Tuesday, July 30, 2013

Nagios Configuration

Following steps will take place when Nagios (installed on Nagios server) monitors a service (eg: server load) on the remote host

1) Nagios will execute check_nrpe command on nagios-server and will request it to monitor disk usage on remote host using check_load command.
2) The check_nrpe on the nagios-server will contact the NRPE daemon on remote host and will request it to execute the check_load on remote host.
3) The results of the check_load command will be returned back by NRPE daemon to the check_nrpe on nagios-server.

Nagios Server (check_nrpe) ~~> Remote host (NRPE deamon) ~~> check_load

Nagios Server (check_nrpe) <~~ Remote host (NRPE deamon) <~~ check_load (returns the server load)

Before we begin, we need to install some packages on the remote host for Nagios to work fine.

# yum install elinks gcc make gcc-c++
# yum -y install openssl-devel
# useradd nagios
# passwd nagios
# cd /usr/src/

Then install Nagios plugin and NRPE on remote host.

Install Plug-in
# wget http://sourceforge.net/projects/nagiosplug/files/nagiosplug/1.4.15/nagios-plugins-1.4.15.tar.gz/download
# tar -zxvf nagios-plugins-1.4.15.tar.gz && cd nagios-plugins-1.4.15
# ./configure --with-nagios-user=nagios --with-nagios-group=nagios
# make
# make install
# chown nagios:nagios /usr/local/nagios
# chown -R nagios:nagios /usr/local/nagios/libexec
# cd ..

Install NRPE
#wget http://sourceforge.net/projects/nagios/files/nrpe-2.x/nrpe-2.12/nrpe-2.12.tar.gz/download
# tar -zxvf nrpe-2.12.tar.gz && cd nrpe-2.12
# ./configure
# make all
# make install-plugin
# make install-daemon
# make install-daemon-config
# make install-xinetd
Edit Xinetd NRPE entry
# vi /etc/xinetd.d/nrpe
only_from = 127.0.0.1 Server-IP (nagios monitoring server ip-address is: )
:wq (save and exit)

Edit services file entry
# vi /etc/services
nrpe 5666/tcp # Entry for NRPE daemon
:wq (save and exit)

Restart xinetd
# service xinetd restart

Verify whether NRPE is listening
# netstat -at |grep nrpe # output -: tcp 0 0 *:nrpe *.* LISTEN
Verify to make sure the NRPE is functioning properly
# /usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.12

Configuring Nagios monitoring server to monitor the remote host

# cd /usr/src
# wget http://sourceforge.net/projects/nagios/files/nrpe-2.x/nrpe-2.12/nrpe-2.12.tar.gz/download
# tar -zxvf nrpe-2.12.tar.gz && cd nrpe-2.12
# yum -y install openssl-devel
# yum install perl
# ./configure
# make all
# make install-plugin

Create a command definition
# vi /home/nagios/public_html/etc/objects/commands.cfg
Add the following:

# NRPE CHECK COMMAND
# Command to use NRPE to check remote host systems
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}

Create configuration file for remote host
# cp –prf /home/nagios/www/etc/objects/ localhost.cfg /home/nagios/www/etc/objects/remotehost.cfg
# vi /home/nagios/www/etc/objects/remotehost.cfg
Replace the values “host_name” “alias” “address” with the values that match your setup:

** The “host_name” you set for the “define_host” section must match the “host_name” in the “define_service” section **

# Define a host for the remote machine
define host{
use linux-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name alpha235
alias alpha235
address 62.75.215.12
}
# SERVICE DEFINITIONS
# Define a service to "ping" the local machine

define service{
use generic-service ; Name of service template to use
host_name alpha235
service_description PING
check_command check_ping!100.0,20%!500.0,60%
}

# Define a service to check the disk space of the root partition.

define service{
use generic-service ; Name of service template to use
host_name alpha235
service_description Root Partition
check_command check_nrpe!check_disk
}

# Define a service to check the number of currently logged in users on the remotehost.

define service{
use generic-service ; Name of service template to use
host_name alpha235
service_description Current Users
check_command check_nrpe!check_users
}

# Define a service to check the number of currently running processes on the remote host.

define service{
use generic-service ; Name of service template to use
host_name alpha235
service_description Total Processes
check_command check_nrpe!check_total_procs
}
# Define a service to check the load on the remote host.

define service{
use generic-service ; Name of service template to use
host_name alpha235
service_description Current Load
check_command check_nrpe!check_load
}

# Define a service to check SSH on the remote host.
# Disable notifications for this service by default, as not all users may have SSH enabled.

define service{
use generic-service ; Name of service template to use
host_name alpha235
service_description SSH
check_command check_nrpe!check_ssh
notifications_enabled 0
}
# Define a service to check HTTP on the remote host.
# Disable notifications for this service by default, as not all users may have HTTP enabled.
define service{
use generic-service ; Name of service template to use
host_name alpha235
service_description HTTP
check_command check_nrpe!check_http
notifications_enabled 0
}

Activate the remotehost.cfg template
# vi /usr/local/nagios/etc/nagios.cfg
Definitions for monitoring remote Linux machine
cfg_file=/home/nagios/www/etc/objects/remotehost.cfg
Verify Nagios Configuration Files
# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
# /home/nagios/public_html/bin/nagios -v /home/nagios/public_html/etc/nagios.cfg (In our server)
Output : ...
...
Things look okay - No serious problems were detected during the pre-flight check

Verify whether nagios monitoring server can talk to the remote host
# /usr/local/nagios/libexec/check_nrpe -H 62.75.215.12
NRPE v2.12

Start nagios
# /home/nagios/www/bin/nagios -d /home/nagios/www/etc/nagios.cfg

Restart nagios (if already running)
# kill -HUP <nagios_pid>

# /usr/local/nagios/libexec/check_nrpe -H 62.75.215.12 -c check_load (To check the load of the remote server)
OK - load average: 0.35, 0.30, 0.23|load1=0.350;15.000;30.000;0; load5=0.300;10.000;25.000;0; load15=0.230;5.000;20.000;0;

(Usage: check_nrpe -H <host> [-n] [-u] [-p <port>] [-t <timeout>] [-c <command>] [-a <arglist...>])

Fix ‘Blank page’ problem aka White Screen of Death

This is another interesting problem that baffles the novice PHP programmers.

We make a quick change, and upload the file to webserver, we access the webapge and your are presented with a blank white page, aka ‘white screen of death’. It does not even show any error message.

We end up thinking what happened, we refresh the webpage but usually nothing changes.

Why this happens?
This happens because your host has switched off error reporting(for good reasons). So whenever their is a fatal error in your PHP script, and you have error reporting turned off you are presented with white screen of death.
So how to remedy it?
Their are two ways to get out of this situation,

Changes in php.ini file
If you can have access to php.ini file then change the display error property to On.

display_errors = On
Also make sure that error reporting property is at least set to

error_reporting = E_ALL & ~E_NOTICE & ~E_STRICT
Changes in the file
In case where you don’t have access to php.ini file, you can set these property in PHP script itself. Simply add following at the very start of your PHP script

error_reporting(E_ALL);
ini_set('display_errors',TRUE);
If you are using some, open source package like Drupal, Joomla or WordPress then put these codes in the index.php file in the root directory, right at top.

It is also possible that even though you see a blank page, but when you view the source you see the whole html code. This happens when you might miss proper closing an html tag, like <script>,<object> etc.

Please note that white screen of death can also happen due to problems in your Internet connectivity, this usually remedies itself when you do a page refresh.

 

Thursday, July 25, 2013

lightspeed custom php.ini

- Add entry "PHPIniDir /path/to/custom_ini/directory" to httpd.conf vhost section or a conf file included by vhost httpd.conf
- Create custome ini file '/path/to/custom_ini/directory/php.ini'
- Restart LSWS 'service lsws restart' (i.e. on CentOS) to make the change effective.

Thursday, July 18, 2013

Rebuild Named.conf

First of all clear the named.conf using the following command

root@cpaneltest [~]#> /etc/named.conf

Now execute the cpanel script to rebuild the named.conf
root@cpaneltest [~]#/scripts/rebuildnamedconf

Now restart the named service
root@cpaneltest [~]#/etc/init.d/named restart
Everything should be fixed now.

Cpanel intro

Cpanel Introduction
——————–

Cpanel Important directories.

/usr/local/cpanel
/var/cpanel
/scripts

/usr/local/cpanel
—————
cpsrvd
cpsrvd-ssl
cpkeyclt

/usr/local/cpanel/bin
——————-
*Houses only scripts and binaries which provide installation
and configuration of many cPanel managed services

Notable Contents:
eximstats
checkperlmodules

/usr/local/cpanel/logs
——————–
CPSRVD ——-access_log, error_log
CPANELLOGD—stats_log
CPKEYCLT——license_lo

/usr/local/cpanel/base
——————–
frontend——-x, x2,xmail,monsoon
webmail——-x, monsoon
neomail
horde
3rdparty——-squirrelmail, phpPgAdmin, phpMyAdmin

/usr/local/cpanel/etc
——————-
init ———–start | stop cpsrvd AND start | stop AND start | stop cppop
exim———-cf, perl
ftptemplates —proftpd
httptemplates –apache1–default, ssldefault
zonetemplates–simple, standard, standardvirtualftp

/usr/local/cpanel/3rdparty
———————–
bin——php, stunnel, analog, awstats, webalizer
etc——php.ini, ixed, ioncube

/var/cpanel
———-
Houses proprietary configuration data for cPanel, including:
● Primary cPanel configuration
● User configurations
● Reseller configurations
● Accounting, conversion, and update logs
● Bandwidth data
● Customized service templates

/var/cpanel
———-
cpanel.conf
resellers
accounting.log
features–packages–logs
updatelogs–bandwidth–zone templates
users—mainips

/var/cpanel/cpanel.config
———————–
● The primary cPanel configuration file
● Each variable within influences the way cPanel behaves
● Variables are line delimited, with variables separated by an equal sign
● If file does not exist, cpanel falls back to defaults

/var/cpanel/resellers
——————

Lists each reseller with a comma-delimited list of WHM
resources that reseller has access to.

/var/cpanel/accounting.log
————————
Contains a list of accounting functions performed through
WHM, including account removal and creation.

/var/cpanel/bandwidth
——————–
● Files contain a list of the bandwidth history for each account.
Each named after their respective user.
● History files are stored in human-readable format, while actual
bandwidth data are stored in round robin databases.

/var/cpanel/features
——————

● File name is inherited from the feature list name
● Contains a line delimited list of feature variables and a zero or
one value
● Variables control what cPanel resources are available to users

/var/cpanel/packages
——————-
● Contains a list of packages, named after the packages they represent
● If package belongs to reseller, file name is prefixed with reseller name
● Each of these values determines the values created in cPanel user file

/var/cpanel/users
—————-
● Contains a list of cPanel user configuration files, named after the user
they pertain to.
● Variables define account resources, themes, domains, etc.

Other notable /var/cpanel directories
——————————–
● LOGS
– This directory contains logs from account copies/transfers.
Training Seminar 2006
● UPDATELOGS
– Contains the output of each cPanel update executed on the server.
● MAINIPS
– Named after the respective reseller users they represent, each
contains only the IP address which should be used as that
resellersmain shared ip
● ZONETEMPLATES
– Contains customized DNS zone templates created inWHM

/scripts
——-
This directory houses a large number of scripts which serve
as building blocks for many cPanel/WHM features.
The scripts can be used to:
● Update cPanel, and many of the services of which it
manages
● Customize account creation routines
● Perform backups of cPanel accounts
● Install and update cPanel managed services

cPanel Services
————-
Services
● CPSRVD
● CHKSERVD
● CPANELLOGD
● CPBACKUP
● EXIMSTATS

cpsrvd
——
● cpsrvd is the ‘master’ process for cPanel.
● Handles and dispatches all requests made through the cPanel,
WHM, and Webmail interfaces.
● Logs to access_log and error_log

cpsrvd and stunnel relationship
—————————
CPSRVD–2082–>cpanel<–2083<–stunnel
CPSRVD–2086–>WHM<–2087<–stunnel
CPSRVD–2095–>Webmail<–2096<–stunnel

SSL Certificates
————-
● Default certificate and key are stored in /usr/local/cpanel/etc/cpanel.pem
● User installed cert and cabundle are stored in:
– /usr/local/cpanel/etc/mycpanel.pem
– /usr/local/cpanel/etc/mycpanel.cabundle

cPanel Startup
————
● The following services are controlled by the cPanel
init script
– cpsrvd, both plain and secure
– cPanel POP Services
– cPanel Log Services
– Eximstats
– Chat Services
– Mailman
– Interchange

● Verify if ports are in use
– netstat -lnp | egrep ’20(8|9)’

Troubleshooting Startup Issues(SSL)
——————————-
● If SSL services are not available
– execute /usr/local/cpanel/startstunnel
– check /usr/local/cpanel/3rdparty/bin/stunnel.log
● If cpsrvd is not available
– execute it directly `/usr/local/cpanel/cpsrvd`
– check /usr/local/cpanel/logs/error_log

Licensing
——–
● License requests are handled by /usr/local/cpanel/cpkeyclt
● Requests are transmitted to auth.cpanel.net over port 2089
● License requests are logged to license_log
● License key is stored at /usr/local/cpanel/cpanel.lisc

A valid license request:
root@server [~]# /
usr/local/cpanel/cpkeyclt
Updating Internal cPanel
Information…..Done
root@server [~]#

Troubleshooting License Issues
—————————
CHECKLIST:
● Verify if license is active for main server IP at http://verify.cpanel.net
● Check if server can establish connection to auth.cpanel.net over port 2089
● If the previous steps fail, check license_log for notable errors.
● If license is active, but refused with no notable errors, lodge support request.

root@server [~]# telnet auth.cpanel.net 2089
Trying 198.66.78.9…
Connected to auth.cpanel.net (198.66.78.9).
Escape character is ‘^]’.
200 cPanel License Service Version 12.0
root@server [~]#

cPanel Requests
————–
cPanel Requests
● Logins are authenticated against the system passwd and shadow files.
● Documents root is /usr/local/cpanel/base
● Theme is defined by RS variable in user’s cPanel configuration file.
● Resources are limited by the feature list of assigned to the given user.

WHM Requests
————-
● Root password will authenticate any reseller user
● Document root is /usr/local/cpanel/whostmgr/docroot/
● Reseller resources are limited by Access Control List
– Defined in WHM > Resellers > Reseller Center > Edit
Privileges/Nameservers
– Privileges are stored in /var/cpanel/resellers

cPanel Services
————–
● CPSRVD
● CHKSERVD
● CPANELLOGD
● CPBACKUP
● EXIMSTATS

Service Monitoring
—————-
● Located at /usr/local/cpanel/libexec/chkservd
● chkservd is a scalable connection and process based service monitoring
tool
● Provides monitoring of CPU, Memory, and Disk usage
● chkservd scans services once every eight minutes
– Logs to /var/log/chkservd.log
● Alerts are dispatched to server contact defined in Basic cPanel/WHM
Setup

chkservd Configuration
——————–
● Monitored services are determined by values stored in /
etc/chkserv.d/chkservd.conf.
– Syntax: servicename:0 for no monitoring, servicename:1 for
monitoring
● Actions, expected responses, and failure events are defined in
service configuration files stored in /etc/chkserv.d/{servicename}
● Status files are stored in /var/run/chkservd/{servicename}
– Plus (+) sign for active, Minus (-) sign for failed

cpanellogd
———-
● cpanellogd is responsible for parsing and updating bandwidth logs, and dispatching
statistics generators on each account, per their individual configurations.
● Configured through Statistics Software Configuration and Tweak Settings in WHM
● Statistics are compiled and stored for each account in /home/{username}/tmp, with
each respective statistics application being assigned it’s own individual subdirectory.

/home/{username}/tmp —-webalizer, analog, awstats, urchin

● Optional server-wide statistics configurations are stored in /
etc/stats.conf, while user-specific configurations may reside in /home/
{username}/tmp.
● Notable Variables in /etc/stats.conf:
– BLACKHOURS: Comma separated list of numeric values, which
specify hours that logs may not be parsed.
– VALIDUSERS:Users which are allowed to supply their own
combination of statistics generators. By default users are
restricted to the generators defined by the administrator.

Calling cpanellogd
—————-
● cpanellogd is started with the cPanel service, but can be executed
directly with:
– No Argument: Daemonize, and wait for a suitable time to scan
logs
– One Argument (username): Execute an immediate statistics run
for the specified user, and exit once completed.
● Two scripts are available to provide these functions as well:
– /scripts/runlogsnow – Execute a full log run immediately
– /scripts/runweblogs {username} – Execute a log run for a single
user

Bandwidth Statistics
—————–
● Bandwidth statistics are accumulated from a combination of the
following cPanel managed services:
– HTTP
– EXIM
– IMAP / POP
– FTP
● Bandwidth data is logged to /usr/local/apache/domlogs/*bytes_log
● Parsed bandwidth data is stored in /var/cpanel/bandwidth

COMMON ISSUES
● Bandwidth parsing is taking an exceedingly long time to complete
– First check the size of the logs being parsed. Excessively large
log files can and typically will take a long time to complete.
– Additionally, if RRDtool is not installed, bandwidth parsing
performance will drop signifigantly.
● RRDtool can be installed by executing `/scripts/rrdtoolinstall`

Log Processing
————-
● Statistics are parsed for each child domain of the given account.
● Will be influenced by variables in /var/cpanel/cpanel.config
– Skip statistics generator
● skip{generator_name}
– Logs will be retained or deleted based on
● keeplogs – keep logs at the end of the month.
● dumplogs – dump logs after parsing

Common cpanellogd Issues
————————
● Statistics are stalling, or are taking unreasonable amounts of
time.
– Usually indiates that the server load average is consistently
exceeding the defined load limit.
● Limit is defined as ‘extracpus’ in /var/cpanel/cpanel.config
– Restrictive BLACKHOUR definitions in WHM > Statistics Software
Configuration.
– All other issues should be present in /
usr/local/cpanel/logs/stats_log

cPanel Backups
————-
GENERAL INFORMATION
● Backup configuration is performed in WHM > Backup > Configure
Backup
● cPanel backups are performed by /scripts/cpbackup, which is
configured by default to execute at 1:00 AM in the root crontab.
● Backup archives are created using the /scripts/pkgacct utility, and
may be restored using /scripts/restorepkg respectfully.
● Uses CPU resource limits based upon extracpus definition in
cpanel.config

Backup Configuration
——————-
BACKUP INTERVALS
● Backup script can be configured to operate in daily, weekly, and monthly intervals.
● Each interval is given it’s own respective directory within the backup root.
● Backup intervals are executed when the current time minus the last modification time
of the interval directory is less than or equal to zero.

BACKUP METHODS
—————-
Three backup methods are available:
● Standard: This method entails archiving the accounts, and storing
them at the specified path/mount point. This is the default method
used by the backup script.
● Incremental: This method uses rsync to incrementally backup user
data. This option will only operate locally, storing the data at the
specified path/mount point.
● Remote: This method transmits account archives to a specified ftp
server. Remote backups are typically more time consuming, and
more error prone when transmitting large accounts.

Common Backup Issues
——————–
● Backup intervals are not executed when expected.
– Modification times are incorrect or not functional
– System time is incorrect.
– Backups have not been defined to run on that day.
● Backups stall, or take an exceedingly long time to complete.
– Verify that the transmission rate to remote server is suitable
– Verify that server load average has not exceeded defined
resource limit.

● Can’t call method “login” on an undefined value
This indicates the host or passive setting is not properly
defined for remote backups.
● Unable to login to remote FTP server.
This indicates that either the username and password
were not specified, or are incorrect in the backup configuration.
● Can’t call method “prepare” on an undefined value
The password stored for the root mysql user in /root/.my.cnf is
incorrect. Reset or correct this password, and re-execute the backup
script.

eximstats
———
● The eximstats daemon is responsible for harvesting bandwidth
information from exim transactions.
● Continually monitors the exim_mainlog, and stores information in the
eximstats database, including host and sender information, message
size, and transaction times.
● Is started with the cPanel service, but can be called directly at /
usr/local/cpanel/bin/eximstats

● Heavily mysql dependent
– data is stored in the ‘eximstats’ database.
● ‘eximstats’ mysql user password is stored in /var/cpanel/eximstatspass.
– password is generated by /usr/local/cpanel/bin/eximstatspass
● Database can be installed by running /
usr/local/cpanel/bin/updateeximstats

cPanel Maintenance
—————–
● Update configuration
● Update scripts
● Applying updates

● By default, cPanel applies nightly updates at 2:13AM in the root crontab.
● /scripts/upcp dispatches these updates, using the following key
components:
– /scripts/updatenow – synchronize /scripts directory
– /scripts/sysup – updates cPanel managed rpms
– /scripts/rpmup – all other system updates
● Updates are logged to timestamped files in /var/cpanel/updatelogs
● Update configuration is stored in /etc/cpupdate.conf.

/etc/cpupdate.conf
—————–
● The following variables are available in cpupdate.conf:
– CPANEL = [ manual- ] stable | release | current | edge
This variable controls which update branch is used for
cPanel updates, and controls whether the updates are applied
manually or automatically (Default value: release)
– SYSUP = never (all other values are assumed true)
– RPMUP = never (all other values are assumed true)

CPANEL=current
RPMUP=daily
SYSUP=daily

● cPanel updates can be called outside of the regularly scheduled cron
time simply by executing /scripts/upcp.
● If cPanel components are missing or corrupted that were not replaced
with the regular cPanel update, they can be replaced by executing /
scripts/upcp –force

Components of upcp
——————
● /scripts/cpanelsync
● /scripts/updatenow
● /scripts/sysup
● /scripts/rpmup

/scripts/cpanelsync
—————–
● /scripts/cpanelsync is called upon by /scripts/updatenow and /
scripts/upcp
● Provides md5sum based synchronization with update servers
● md5sum table is stored in /destination_directory/.cpanelsync
● Accepts three arguments host, remote path, local path :
/scripts/cpanelsync ‘httpupdate.cpanel.net’
‘/cpanelsync/RELEASE/scripts’ ‘/scripts’

/scripts/updatenow
—————–

Calls cpanelsync to update contents of scripts
directory, which then stores it’s md5sum table
at /scripts/.cpanelsync
● Should only be run from upcp, but can be
executed from command line when ‘–fromupcp’
is passed.
● Is the first update script called upon from /scripts/upcp

UPCP–>updatenow–>FTPUP–>EXIMUP–>MYSQLUP–>BANDMINUP–>COURIERUP–>RPMUP

RPMUP
——–
● Calls the underlying package manager to apply system package
updates
● The package manager which is used is determined by the presence
of:
– /var/cpanel/useup2date (Redhat)
– /var/cpanel/useyum (CentOS,Fedora)
– /var/cpanel/useapt (Debian)
– /var/cpanel/useswup (Trustix)
– /var/cpanel/userug (SuSE)

cPanel Updates
—————-
● After updatenow, sysup, and rpmup complete, cpanelsync is used to
complete the cPanel updates based on md5sum table stored at /
usr/local/cpanel/.cpanelsync
● If any special configurations are required on server after updates,
they can be applied in /scripts/postupcp, which is executed if such a
file exists and is executable.
● Once updates complete, all cPanel services are restarted for changes
to take effect

cPanel Scripts
————–
● Account Management
● Package Management
● Service Update and Configuration
– MySQL
– Exim
– Named
– Apache
● cPanel and System

Account Management Scripts
——————————
● /scripts/wwwacct (account creation)
Accounts can be created via the command line using the following
syntax: /scripts/wwwacct exampledomain.com username password 0
x n
● /scripts/killacct (account termination)
Takes a single argument of the user to terminate.
● /scripts/suspendacct (account suspension)
Will suspend an account from accessing all cPanel managed
services.
● /scripts/unsuspendacct
Will reinstate any account suspended via suspendacct

● /scripts/addpop (Create pop account)
Handles creation of virtual mail accounts. Accepts either no
arguments, or two arguments consisting of the e-mail address and
password.
● /scripts/updateuserdomains
Updates the user:owner and user:domain tables stored in:
– /etc/userdomains
– /etc/trueuserdomains
– /etc/trueuserowners
– These tables are used to enumerate and keep track of accounts
and their owners.

Package Management
———————-
● /scripts/ensurerpm
Takes argument list of rpms, which are then passed to the
underlying package manager
● /scripts/ensurepkg
The equivalent of ensurerpm for FreeBSD. Updates specified
packages from ports.
● /scripts/realperlinstaller
Takes argument list of perl modules to install via CPAN
● Each of the aforementioned scripts can accept an argument of ‘–force’
to force package installations.

● /scripts/mysqlup
Can be called to apply MySQL updates independent of upcp
● /scripts/cleanupmysqlprivs
Will clean up the default MySQL privilege tables, by installing
a more restrictive privilege schema.
● /scripts/mysqlconnectioncheck
Will verify that mysql is accessible with password stored in /root/.my.cnf,
and force a reset with a random 16 character string if inaccessible.
● /scripts/restartsrv_mysql

● /scripts/eximup
Can be called to apply exim updates independent of upcp
● /scripts/buildeximconf
Will rebuild exim.conf, and merge local, distribution, and cPanel
configurations
● /scripts/restartsrv_exim

● /scripts/rebuildnamedconf
Rebuild named.conf based on existing zone files
● /scripts/restartsrv_bind

● /scripts/easyapache
Download, extract, and execute apache build script
● /scripts/rebuildhttpdconf
Rebuilds httpd.conf based on DNS entries found in each
cPanel user configuration
● /scripts/restartsrv_httpd

cPanel Scripts
————–
Useful Scripts – cPanel and System
● /scripts/restartsrv_{servicename}
The majority of cPanel managed service can be scripts named
appropriately.
● /scripts/makecpphp
Will rebuild the PHP interpreter used internally by cpsrvd
● /usr/local/cpanel/bin/checkperlmodules
Will scan for and install any Perl modules required by cPanel.
● /scripts/fullhordereset
Updates horde and resets the horde mysql user password
● /scripts/fixquotas
Will attempt to rebuild quota database per information stored in /
etc/quota.conf

Tuesday, July 16, 2013

Port Forwarding

Port Forwarding
SSH tunnels can be created in several ways using different kinds of port forwarding
mechanisms. Ports can be forwarded in three ways.

Local port forwarding
Remote port forwarding
Dynamic port forwarding
I didn’t explain what port forwarding is. I found Wikipedia’s definition more explanatory.

Port forwarding or port mapping is a name given to the combined technique of

translating the address and/or port number of a packet to a new destination
possibly accepting such packet(s) in a packet filter(firewall)
forwarding the packet according to the routing table.
Here the first technique will be used in creating an SSH tunnel. When a client application connects to the local port (local endpoint) of the SSH tunnel and transfer data these data will be forwarded to the remote end by translating the host and port values to that of the remote end of the channel.

So with that let’s see how SSH tunnels can be created using forwarded ports with an examples.

Tunnelling with Local port forwarding
Let’s say that yahoo.com is being blocked using a proxy filter in the University.
(For the sake of this example. . Cannot think any valid reason why yahoo would be blocked). A SSH tunnel can be used to bypass this restriction. Let’s name my machine at the university as ‘work’ and my home machine as ‘home’. ‘home’ needs to have a public IP for this to work. And I am running a SSH server on my home machine. Following diagram illustrates the scenario.

 

To create the SSH tunnel execute following from ‘work’ machine.

1
ssh -L 9001:yahoo.com:80 home
The ‘L’ switch indicates that a local port forward is need to be created. The switch syntax is as follows.

1
-L <local-port-to-listen>:<remote-host>:<remote-port>
Now the SSH client at ‘work’ will connect to SSH server running at ‘home’ (usually running at port 22) binding port 9001 of ‘work’ to listen for local requests thus creating a SSH tunnel between ‘home’ and ’work’. At the ‘home’ end it will create a connection to ‘yahoo.com’ at port 80. So ‘work’ doesn’t need to know how to connect to yahoo.com. Only ‘home’ needs to worry about that. The channel between ‘work’ and ‘home’ will be encrypted while the connection between ‘home’ and ‘yahoo.com’ will be unencrypted.

Now it is possible to browse yahoo.com by visiting http://localhost:9001 in the web browser at ‘work’ computer. The ‘home’ computer will act as a gateway which would accept requests from ‘work’ machine and fetch data and tunnelling it back. So the syntax of the full command would be as follows.

1
ssh -L <local-port-to-listen>:<remote-host>:<remote-port> <gateway>
The image below describes the scenario.

 

Here the ‘host’ to ‘yahoo.com’ connection is only made when browser makes the
request not at the tunnel setup time.

It is also possible to specify a port in the ‘home’ computer itself instead of
connecting to an external host. This is useful if I were to set up a VNC session
between ‘work’ and ‘home’. Then the command line would be as follows.

1
ssh -L 5900:localhost:5900 home (Executed from 'work')
So here what does localhost refer to? Is it the ‘work’ since the command line is executed from ‘work’? Turns out that it is not. As explained earlier is relative to the gateway (‘home’ in this case) , not the machine from where the tunnel is initiated. So this will make a connection to port 5900 of the ‘home’ computer where the VNC client would be listening in.

The created tunnel can be used to transfer all kinds of data not limited to web browsing sessions. We can also tunnel SSH sessions from this as well. Let’s assume there is another computer (‘banned’) to which we need to SSH from within University but the SSH access is being blocked. It is possible to tunnel a SSH session to this host using a local port forward. The setup would look like this.

 

As can be seen now the transferred data between ‘work’ and ‘banned’ are encrypted end to end. For this we need to create a local port forward as follows.

1
ssh -L 9001:banned:22 home
Now we need to create a SSH session to local port 9001 from where the session
will get tunneled to ‘banned’ via ‘home’ computer.

1
ssh -p 9001 localhost
With that let’s move on to next type of SSH tunnelling method, reverse tunnelling.

Reverse Tunnelling with remote port forwarding
Let’s say it is required to connect to an internal university website from home.
The university firewall is blocking all incoming traffic. How can we connect from ‘home’ to internal network so that we can browse the internal site? A VPN setup is a good candidate here. However for this example let’s assume we don’t have this facility. Enter SSH reverse tunnelling..

As in the earlier case we will initiate the tunnel from ‘work’ computer behind the firewall. This is possible since only incoming traffic is blocking and outgoing traffic is allowed. However instead of the earlier case the client will now be at the ‘home’ computer. Instead of -L option we now define -R which specifies
a reverse tunnel need to be created.

1
ssh -R 9001:intra-site.com:80 home (Executed from 'work')
Once executed the SSH client at ‘work’ will connect to SSH server running at home creating a SSH channel. Then the server will bind port 9001 on ‘home’ machine to listen for incoming requests which would subsequently be routed through the created SSH channel between ‘home’ and ‘work’. Now it’s possible to browse the internal site
by visiting http://localhost:9001 in ‘home’ web browser. The ‘work’ will then create a connection to intra-site and relay back the response to ‘home’ via the created SSH channel.

 

As nice all of these would be still you need to create another tunnel if you need to connect to another site in both cases. Wouldn’t it be nice if it is possible to proxy traffic to any site using the SSH channel created? That’s what dynamic port forwarding is all about.

Dynamic Port Forwarding
Dynamic port forwarding allows to configure one local port for tunnelling data to all remote destinations. However to utilize this the client application connecting to local port should send their traffic using the SOCKS protocol. At the client side of the tunnel a SOCKS proxy would be created and the application (eg. browser) uses the SOCKS protocol to specify where the traffic should be sent when it leaves the other end of the ssh tunnel.

1
ssh -D 9001 home (Executed from 'work')
Here SSH will create a SOCKS proxy listening in for connections at local port
9001 and upon receiving a request would route the traffic via SSH channel
created between ‘work’ and ‘home’. For this it is required to configure the
browser to point to the SOCKS proxy at port 9001 at localhost.

Saturday, July 13, 2013

What is symlink hack and protection

Well symlink stands for symbolic link or can also be called soft-link, and to best describe it for everyone out there it is like a shortcut in windows now to explain in a bit more detail imagine your on your desktop and you create a shortcut to "C:/" this is essentially like creating a symlink from "/home/userx/www/" to "/"
please note that a shortcut is not the same as a symlink. as windows does also support symlinking I only use them as a reference as they are similar and help explain it for those who may not understand otherwise.


i am making this tutorial for those who have shelled websites and they cant root server as  not all linux boxes can be rooted , also we dont have exploits for all linux kernels.

so here i am gonna show you how to hack websites on a server using symlink ,
but first u will need a shelled website on that server ,thatn only u can do symlink without shell u cant do symlink.

Now  here i am not gonna tell you to create two folders and then do symlink here i will use automated symlink script which you can download from here and upload on the shelled website. 

http://www.mediafire.com/download/fvnta4eh1wam65r/symlink+files.zip

http://www.mediafire.com/download/08oeos9cpaloeum/Bypass_Symlink_on_2013_Server_With_Different_.htaccess_and_Methods_by_Sen_Haxor.rar

===================================================

/usr/local/apache/conf/httpd.conf
paste this code and save it

<Directory "/">
Options -ExecCGI -FollowSymLinks Includes IncludesNOEXEC Indexes -MultiViews SymLinksIfOwnerMatch
AllowOverride All
</Directory>

<Directory "/usr/local/apache/htdocs">
Options IncludesNOEXEC Indexes -FollowSymLinks +SymLinksIfOwnerMatch -ExecCGI
AllowOverride None
Order allow,deny
Allow from all

</Directory>
<Directory "/home">
Options All -ExecCGI -FollowSymLinks -Includes -IncludesNOEXEC -MultiViews +SymLinksIfOwnerMatch
AllowOverride AuthConfig Indexes Limit Fileinfo
</Directory>

<Directory "/home2">
Options All -ExecCGI -FollowSymLinks -Includes -IncludesNOEXEC -MultiViews +SymLinksIfOwnerMatch
AllowOverride AuthConfig Indexes Limit Fileinfo
</Directory>

==================================
How precisely did you disable it in httpd.conf file? If you uncheck FollowSymLinks in WHM > Apache Configuration > Global Configuration area and save that setting, then you should have httpd.conf change to the following:

The setting for <Directory "/"> should not be able to be overrode by any user's .htaccess file.

<Directory "/">
Options ExecCGI Includes IncludesNOEXEC Indexes SymLinksIfOwnerMatch
AllowOverride All
</Directory>

<Directory "/usr/local/apache/htdocs">
Options Includes Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all

</Directory>
====================================
Let me show you which method "Hacker..." uses to get source of the config files of you'r web-site for example wp-config.php and I will show you how to prevent this.

1) He login to cPanel as a normal user http://ip-address/cpanel then type login and password to Login
2) Then he open File manager (show hidden files "dotfiles") and then creates new .htaccess file with following source:
#.htaccess file source
Options Indexes FollowSymLinks
DirectoryIndex doesnt-metter.htm
AddType txt .php
AddHandler txt .php
#End of .htaccess file
3) Then he creates symbalic link (soft link) with perl scripts or just uses CRON job to create symbalic link of top level directory "/" typing: "ln -s / topdir"
4) After that, he open browser and typing http://server-ip/~his-home-dir/topdi.../wp-config.php and then just looking source of the page, all data present as a TXT(text) data. That's all. User has been hacked.
-------------------------------------------------------------------------------------------------------
Solution:
1) Open you'r php.conf with you'r favorite editor: nano /usr/local/apache/conf/php.conf
2) Commit: #AddType application/x-httpd-php5 .php5 .php4 .php .php3 .php2 .phtml
3) Add these lines:
<FilesMatch "\.ph(p[2-6]?|tml)$"> # this equal to: .php, .php2, .php3, .php4, .php5, .php6 .phtml
SetHandler application/x-httpd-php5
</FilesMatch>
4) Save you'r changes and close php.conf
5) Restart httpd server typing: /etc/init.d/httpd restart
6) Done
=====================================
Prevent SymLink Attack On Cpanel Server
Edit httpd.conf
vi /etc/httpd/conf/httpd.conf
Find
<Directory "/">
Options +ExecCGI -FollowSymLinks -Includes +IncludesNOEXEC +Indexes -MultiViews +SymLinksIfOwnerMatch
AllowOverride All
</Directory>
Replace With
<Directory "/">
Options +ExecCGI -FollowSymLinks +Includes +IncludesNOEXEC +Indexes -MultiViews +SymLinksIfOwnerMatch
AllowOverride AuthConfig FileInfo Indexes Limit Options=Includes,Indexes,MultiViews
</Directory>
Make the changes permanent.
/usr/local/cpanel/bin/apache_conf_distiller --update
service httpd restart
=============================================
Find Symlink files or folders in your cpanel server
There are many symlink hacking attempt caused trouble in your server. they can create a sym link folder by using

script. This is major security issues. how to find all the symbolic links under a particular directory using the “find” command.

Use the below commands to find symlink directory in your cpanel server.

find <search folder path> -lname <symlink file path>
Use the below command to find all the sym link files

find /home -type l -printf '%p -> %l\n'

or

find /home -type l -exec ls -lad {} \;
List all symbolic links in current directory

find /home -type l
Another examples,

In order to find all the /root folder symlinks in your /home directory, use this command

cd /home

find -lname /root
Use ls command to lise all the sym links

ls -lahR | grep ^l
=================================================
How to install our patch (apache 2.2 only):
yum install patch
wget http://layer1.rack911.com/before_apache_make -O /scripts/before_apache_make
chmod 700 /scripts/before_apache_make
#Rebuild apache after.
/scripts/easyapache
=================================================
[News 20/1: Bluehost appear to have developed a patch which closes the race exploit - see http://tinyurl.com/apache-fstat-patch-bluehost]

[News Feb 2013: cPanel have released a patch which is selectable in easyapache. I beleive this is the bluehost patch above, though they haven't made it clear what it does. If you check the patch and discover details, please let us know. The bluehost patch uses fstat() to check file ownership *after* the file has been opened, which is the only correct way to implement the SymLinksIfOwnerMatch check.]
=================================================

 

ConfigServer Firewall 6.02 Features Symlink Race Condition Protection

Install pear




php less than 5.3
----------------------------
wget http://pear.php.net/go-pear
php go-pear.php

php greater than 5.3

----------------------------
wget http://pear.php.net/go-pear.phar

php go-pear.phar

Change the cPanel port

You can change the cPanel port in /var/cpanel/cpanel.config file. Search for this line
--------------------
port=2082
----------------------
After changing the port, then run these two commands for it to take effect:

# /usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings
# /etc/init.d/httpd restart

Sub domain , Parked , Add on domain .

We get asked this question all the time. The answer is actually pretty straightforward:
Sub domain

Lets say your domain is mysite.com.
You install a Message Board and put in in a directory called mysite.com/board/.
You can turn the directory board into a sub-domain by adding it as a sub-domain from your Control Panel.
Now you can access your Message board as either mysite.com/board OR board.mysite.com
This costs you nothing and is free.

Parked Domain

You have two domains mysite.com and my-other-site.com.
mysite.com is the domain of your website and you want to add my-other-site.com.
You want them both to go to the same place. In other words, when someone types either www.mysite.com or www.my-other-site.com they will go to the same page(s) on your website.
In order to have additional parked domains you need to purchase them from a registry.
Register Parked domains here (open a new account if you don't have one registered)

Add-On Domains

You have two domains mysite.com and my-other-site.com.
You want the two domains to be totally separate/independent websites.
In order to have additional add-on domains you need to purchase them from a registry.
Register Add-on domains here (open a new account if you don't have one registered)

Wednesday, July 10, 2013

Max user connection for a database

Max user connection for a database can be increased by following query

mysql > GRANT ALL ON dbname.* TO ‘dbuser’@'localhost’
-> WITH MAX_USER_CONNECTIONS 200;

Similarly max queries, max connections, max updates can be increased with below query

mysql > GRANT ALL ON dbname.* TO ‘dbuser’@'localhost’
-> WITH MAX_QUERIES_PER_HOUR 20
-> MAX_UPDATES_PER_HOUR 10
-> MAX_CONNECTIONS_PER_HOUR 5 ;

GRANT ALL ON dbname.* TO ‘dbuser’@'localhost’
-> WITH MAX_QUERIES_PER_HOUR 20
-> MAX_UPDATES_PER_HOUR 10
-> MAX_CONNECTIONS_PER_HOUR 5
-> MAX_USER_CONNECTIONS 200;

Remove cPHulk Brute Force blocked ip address Via MYSQL

Remove cPHulk Brute Force blocked ip address Via MYSQL
-bash-4.1# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 216694
Server version: 5.1.70-cll MySQL Community Server (GPL)

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mysql>
mysql> use cphulkd
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> SELECT * FROM `brutes` WHERE `IP`=’YourIP’;

If your ip address found brutes tables, then use the following command to remove it.

mysql> DELETE FROM `brutes` WHERE `IP`=’82.80.248.107′;
Query OK, 1 rows affected (0.00 sec)

mysql> DELETE FROM `logins` WHERE `IP`=’82.80.248.107′;
Query OK, 1 rows affected (0.00 sec)

mysql> quit

Try to login your WHM now.

 

php security settings

PHP is a server side scripting language. You can embed PHP code in your web pages along with HTML. When your server receives a request for a page, it first gives the page to the PHP handler program. The PHP handler outputs HTML code as-is, but when it encounters cpanel PHP knowledgebase commands, it executes them. Any HTML generated by the PHP commands is also output. The end result is a web page with content that has been customized on the server before being sent to whoever requested it.

there are two files where PHP configuration commands can go: php.ini or Apache .htaccess ( please refer what php running on your server)

How to view your PHP settings.

Create a text file with a .php extension, containing just this line.

<?php phpinfo(); ?>
Then browse that file to check php info page.

The following functions used to prevent hacking attempt and malware injection,etc., on your php application.

Disable_functions
This directive allows you to disable certain functions for security reasons. It takes on a comma-delimited list of function names. disable_functions is not affected by Safe Mode. This directive must be set in php.ini

disable_functions = exec, passthru, shell_exec, system, proc_open, popen, curl_exec, curl_multi_exec, parse_ini_file, show_source
Please refer with other unwanted php functions and disable it.
What is Safe Mode?

safe mode is a security feature that was designed to prevent hackers from being able to use PHP scripts to execute commands at the operating system level (such as Linux shell commands).

To disable PHP safe mode on a server, edit the /usr/local/lib/php.ini file and modify the following line:

safe_mode = Off
open_basedir restriction
The open_basedir function defines the locations or paths from which PHP is allowed to access files using functions like fopen() and gzopen(). If a file is outside of the paths defined by open_basdir, PHP will refuse to open it. You cannot use a symbolic link as a workaround, because the path that the symbolic link resolves to falls under the restrictions of the open_basedir function.

To prevent accounts from accessing foreign files using PHP:

WHM >> Security Center >> PHP open_basedir Tweak

Click the Enable php open_basedir Protection checkbox at the top of the list.
Select domains you wish to exclude, disabling protection for their files.
Click Save.

How does it work?

PHP admin directives for open_basedir are added to each Virtual Host in httpd.conf. These directives limit users’ access via PHP to only the following directories:

/usr/lib/php /usr/local/lib/php
Register Globals
register_globals is an internal PHP setting which registers the $REQUEST array’s elements as variables. If you submit a value in a form, via POST or GET, the value of that input will automatically be accessible via variable in the PHP script, named after the name of the input field.

In other words, if you submitted a form containing a username text field, the expression ($username === $_POST['username']) at the very beginning of the script would return true.

If it enabled, any query string at the end of the URL http://yourdomainsomething.php?valid=true will affect the value of a variable $valid (for example) in something.php, if it exists.

If you’re using publically available PHP code (a library for example) the names of variables are well known, and it would be possible for hackers to control their values by assigning values in the query string. They may be able to bypass authentication.

For security reasons, it is recommended to disable register_globals

put in the one line of code on your php.ini

register_globals = off
allow_url_fopen
allow_url_fopen is especially important. It prevents URLs (internet addresses) from being used in PHP include() statements and in some other places. A command such as include(“http://website.com/page.php“) will not be allowed to execute. Only files that reside within your website can be included, and you must refer to them by their filepath names, not by their internet URLs.

You can include a file from your own site simply by specifying its path and filename. Here is an example how to convert a URL include to one that does not use a URL:

Assume your current code looks like this:

include(‘http://yoursite.com/page.php’);

You would convert it to this:

include($_SERVER['DOCUMENT_ROOT'] . ‘/page.php’);

Turn off this settings.

allow_url_fopen = Off
Magic Quotes
Magic Quotes, generally speaking, is the process of escaping special characters with a ‘\’ to allow a string to be entered into a database. This is considered ‘magic’ because PHP can do this automatically for you if you have magic_quotes_gpc turned on.

More specifically if magic_quotes_gpc is turned on for the copy of PHP you are using all Get, Post & Cookie variables (gpc, get it?) in PHP will already have special characters like “, ‘ and \ escaped so it is safe to put them directly into an SQL query.

magic_quotes_gpc = Off

Google Apps Wizard cPanel plugin

Google Apps Wizard cPanel plugin
This tool was developed for web hosting companies, webmasters and website developers that have to setup domains with Google Apps in the everyday work. The purpose of Google Apps Wizard cPanel plugin is to facilitate the steps needed to work with Google Apps services. cPanel end user doesn’t need to have any prior knowledge of DNS records management while working with this tool.

http://code.google.com/p/google-apps-wizard-cpanel-plugin/

Installation

Run the following shell commands as root via SSH:

# wget http://google-apps-wizard-cpanel-plugin.googlecode.com/files/gaw-2.0.tar
# tar -xf gaw-2.0.tar
# cd gaw-2.0
# ./gawinstall.sh
# cd ..
# rm -Rfv gaw-2.0/ gaw-2.0.tar
Go to WHM >> Main >> Plugins >> Google Apps Wizard and click Update Now.
Upgrade

If you running version 2+ please skip this part.

# wget http://google-apps-wizard-cpanel-plugin.googlecode.com/files/gaw-2.0.tar
# tar -xf gaw-2.0.tar
# cd gaw-2.0
# ./gawupdate.sh
# cd ..
# rm -Rfv gaw-2.0/ gaw-2.0.tar
Uninstall

# wget http://google-apps-wizard-cpanel-plugin.googlecode.com/files/gaw-2.0.tar
# tar -xf gaw-2.0.tar
# cd gaw-2.0
# ./gawuninstall.sh
# cd ..
# rm -Rfv gaw-2.0/ gaw-2.0.tar
Multi languages support

The language files folder is located at: /usr/local/cpanel/base/3rdparty/GoogleAppsWizard/lang/
The en.php is the default fallback language file so do not delete it!
To create new language files you must use an existing cPanel prefix.
You can see your available languages by navigating to: Main >> Locales >> View Available Locales.
Templates support

The Google Apps Wizard plugin support third party cPanel templates.
All you need to do is to copy the default template to your third party template folder.
Template path: /usr/local/cpanel/base/frontend/x3/gaw
Example command: # cp /usr/local/cpanel/base/frontend/x3/gaw /usr/local/cpanel/base/frontend/{Your custom template folder name}/

What is a Wildcard SSL certificate?

What is a Wildcard SSL certificate?
A Wildcard SSL certificate secures your website URL, and an unlimited number of its subdomains. A single Wildcard certificate can secure both www.cpanelkb.net, cpanelkb.net,sub.cpanelkb.net,etc.,

Wildcard certificates secure websites the same as a regular SSL certificate, and requests are processed using the same validation methods. However, some Web servers might require a unique IP address for each subdomain on the Wildcard certificate.

Install Wildcard SSL Certificate on your cpanel server
1) Generate the Certificate Signing Request (CSR) in WHM >> SSL/TLS >>
Generate an SSL Certificate and Signing Request and make sure you enter the host as *.domain.com

Use this SSL certificate country code

2) Purchase the wildcard certificate using the CSR you generated from SSL provider like godaddy, rapitssl,etc.,

3) Once you got SSL certificate , Click WHM >> SSL/TLS »
Install an SSL Certificate and Setup the Domain and paste in the CRT.

Verify that the correct account is loaded by comparing the username.

Remove the “*.” from the domain name and use domain.com only.
Check the IP Address into the IP Address field.

You are now ready to press “Submit“.

Thats all… SSL install will successfully!!!

In order to install wildcard SSL certificate for your Sub domain, use the same certificate to install subdomain.( you won’t create CSR again)

Use the same method to install SSL certificate for your single domain and it should be need dedicated IP address.

For your reference, the following code will automatically added in your httpd.conf.

SSLEngine on

SSLCertificateFile /etc/ssl/certs/cpanelkb.net.crt
SSLCertificateKeyFile /etc/ssl/private/cpanelkb.net.key
SSLCACertificateFile /etc/ssl/certs/cpanelkb.net.cabundle
CustomLog /usr/local/apache/domlogs/cpanelkb.net-ssl_log combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
<Directory "/home/user/public_html/cgi-bin">
SSLOptions +StdEnvVars
</Directory>

Nameserver ips not show in WHM

Nameserver ips not show in WHM
If the nameserver ips not showing in your WHM >> Main >> DNS Functions >> Nameserver IPs

In order to fix the issue you need to correct the entries for the name server’s IP in the below two files

1. You can check the entries in the /etc/nameserverips file and it should show the below output

root@server [~]# cat /etc/nameserverips
x.x.x.x=ns1.yourdomain.com
x.x.x.x=ns2.yourdomain.com
And if the entries in the above files are correct then,

2. Check the next file it should show the below output

root@server [~]# cat /var/cpanel/nameserverips.yaml

ns1.yourdomain.com:
x.x.x.x: 1
count: 1
zones: yourdomain.com
ns2.yourdomain.com:
x.x.x.x: 1
count: 1
zones: yourdomain.com
If the nameserver ip entries are missing in your file then make ip changes and restart named service.

service named restart

Database size shows zero in cPanel fixed

To resolve this issue you have to edit following file /var/cpanel/cpanel.config

root@support[~]vi /var/cpanel/cpanel.config

Search line “disk_usage_include_sqldbs” in file “ /var/cpanel/cpanel.config “ and change it

From

disk_usage_include_sqldbs=0

to

disk_usage_include_sqldbs=1

And run script

-/scripts/update_db_cache

Restore cpanel server from corrupted drive

Restore cpanel server from corrupted drive. If your server drive got corrupted and need to restore data from it then you can use the following steps to restore data from problematic drive.

Rsync stands for remote sync. rsync is used to perform the backup operation in UNIX / Linux. rsync utility is used to synchronize the files and directories. We can use this to restore database from corrupt drive.

Ask your DC to attach corrupted drive as secondary drive and mount drive as olddrive folder

mount /dev/sdc /olddrive
We can start copying backup data from the old drive

If possible, do this process through SCREEN.

rsync -vrplogDtH /olddrive/usr/local/apache/conf /usr/local/apache
rsync -vrplogDtH /olddrive/var/named /var
rsync -vrplogDtH /olddrive/home/* /home
rsync -vrplogDtH /olddrive/usr/local/cpanel /usr/local
rsync -vrplogDtH /olddrive/var/lib/mysql /var/lib
rsync -vrplogDtH /olddrive/var/cpanel /var
rsync -vrplogDtH /olddrive/usr/share/ssl /usr/share
rsync -vrplogDtH /olddrive/var/ssl /var
rsync -vrplogDtH /olddrive/usr/local/cpanel/3rdparty/mailman /usr/local/cpanel/3rdparty
rsync -vrplogDtH /olddrive/var/log/bandwidth /var/log
rsync -vrplogDtH /olddrive/usr/local/frontpage /usr/local
rsync -vrplogDtH /olddrive/var/spool/cron /var/spool
rsync -vrplogDtH /olddrive/root/.my.cnf /root
rsync -vrplogDtH /olddrive/etc/httpd/conf/httpd.conf /etc/httpd/conf
Copy all old drive /etc folder configuration files.

cd /olddrive/etc

rsync -vrplogDtH secondarymx domainalias valiases vfilters exim* proftpd* pure-ftpd* passwd* group* *domain* *named* wwwacct.conf cpupdate.conf quota.conf shadow* *rndc* ips* ipaddrpool* ssl hosts /etc
Updating scripts and restarting services:

/scripts/upcp
/scripts/updatenow
/scripts/easyapache
/scripts/securetmp
/scripts/fixeverything
Restarting services as:

/scripts/restartsrv httpd
/scripts/restartsrv cpanel
/scripts/restartsrv mysql
/scripts/restartsrv named
/scripts/restartsrv exim
Done… Thats all!!!

If you need to restore data to remote server then copy files to remote server. Enable SSH key authorized login without root password between both servers.

Go to old serve which is corrupted drive.

cd /etc

rsync -vrplogDtH secondarymx domainalias valiases vfilters exim* proftpd* pure-ftpd* passwd* group* *domain* *named* wwwacct.conf cpupdate.conf quota.conf shadow* *rndc* ips* ipaddrpool* ssl hosts root@84.23.43.45:/etc
(84.23.43.45 is assumed as the IP of the new server to which we are moving the data.)

Now we need to transfer everything else.

rsync -vrplogDtH /usr/local/apache/conf root@84.23.43.45:/usr/local/apache
rsync -vrplogDtH /var/named root@84.23.43.45:/var
rsync -vrplogDtH /home/* root@84.23.43.45:/home
rsync -vrplogDtH /usr/local/cpanel root@84.23.43.45:/usr/local
rsync -vrplogDtH /var/lib/mysql root@84.23.43.45:/var/lib
rsync -vrplogDtH /var/cpanel root@84.23.43.45:/var
rsync -vrplogDtH /usr/share/ssl root@84.23.43.45:/usr/share
rsync -vrplogDtH /var/ssl root@84.23.43.45:/var
rsync -vrplogDtH /usr/local/cpanel/3rdparty/mailman root@84.23.43.45:/usr/local/cpanel/3rdparty
rsync -vrplogDtH /var/log/bandwidth root@84.23.43.45:/var/log
rsync -vrplogDtH /usr/local/frontpage root@84.23.43.45:/usr/local
rsync -vrplogDtH /var/spool/cron root@84.23.43.45:/var/spool
rsync -vrplogDtH /root/.my.cnf root@84.23.43.45:/root
rsync -vrplogDtH /etc/httpd/conf/httpd.conf root@84.23.43.45:/etc/httpd/conf
Dont forget to change remote server ip address in configuration.

replace <soureip> to 84.23.43.45 — /var/named/*.db
replace <soureip> to 84.23.43.45 — /usr/local/apache/conf/httpd.conf
Then updating scripts and restarting services…

5.00 / 5 5
1 / 5
2 / 5
3 / 5
4 / 5
5 / 5

Find Symlink files or folders in your cpanel server

Find Symlink files or folders in your cpanel server


There are many symlink hacking attempt caused trouble in your server. they can create a sym link folder by using

script. This is major security issues. how to find all the symbolic links under a particular directory using the “find” command.

Use the below commands to find symlink directory in your cpanel server.

find <search folder path> -lname <symlink file path>
Use the below command to find all the sym link files

find /home -type l -printf '%p -> %l\n'

or

find /home -type l -exec ls -lad {} \;
List all symbolic links in current directory

find /home -type l
Another examples,

In order to find all the /root folder symlinks in your /home directory, use this command

cd /home

find -lname /root
Use ls command to lise all the sym links

ls -lahR | grep ^l

Tuesday, July 9, 2013

Wildcards in linux

Wildcards are a shell feature that makes the command line much more powerful than any GUI file managers. You see, if you want to select a big group of files in a graphical file manager, you usually have to select them with your mouse. This may seem simple, but in some cases it can be very frustrating. For example, suppose you have a directory with a huge amount of all kinds of files and subdirectories, and you decide to move all the HTML files, that have the word "linux" somewhere in the middle of their names, from that big directory into another directory. What's a simple way to do this? If the directory contains a huge amount of differently named HTML files, your task is everything but simple!
In the Linux CLI that task is just as simple to perform as moving only one HTML file, and it's so easy because of the shell wildcards. Wildcards are special characters that allow you to select filenames that match certain patterns of characters. This helps you to select even a big group of files with typing just a few characters, and in most cases it's easier than selecting the files with a mouse.
Here's a list of the most commonly used wildcards in bash:
Wildcard Matches
*                      zero or more characters
?                       exactly one character
[abcde]            exactly one character listed
[a-e]                  exactly one character in the given range
[!abcde]            any character that is not listed
[!a-e]                  any character that is not in the given range
{debian,linux}   exactly one entire word in the options given
You can use wildcards with any command that accepts file names as arguments.

< Wildcard examples >

Let's have a few examples. Probably the * character is already familiar to you, because it's widely used in many other places, too, not just in Linux. For example, the following removes every file from the current directory:
$ rm *
The following command moves all the HTML files, that have the word "linux" in their names, from the working directory into a directory named dir1:
$ mv *linux*.html dir1
See, I told you that moving multiple files can be just as simple as moving only one file!
The following displays all files that begin with d and end with .txt:
$ less d*.txt
The following command removes all files whose names begin with junk., followed by exactly three characters:
$ rm junk.???
With this command you list all files or directories whose names begin with hda, followed by exactly one numeral:
$ ls hda[0-9]
This lists all files or directories beginning with hda, followed by exactly two numerals:
$ ls hda[0-9][0-9]
The following lists all files or directories whose name starts with either hd or sd, followed by any single character between a and c:
$ ls {hd,sd}[a-c]
This command copies all files, that begin with an uppercase letter, to directory dir2:
$ cp [A-Z]* dir2
This deletes all files that don't end with c, e, h or g:
$ rm *[!cehg]

Single Quote and Double Quote Inside Shell Script

Single Quote and Double Quote Inside Shell Script

Let us review how to use single quote and double quote inside a shell script.

Following example displays an echo statement without any special character.

$ echo The test Stuff
The test Stuff
Echo statement with a special character ; . semi-colon is a command terminator in bash. In the following example, “The test” works for the echo and “Stuff” is treated as a separate Linux command and gives command not found.

$ echo The test; Stuff
The test
-bash: Stuff: command not found
To avoid this you can add a \ in front of semi-colon, which will remove the special meaning of semi-colon and just print it as shown below.

$ echo The test\; Stuff
The test; Stuff
Single Quote

Use single quote when you want to literally print everything inside the single quote. Even the special variables such as $HOSTNAME will be print as $HOSTNAME instead of printing the name of the Linux host.

$ echo 'Hostname=$HOSTNAME ; Current User=`whoami` ; Message=\$ is USD'

Hostname=$HOSTNAME ; Current User=`whoami` ; Message=\$ is USD
Double Quote

Use double quotes when you want to display the real meaning of special variables.

$ echo "Hostname=$HOSTNAME ; Current User=`whoami` ; Message=\$ is USD"

Hostname=dev-db ; Current User=ramesh ; Message=$ is USD
Double quotes will remove the special meaning of all characters except the following:

$ Parameter Substitution.
` Backquotes
\$ Literal Dollar Sign.
\´ Literal Backquote.
\” Embedded Doublequote.
\\ Embedded Backslashes.

Execution Sequence of .bash_* files

Execution Sequence of .bash_* files

What is the sequence in which the following files are executed?

/etc/profile
~/.bash_profile
~/.bashrc
~/.bash_login
~/.profile
~/.bash_logout

Execution sequence for interactive login shell

Following pseudo code explains the sequence of execution of these files.

execute /etc/profile
IF ~/.bash_profile exists THEN
execute ~/.bash_profile
ELSE
IF ~/.bash_login exist THEN
execute ~/.bash_login
ELSE
IF ~/.profile exist THEN
execute ~/.profile
END IF
END IF
END IF
When you logout of the interactive shell, following is the sequence of execution:

IF ~/.bash_logout exists THEN
execute ~/.bash_logout
END IF
Please note that /etc/bashrc is executed by ~/.bashrc as shown below:

# cat ~/.bashrc
if [ -f /etc/bashrc ]; then
. /etc/bashrc
Fi
Execution sequence for interactive non-login shell

While launching a non-login interactive shell, following is the sequence of execution:

IF ~/.bashrc exists THEN
execute ~/.bashrc
END IF
Note: When a non-interactive shell starts up, it looks for ENV environment variable, and executes the file-name value mentioned in the ENV variable.

 

Linux Have a Spell Checker

Always run your important documents through a spell checker. It will plane lee mark four you're revue, miss steaks ewe mite knot sea. However, it probably won't do much for poor grammar or sentences like that one! Linux has a rudimentary spelling checker, which you can invoke like this:
spell important.txt Perform a regular spell check on important.text.
spell -b important.txt Perform a spell check using British spelling rules.
If the spell checker finds words that do not appear in its dictionary, it will display them on the console

cut command

The cut command takes a vertical slice of a file, printing only the specified columns or fields. Like the sort command, the cut command defines a field as a word set off by blanks, unless you specify your own delimiter. It's easiest to think of a column as just the n th character on each line. In other words, "column 5" consists of the fifth character of each line. Consider a slight variation on the company.data file we've been playing with in this section:
406378:Sales:Itorre:Jan
031762:Marketing:Nasium:Jim
636496:Research:Ancholie:Mel
396082:Sales:Jucacion:Ed

If you want to print just columns 1 to 6 of each line (the employee serial numbers), use the -c1-6 flag, as in this command:

cut -c1-6 company.data
406378
031762
636496
396082

If you want to print just columns 4 and 8 of each line (the first letter of the department and the fourth digit of the serial number), use the -c4,8 flag, as in this command:

cut -c4,8 company.data
3S
7M
4R
0S

And since this file obviously has fields delimited by colons, we can pick out just the last names by specifying the -d:and -f3 flags, like this:

cut -d: -f3 company.data
Itorre
Nasium
Ancholie
Jucacion

It's often the case that you want to use a space as the delimiter. To do so, you must put the delimiter in single quotes, like this: -d' '

Also, when you want to cut from a starting point to the end of the line, just leave off the final field number, as shown in the example below.

Let's say this is your test.txt file:
abc def ghi jkl
mno pqr stu vwx
yz1 234 567 890

To cut only columns 2-END, do this: cut -d' ' -f2- test.txt

And the results are:
def ghi jkl
pqr stu vwx
234 567 890

Here is a summary of the most common flags for the cut command:

-c [n | n,m | n-m] Specify a single column, multiple columns (separated by a comma), or range of columns (separated by a dash).
-f
 [n | n,m | n-m] Specify a single field, multiple fields (separated by a comma), or range of fields (separated by a dash).
-d
c Specify the field delimiter.
-s
 Suppress (don't print) lines not containing the delimiter.

Monday, July 8, 2013

strace and Linux command Debugging

Strace is a debugging tool that will help you troubleshoot issues.

Strace monitors the system calls and signals of a specific program. It is helpful when you do not have the source code and would like to debug the execution of a program. strace provides you the execution sequence of a binary from start to end.

$ strace -c ls /home
$ strace -t -e open ls /home
$ sudo strace -p 1725 -o firefox_trace.txt
$ strace -o output.txt ls
$ strace -e trace=open,read ls /home
$ strace -e open ls
$ strace ls

 
1. Trace the Execution of an Executable

You can use strace command to trace the execution of any executable. The following example shows the output of strace for the Linux ls command.

$ strace ls
execve("/bin/ls", ["ls"], [/* 21 vars */]) = 0
brk(0) = 0x8c31000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb78c7000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=65354, ...}) = 0
...
...
...
2. Trace a Specific System Calls in an Executable Using Option -e

Be default, strace displays all system calls for the given executable. To display only a specific system call, use the strace -e option as shown below.

$ strace -e open ls

open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/libselinux.so.1", O_RDONLY) = 3
open("/lib/librt.so.1", O_RDONLY) = 3
open("/lib/libacl.so.1", O_RDONLY) = 3
open("/lib/libc.so.6", O_RDONLY) = 3
open("/lib/libdl.so.2", O_RDONLY) = 3
open("/lib/libpthread.so.0", O_RDONLY) = 3
open("/lib/libattr.so.1", O_RDONLY) = 3
open("/proc/filesystems", O_RDONLY|O_LARGEFILE) = 3
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|O_CLOEXEC) = 3
Desktop Documents Downloads examples.desktop libflashplayer.so
Music Pictures Public Templates Ubuntu_OS Videos
The above output displays only the open system call of the ls command. At the end of the strace output, it also displays the output of the ls command.

If you want to trace multiple system calls use the “-e trace=” option. The following example displays both open and read system calls.

$ strace -e trace=open,read ls /home

open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/libselinux.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\3\3\1\260G004"..., 512) = 512
open("/lib/librt.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\3\3\1\300\30004"..., 512) = 512
..
open("/lib/libattr.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\3\3\1\360\r004"..., 512) = 512
open("/proc/filesystems", O_RDONLY|O_LARGEFILE) = 3
read(3, "nodev\tsysfs\nnodev\trootfs\nnodev\tb"..., 1024) = 315
read(3, "", 1024) = 0
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
open("/home", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|O_CLOEXEC) = 3
bala

3. Save the Trace Execution to a File Using Option -o

The following examples stores the strace output to output.txt file.

$ strace -o output.txt ls

Desktop Documents Downloads examples.desktop libflashplayer.so
Music output.txt Pictures Public Templates Ubuntu_OS Videos

$ cat output.txt
execve("/bin/ls", ["ls"], [/* 37 vars */]) = 0
brk(0) = 0x8637000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7860000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=67188, ...}) = 0
...
...
4. Execute Strace on a Running Linux Process Using Option -p

You could execute strace on a program that is already running using the process id. First, identify the PID of a program using ps command.

For example, if you want to do strace on the firefox program that is currently running, identify the PID of the firefox program.

$ ps -C firefox-bin
PID TTY TIME CMD
1725 ? 00:40:50 firefox-bin
Use strace -p option as shown below to display the strace for a given process id.

$ sudo strace -p 1725 -o firefox_trace.txt

$ tail -f firefox_trace.txt
Now the execution trace of firefox process will be logged into firefox_trace.txt text file. You can tail this text file to watch the live trace of the firefox executable.

Strace will display the following error when your user id does not match the user id of the given process.

$ strace -p 1725 -o output.txt
attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted
Could not attach to process. If your uid matches the uid of the target
process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try
again as the root user. For more details, see /etc/sysctl.d/10-ptrace.conf
5. Print Timestamp for Each Trace Output Line Using Option -t

To print the timestamp for each strace output line, use the option -t as shown below.

$ strace -t -e open ls /home
20:42:37 open("/etc/ld.so.cache", O_RDONLY) = 3
20:42:37 open("/lib/libselinux.so.1", O_RDONLY) = 3
20:42:37 open("/lib/librt.so.1", O_RDONLY) = 3
20:42:37 open("/lib/libacl.so.1", O_RDONLY) = 3
20:42:37 open("/lib/libc.so.6", O_RDONLY) = 3
20:42:37 open("/lib/libdl.so.2", O_RDONLY) = 3
20:42:37 open("/lib/libpthread.so.0", O_RDONLY) = 3
20:42:37 open("/lib/libattr.so.1", O_RDONLY) = 3
20:42:37 open("/proc/filesystems", O_RDONLY|O_LARGEFILE) = 3
20:42:37 open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
20:42:37 open("/home", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|O_CLOEXEC) = 3
bala
6. Print Relative Time for System Calls Using Option -r

Strace also has the option to print the execution time for each system calls as shown below.

$ strace -r ls
0.000000 execve("/bin/ls", ["ls"], [/* 37 vars */]) = 0
0.000846 brk(0) = 0x8418000
0.000143 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
0.000163 mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb787b000
0.000119 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
0.000123 open("/etc/ld.so.cache", O_RDONLY) = 3
0.000099 fstat64(3, {st_mode=S_IFREG|0644, st_size=67188, ...}) = 0
0.000155 mmap2(NULL, 67188, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb786a000
...
...
7. Generate Statistics Report of System Calls Using Option -c

Using option -c, strace provides useful statistical report for the execution trace. The “calls” column in the following output indicated how many times that particular system call was executed.

$ strace -c ls /home
bala
% time seconds usecs/call calls errors syscall
------ ----------- ----------- --------- --------- ----------------
-nan 0.000000 0 9 read
-nan 0.000000 0 1 write
-nan 0.000000 0 11 open
-nan 0.000000 0 13 close
-nan 0.000000 0 1 execve
-nan 0.000000 0 9 9 access
-nan 0.000000 0 3 brk
-nan 0.000000 0 2 ioctl
-nan 0.000000 0 3 munmap
-nan 0.000000 0 1 uname
-nan 0.000000 0 11 mprotect
-nan 0.000000 0 2 rt_sigaction
-nan 0.000000 0 1 rt_sigprocmask
-nan 0.000000 0 1 getrlimit
-nan 0.000000 0 25 mmap2
-nan 0.000000 0 1 stat64
-nan 0.000000 0 11 fstat64
-nan 0.000000 0 2 getdents64
-nan 0.000000 0 1 fcntl64
-nan 0.000000 0 2 1 futex
-nan 0.000000 0 1 set_thread_area
-nan 0.000000 0 1 set_tid_address
-nan 0.000000 0 1 statfs64
-nan 0.000000 0 1 set_robust_list
------ ----------- ----------- --------- --------- ----------------
100.00 0.000000 114 10 total

Custom php.ini for cgi and fcgi in WHM

PHP FCGI Individual php.ini File

The following steps will allow a custom php.ini file on an account when using FCGI as the PHP handler.

Copy and Edit default php.ini

Code:
cd /home/user/public-html/cgi-bin
cp /usr/local/lib/php.ini /home/user/public_html/cgi-bin
vi php.ini
As a test change one of the variables like register_globals from:

Code:
register_globals = Off
To:

Code:
register_globals = On
If yours was On, then do the reverse. This is simply to test it changes from the global php.ini file.

Create php.fcgi file to load custom php.ini

Code:
vi php.fcgi
Please note that you should still be in /home/user/public_html/cgi-bin location.

Put into file:

Code:
#!/bin/sh
export PHP_FCGI_CHILDREN=1
export PHP_FCGI_MAX_REQUESTS=10
exec /usr/local/cpanel/cgi-sys/php5
Please note the path to php5 is due to using PHP5 on this system. If you are using php4, it might be /usr/local/cpanel/cgi-sys/php4 or some other path. Check /etc/httpd/conf/php.conf to see what it shows for cgi-sys path for your version of PHP.

Save file, then made executable:

Code:
chmod +x /home/user/public_html/cgi-bin/php.fcgi
Change ownership of files to correct user:

Code:
chown -R user:user /home/user/public_html/cgi-bin/
Edit .htaccess to point to php.fcgi wrapper

Code:
cd /home/user/public_html
vi .htaccess
Put at top of file:

Code:
AddHandler php5-fastcgi .php
Action php5-fastcgi /cgi-bin/php.fcgi
Again, here php5 is listed.

Add paths to php.conf file

Add the following lines to /usr/local/apache/conf/php.conf file:

Code:
Action php5-fastcgi /cgi-bin/php.fcgi
AddType application/x-httpd-php .php
Yours will probably look similar to the following after those lines are added:

Code:
# Fastcgi configuration for PHP5
LoadModule fcgid_module modules/mod_fcgid.so
MaxRequestsPerProcess 500
AddHandler fcgid-script .php5 .php4 .php .php3 .php2 .phtml
Action php5-fastcgi /cgi-bin/php.fcgi
AddType application/x-httpd-php .php
FCGIWrapper /usr/local/cpanel/cgi-sys/php5 .php5
FCGIWrapper /usr/local/cpanel/cgi-sys/php5 .php4
FCGIWrapper /usr/local/cpanel/cgi-sys/php5 .php
FCGIWrapper /usr/local/cpanel/cgi-sys/php5 .php3
FCGIWrapper /usr/local/cpanel/cgi-sys/php5 .php2
FCGIWrapper /usr/local/cpanel/cgi-sys/php5 .phtml
Distill and rebuild Apache, then restart Apache

Run these commands:

Code:
/usr/local/cpanel/bin/apache_conf_distiller --update
/scripts/rebuildhttpdconf
/etc/init.d/httpd restart
Load phpinfo page on account

Code:
cd /home/user/public_html
vi php.php
In file put:

Code:
<?php
phpinfo();
?>
Change ownership to the user:

Code:
chown user:user php.php
Load the file at http://domain.com/php.php to see the results.

Your phpinfo file should now show register_globals changed as well as have this at the top defining the new php.ini path:

Code:
Loaded Configuration File /home/user/public_html/cgi-bin/php.ini
-----
PHP CGI Individual php.ini File

The following steps will allow a custom php.ini file on an account when using CGI as the PHP handler.

Copy and Edit default php.ini

Code:
cd /home/user/public-html/cgi-bin
cp /usr/local/lib/php.ini /home/user/public_html/cgi-bin
vi php.ini
As a test change one of the variables like register_globals from:

Code:
register_globals = Off
To:

Code:
register_globals = On
If yours was On, then do the reverse. This is simply to test it changes from the global php.ini file.

Create php.cgi file to load custom php.ini

Code:
vi php.cgi
Please note that you should still be in /home/user/public_html/cgi-bin location.

Put into file:

Code:
#!/bin/sh
/usr/local/cpanel/cgi-sys/php5 -c /home/user/public_html/cgi-bin/
Please note the path to php5 is due to using PHP5 on this system. If you are using php4, it might be /usr/local/cpanel/cgi-sys/php4 or some other path. Check /etc/httpd/conf/php.conf to see what it shows for cgi-sys path for your version of PHP.

Save file, then made executable:

Code:
chmod +x /home/user/public_html/cgi-bin/php.cgi
Change ownership of files to correct user:

Code:
chown -R user:user /home/user/public_html/cgi-bin/
Edit .htaccess to point to php.cgi wrapper

Code:
cd /home/user/public_html
vi .htaccess
Put at top of file:

Code:
Action application/x-httpd-php5 /cgi-bin/php.cgi
Again, here php5 is listed. If your PHP is different, use the Action listed for your version of PHP in /etc/httpd/conf/php.conf file.

Load phpinfo page on account

Code:
cd /home/admin/public_html
vi php.php
In file put:

Code:
<?php
phpinfo();
?>
Change ownership to the user:

Code:
chown user:user php.php
Load the file at http://domain.com/php.php to see the results.

Your phpinfo file should now show register_globals changed as well as have this at the top defining the new php.ini path:

Code:
Loaded Configuration File /home/user/public_html/cgi-bin/php.ini

Friday, July 5, 2013

How do I disable recursive DNS queries on cPanel server

How do I disable recursive DNS queries on cPanel server

For linux (named DNS server) edit the named.conf file found in /etc/named.conf and add this line in the options clause:

recursion no;

Be sure to make a backup of named.conf before doing this.

Restart the named service

rndc reload

or

service named restart

Thursday, July 4, 2013

Transferring the WHMPHP profile from one server to another.

you need to copy only two folders. The folders are:

/usr/local/cpanel/whostmgr/docroot/cgi/whmphp/mr

and

/usr/local/cpanel/whostmgr/docroot/cgi/whmphp/conf.

it will copy entire setting without any issues. please try it

Monday, July 1, 2013

How do I create a permanent Bash alias?

To create an alias permanently add the alias to your .bashrc file

gedit ~/.bashrc
And then add your alias at the bottom.

 

Now execute . ~/.bashrc in your terminal (there should be a gap between the . and ~/.bashrc.

Alias Command

alias command
The alias command can be useful if you want to create a 'shortcut' to a command.
The format is alias name='command'

> alias home='cd /home/dave/public_html'

This will create an alias called home which will put you in the /home/dave/public_html directory whenever you type home at the command prompt. You can alias any command you want, and include options for the command.

> alias list='ls -la'

This will create an alias called list, which will use the ls command to print a long-style listing of all files in the current directory (the -l gives a long-style list, and the -a shows all files - including hidden files).
(Find out more about the ls command)

To see a list of aliases set up on your linux box, just type alias at the prompt.

> alias
alias attrib='chmod'
alias chdir='cd'
alias copy='cp'
alias cp='cp -i'
alias d='dir'
alias del='rm'
alias deltree='rm -r'
alias dir='/bin/ls $LS_OPTIONS --format=vertical'
alias edit='pico'
alias ff='whereis'
alias ls='/bin/ls $LS_OPTIONS'
alias mem='top'
alias move='mv'
alias mv='mv -i'
alias pico='pico -w -z'
alias rm='rm -i'
alias search='grep'
alias v='vdir'
alias vdir='/bin/ls $LS_OPTIONS --format=long'
alias which='type -path'
alias wtf='watch -n 1 w -hs'
alias wth='ps -uxa | more'
>

You can see there are a few already set up on a default Redhat 9 installation.