
ORG Non-Profit Organization
ARPA Old style Arpanet
NATO Nato field


Saturday, June 8, 2013

phpMyAdmin - To Show BLOB fields as text?

BLOB is a binary large object that can hold a variable amount of data.

phpMyAdmin has an "+option" link on top of each result set. Click it, and you will see the option to display blob contents.

some phpMyAdmin versions have a bug where the "+option" link does not show up on the first load of the results, you need to click [ Refresh ] to make it appear.

Thursday, June 6, 2013

ConfigServer Services

ConfigServer Firewall
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
ConfigServer Explorer (cse)
rm -fv cse.tgz
wget http://www.configserver.com/free/cse.tgz
tar -xzf cse.tgz
cd cse
sh install.sh
cd ..
rm -Rfv cse/ cse.tgz
ConfigServer Mail Manage
wget http://configserver.com/free/cmm.tgz
tar -xzf cmm.tgz
cd cmm/
sh install.sh
cd ..

ConfigServer Mail Queues
wget http://www.configserver.com/free/cmq.tgz
tar -xzf cmq.tgz
cd cmq/
sh install.sh

ConfigServer Explorer

wget http://www.configserver.com/free/cse.tgz
tar -xzf cse.tgz
cd cse/
sh install.sh

Mod Security Rules and CSF Blocking Googlebot Firewall

Mod Security Rules to allow google bots
#Allow googlebots
SecRule REMOTE_HOST googlebot.com$ allow,pass

#Add this to your config. The right way to identify Google bot is it's User-Agent.
SecRule REQUEST_HEADERS:User-Agent "Googlebot" phase:1,nolog,allow,ctl:ruleEngine=off

# GoogleBot by user-agent…
SecRule HTTP_USER_AGENT “Google” nolog,allow
SecRule HTTP_USER_AGENT “Googlebot” nolog,allow
SecRule HTTP_USER_AGENT “GoogleBot” nolog,allow
SecRule HTTP_USER_AGENT “googlebot” nolog,allow
SecRule HTTP_USER_AGENT “Googlebot-Image” nolog,allow
##
SecRule HTTP_USER_AGENT “AdsBot-Google” nolog,allow
SecRule HTTP_USER_AGENT “Googlebot-Image/1.0″ nolog,allow
SecRule HTTP_USER_AGENT “Googlebot/2.1″ nolog,allow
SecRule HTTP_USER_AGENT “Googlebot/Test” nolog,allow
SecRule HTTP_USER_AGENT “Mediapartners-Google/2.1″ nolog,allow
SecRule HTTP_USER_AGENT “Mediapartners-Google*” nolog,allow
SecRule HTTP_USER_AGENT “msnbot” nolog,allow
If you are using CSF, you can add .googlebot.com to "/etc/csf/csf.rignore"

.googlebot.com

Saturday, June 1, 2013

Disallowing php.ini override in suPHP

ts very simple to enable this function in server using suPHP. Just by enabling phprc_paths in /opt/suphp/etc/suphp.conf will do the work for you. See the steps below:

vi /opt/suphp/etc/suphp.conf

Find the code below and press I to insert text.
[phprc_paths]
;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.
;application/x-httpd-php=/usr/local/lib/
;application/x-httpd-php4=/usr/local/php4/lib/
;application/x-httpd-php5=/usr/local/lib/

Remove (;) from the last three lines ie.
application/x-httpd-php=/usr/local/lib/
application/x-httpd-php4=/usr/local/php4/lib/
application/x-httpd-php5=/usr/local/lib/

Now press ESCAPE button and enter :wq to save the file.

Restart Apache
/sbin/service httpd restart

Now Users wont be able to override your default php.ini file.