Thursday, May 16, 2013

Atomic mod security rules

ConfigServer ModSecurity Control provides an easy way of monitoring which rules are being triggered on the server in real time but more importantly, you can whitelist certain rules either globally accross the entire server or on a per account/domain basis if some of the rules conflict with a particular script or functionality (e.g. FrontPage). To install CMC, run the following:

rm -fv cmc.tgz

wget http://www.configserver.com/free/cmc.tgz
tar -xzf cmc.tgz
cd cmc
sh install.sh
cd ..
rm -Rfv cmc/ cmc.tgz
If you log in to WHM you will now see “ConfigServer ModSec Control” under “Plugins”. It’s important that you click on it because when it’s run the first time, it will create the file “modsec2.whitelist.conf” if it doesn’t already exist. If that file doesn’t exist then you’ll find Apache won’t start when we come to the end of this guide. Also while you’re here, click on “Disable modsecparse.pl”. This will disable the cPanel cron job that processes and empties the mod_security log, allowing you to use the log watching tool built in to CMC.

As to help our VPS and Dedicated Server customers who might also be effected by this we have designed the following guide to make installing Atmoic Mod Security into cPanel with little to no fuss.

Stage 1: Run the following commands at command line:

mkdir /var/asl
mkdir /var/asl/tmp
mkdir /var/asl/data
mkdir /var/asl/data/msa
mkdir /var/asl/data/audit
mkdir /var/asl/data/suspicious
chown nobody.nobody /var/asl/data/msa
chown nobody.nobody /var/asl/data/audit
chown nobody.nobody /var/asl/data/suspicious
chmod o-rx -R /var/asl/data/*
chmod ug+rwx -R /var/asl/data/*
mkdir /var/asl/updates
mkdir /var/asl/rules/
mkdir /var/asl/rules/clamav
mkdir /etc/asl/
touch /etc/asl/whitelist
cd /usr/local/src/
wget http://updates.atomicorp.com/channels/rules/delayed/modsec-2.7-free-latest.tar.gz
tar zxvf modsec-2.7-free-latest.tar.gz
mkdir /usr/local/apache/conf/modsec_rules/
cp modsec/* /usr/local/apache/conf/modsec_rules/
These command will create the required directory’s and download the latest free version of the Atomic Mod Security rules. It will also directly install them into the location of Apache designed for cPanel and configure the permission.

Stage 2: Configure cPanel to use the Mod Security Rules

In this stage, you can do everything from WHM as long as you have Mod Security already installed as part of your EasyApache build. If you do not, you will need to rebuild apache with Mod Security.

In go to: WHM -> Plugins -> Mod Security and then click: Edit Config

In this section, delete all the current content and then paste in the following configuration:

SecRequestBodyAccess On
SecAuditLogType Concurrent
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 2621440
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecServerSignature Apache
SecUploadDir /var/asl/data/suspicious
SecUploadKeepFiles Off
SecAuditLogParts ABIFHZ
SecArgumentSeparator "&"
SecCookieFormat 0
SecRequestBodyInMemoryLimit 131072
SecDataDir /var/asl/data/msa
SecTmpDir /tmp
SecAuditLogStorageDir /var/asl/data/audit
SecResponseBodyLimitAction ProcessPartial

Include /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf
Include /usr/local/apache/conf/modsec_rules/10_asl_rules.conf
Include /usr/local/apache/conf/modsec_rules/20_asl_useragents.conf
Include /usr/local/apache/conf/modsec_rules/30_asl_antispam.conf
Include /usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf
Include /usr/local/apache/conf/modsec_rules/60_asl_recons.conf
Include /usr/local/apache/conf/modsec_rules/99_asl_jitp.conf
Include /usr/local/apache/conf/modsec2.whitelist.conf
Save this and restart Apache.

This should now have successfully installed the Atomic mod security rules into cPanel which are a much more secure rule base and include extra protection which is important for the latest hacks.

Testing

http://YOUR_HOST/foo.php?foo=http://www.example.com

should give 403

Sunday, May 12, 2013

odbctest.php test page

--- begin odbctest.php---
<?
// connect to DSN MSSQL with a user and password
$connect = odbc_connect("MSSQLServer", "username", "password") or die
("couldn't connect");
odbc_exec($connect, "use Northwind");
$result = odbc_exec($connect, "SELECT CompanyName, ContactName " .
"FROM Suppliers");
while(odbc_fetch_row($result)){
print(odbc_result($result, "CompanyName") .
' ' . odbc_result($result, "ContactName") . "<br>\n");
}
odbc_free_result($result);
odbc_close($connect);
?>
--- end odbctest.php --

GRsec patched kernel install

Fetch the sources:

Download kernel from kernel.org

#wget http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/linux-2.6.32.51.tar.gz

Downlaod latest Grsecurity patch from below URL :

#wget http://grsecurity.net/stable/grsecurity-2.2.2-2.6.32.51-201201021326.patch

Extract:
tar xjf linux-2.6.32.51.tar.gz

Patch the kernel:

#cd linux-2.6.32.51

#patch -p1 < ../grsecurity-2.2.2-2.6.32.51-201201021326.patch

Now start making the kernel :

# make clean && make mrproper

Edit your kernel as per your need :

# make menuconfig

Compile your kernel and install it:

# make bzImage

# make modules

# make modules_install

Make sure it’s working ok with the help of following command :

# depmod 2.6.32.51-grsec

Installing and booting the new kernel :

# cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.32.51-grsec

There is also a file called “System.map” that must be copied to the same boot directory.

# cp System.map /boot

Do not forget to make changes in /etc/grub.conf

also go to grub prompt after this and fire below command :

# grub > savedefault –-default=0 –-once

Now reboot server :

#Shutdown -r now.

FFmpeg

Download all the files needed

cd /usr/local/src
wget http://www3.mplayerhq.hu/MPlayer/releases/codecs/essential-20071007.tar.bz2
wget http://rubyforge.org/frs/download.php/17497/flvtool2-1.0.6.tgz
wget http://easynews.dl.sourceforge.net/sourceforge/lame/lame-3.97.tar.gz
wget http://superb-west.dl.sourceforge.net/sourceforge/ffmpeg-php/ffmpeg-php-0.5.0.tbz2
wget http://downloads.xiph.org/releases/ogg/libogg-1.1.3.tar.gz
wget http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.gz
wget http://ftp.penguin.cz/pub/users/utx/amr/amrnb-7.0.0.2.tar.bz2
wget http://ftp.penguin.cz/pub/users/utx/amr/amrwb-7.0.0.3.tar.bz2
wget http://downloads.xiph.org/releases/theora/libtheora-1.0beta3.tar.gz

Extract all the files

tar zxvf lame-3.97.tar.gz
tar zxvf libogg-1.1.3.tar.gz
tar zxvf libvorbis-1.2.0.tar.gz
tar zxvf flvtool2-1.0.6.tgz
tar jxvf essential-20071007.tar.bz2
tar jxvf ffmpeg-php-0.5.0.tbz2
bzip2 -cd amrnb-7.0.0.2.tar.bz2 | tar xvf -
bzip2 -cd amrwb-7.0.0.3.tar.bz2 | tar xvf -
tar zxvf libtheora-1.0beta3.tar.gz

We need a codec directory

mkdir /usr/local/lib/codecs/

Install Ruby on Rails, subversion & ncurses

apt-get install subversion ruby libcurses-ruby

Run some SVN queries

svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg
svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer
cd /usr/local/src/mplayer
svn update

Copy Codecs for mplayer

mkdir /usr/local/lib/codecs
mv /usr/local/src/essential-20071007/* /usr/local/lib/codecs/
chmod -R 755 /usr/local/lib/codecs/

We also need to secure the tmp directory

mkdir /usr/local/src/tmp
chmod 777 /usr/local/src/tmp
export TMPDIR=/usr/local/src/tmp

Install lame

cd /usr/local/src/lame-3.97
./configure
make && make install

Install libogg

cd /usr/local/src/libogg-1.1.3
./configure && make && make install

Install libvorbis

cd /usr/local/src/libvorbis-1.2.0
./configure && make && make install

Install flvtool2

cd /usr/local/src/flvtool2-1.0.6/
ruby setup.rb config
ruby setup.rb setup
ruby setup.rb install

Install mplayer & mencoder

cd /usr/local/src/mplayer
./configure –enable-jpeg
make && make install

Install AMR (for 3gp conversion)

cd /usr/local/src/amrnb-7.0.0.2
./configure
make && make install

cd /usr/local/src/amrwb-7.0.0.3
./configure
make && make install

Install libtheora (for ogg video encoding)

cd /usr/local/src/libtheora-1.0beta3
./configure
make && make install

Install ffmpeg

cd /usr/local/src/ffmpeg/
./configure –enable-libmp3lame –enable-libogg –enable-libvorbis –disable-mmx –enable-shared –enable-amr-nb –enable-libtheora

Saturday, May 11, 2013

MSSQL Connection Testpage

<?php
$Server = "localhost";
$User = "your_name";
$Pass = "your_password";
$DB = "examples";

//connection to the database
$dbconn = mssql_connect($Server, $User, $Pass)
or die("Couldn't connect to SQL Server on $Server");

//select a database to work with
$selected = mssql_select_db($DB, $dbconn)
or die("Couldn't open database $myDB");

//declare the SQL statement that will query the database
$query = "SELECT name from test ";

//execute the SQL query and return records
$result = mssql_query($query);

$numRows = mssql_num_rows($result);
echo "<h1>" . $numRows . " Row" . ($numRows == 1 ? "" : "s") . " Returned </h1>";

//display the results
while($row = mssql_fetch_array($result))
{
echo "<br>" . $row["name"];
}
//close the connection
mssql_close($dbconn);
?>

Friday, May 10, 2013

FFMPEG on CentOS 6 cPanel Server

FFMPEG on CentOS 6 cPanel server




This article describes installation of ffmpeg, flvtool2, mplayer, mencoder, MP4Box, ffmpeg-php and many other video conversion tools on a CentOS 6 server with cPanel hosting control panel.

1. Enable SubHosting.net and EPEL yum repositories

The CentOS 6 RPM packages of ffmpeg, mplayer and MP4Box packages are available on Subhosting.net. These RPM packages are copied from ATrpms and RPM Fusion YUM repositories for a simplified installation.

Some packages on Subhosting.net YUM repo depend on EPEL repo. To enable EPEL repo, install the epel-release RPM package:


rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm


To enable SubHosting.net YUM repository, create the file /etc/yum.repos.d/subhosting.repo and add following repository configuration:


[SubHosting]
name=SubHosting Packages CentOS 6 - $basearch
baseurl=http://dl.subhosting.net/yumrepo/centos/6/$basearch/
enabled=1
gpgcheck=0


Note: with following 'yum' commands, use the switch --exclude "*.i386" on 64-bit systems so as to avoid installing 32-bit packages along with 64-bit packages. Of course, DO NOT use this switch on 32-bit systems.

2. Install ffmpeg mplayer and mencoder

Install these packages using following yum command:


yum install ffmpeg mplayer


Note: there is no separate package for mencoder. It is also provided by mplayer package.

This will also install various dependency packages like libtheora, libvorbis, libogg, lame, opencore-amr, x264, xvidcore etc.

3. Install flvtool2

cPanel has its own ruby installer script. So install ruby using following cPanel script:


/scripts/installruby


Flvtool2 is available as a Ruby Gems package. Use following gem command to install flvtool2:


gem install flvtool2


4. Install MP4Box2

MP4Box is provided by gpac package. Install gpac and its library packages:


yum install gpac gpac-libs


5. Install ffmpeg-php

Ffmpeg-php requires ffmpeg development package. Install it using yum:


yum install ffmpeg-devel


Now download the latest ffmpeg-php package:


wget http://downloads.sourceforge.net/ffmpeg-php/ffmpeg-php-0.6.0.tbz2


Untar this package, build and install it with following commands:


tar xjf ffmpeg-php-0.6.0.tbz2
cd ffmpeg-php-0.6.0
sed -i ‘s/PIX_FMT_RGBA32/PIX_FMT_RGB32/g’ ffmpeg_frame.c
phpize
./configure
make
make install


The make install command will show PHP extensions path where ffmpeg PHP extension is installed:


root@server [~/ffmpeg-php-0.6.0]# make install
Installing shared extensions: /usr/local/lib/php/extensions/no-debug-non-zts-20060613/


Now edit php.ini file (/usr/local/lib/php.ini) and make sure that value of extension_dir is set to PHP extension directory as given by above make install command:


extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20060613"


Add following line just below extension_dir and this will enable ffmpeg PHP extension:


extension="ffmpeg.so"


Restart Apache to make this change effective:


/scripts/restartsrv_httpd


You can verify the status of ffmpeg extension on a PHP info web page or from command line as given below:


root@server [~]# php -i | grep ffmpeg
ffmpeg
ffmpeg-php version => 0.6.0-svn
ffmpeg-php built on => Jun 2 2012 20:48:04
ffmpeg-php gd support => enabled
ffmpeg libavcodec version => Lavc52.123.0
ffmpeg libavformat version => Lavf52.111.0
ffmpeg swscaler version => SwS0.14.1
ffmpeg.allow_persistent => 0 => 0
ffmpeg.show_warnings => 0 => 0
OLDPWD => /root/ffmpeg-php-0.6.0
_SERVER["OLDPWD"] => /root/ffmpeg-php-0.6.0
_ENV["OLDPWD"] => /root/ffmpeg-php-0.6.0


6. Installation paths

Following are the file system paths of tools that we installed:


ffmpeg: /usr/bin/ffmpeg
mplayer: /usr/bin/mplayer
mencoder: /usr/bin/mencoder
flvtool2: /usr/bin/flvtool2
MP4Box: /usr/bin/MP4Box


Installing ffmpeg-php

Installing ffmpeg-php

Now we are ready to install ffmpeg-php. This can be done in six easy steps:

Download the latest ffmpeg-php release

http://sourceforge.net/projects/ffmpeg-php/files/ffmpeg-php/

Extract the archive:
tar -xjf ffmpeg-php-X.x.x.tbz2
cd ffmpeg-php-X.x.x/
phpize
./configure && make
sudo make install

ffmpeg installation centos

Install FFmpeg on CentOS or RedHat EL 6.x

The following install steps have been proven to work on RedHat Enterprise Linux 6.2. You can check which version you are running with

cat /etc/redhat-release
Additionally, we assume that you are connected and registered with the Red Hat network and/or updated the system with the latest updates from the repositories.

Follow this guide step by step!

Install the additional repo

rpm -Uhv http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
Update repository

yum -y update
Install all necessary packages

yum install SDL-devel a52dec a52dec-devel alsa-lib-devel faac faac-devel faad2 faad2-devel
yum install freetype-devel giflib gsm gsm-devel imlib2 imlib2-devel lame lame-devel libICE-devel libSM-devel libX11-devel
yum install libXau-devel libXdmcp-devel libXext-devel libXrandr-devel libXrender-devel libXt-devel
yum install id3tag-devel libogg libvorbis vorbis-tools mesa-libGL-devel mesa-libGLU-devel xorg-x11-proto-devel xvidcore xvidcore-devel zlib-devel
yum install amrnb-devel amrwb-devel
yum install libtheora theora-tools
yum install glibc gcc gcc-c++ autoconf automake libtool
yum install ncurses-devel
yum install libdc1394 libdc1394-devel
yum install yasm nasm
yum install libvpx*
yum install git-core
yum install opencore-amr-devel
Install the essential codecs

wget http://www8.mplayerhq.hu/MPlayer/releases/codecs/all-20110131.tar.bz2
bunzip2 all-20110131.tar.bz2; tar xvf all-20110131.tar

mkdir /usr/local/lib/codecs/
mkdir /usr/local/lib64/codecs/
cp all-20110131/* /usr/local/lib/codecs/
cp all-20110131/* /usr/local/lib64/codecs/
chmod -R 755 /usr/local/lib/codecs/
chmod -R 755 /usr/local/lib64/codecs/
Install LibOgg

wget http://downloads.xiph.org/releases/ogg/libogg-1.3.0.tar.gz
tar xzvf libogg-1.3.0.tar.gz
cd libogg-1.3.0
./configure
make
make install
Install Libvorbis

wget http://downloads.xiph.org/releases/vorbis/libvorbis-1.3.3.tar.gz
tar xzvf libvorbis-1.3.3.tar.gz
cd libvorbis-1.3.3
./configure
make
make install
Install Libtheora

wget http://downloads.xiph.org/releases/theora/libtheora-1.1.1.tar.gz
tar xzvf libtheora-1.1.1.tar.gz
cd libtheora-1.1.1
./configure
make
make install
Install Libvpx

git clone http://git.chromium.org/webm/libvpx.git
cd libvpx
./configure --enable-shared --extra-cflags=-fPIC
make
make install
Install Aacenc

wget http://downloads.sourceforge.net/opencore-amr/vo-aacenc-0.1.2.tar.gz
tar xzvf vo-aacenc-0.1.2.tar.gz
cd vo-aacenc-0.1.2
./configure --enable-shared
make
make install
Install X264

git clone git://git.videolan.org/x264.git
cd x264
./configure --enable-shared --extra-cflags=-fPIC --extra-asflags=-D__PIC__
make
make install
Note: (Sometimes the network might be down. Then you can also grab it via wget at ftp://ftp.videolan.org/pub/videolan/x264/snapshots/last_stable_x264.tar.bz2)

Configure Libraries

export LD_LIBRARY_PATH=/usr/local/lib/
echo /usr/local/lib > /etc/ld.so.conf.d/custom-libs.conf
ldconfig
Compile FFmpeg (the configure options have to be on one line)

git clone git://source.ffmpeg.org/ffmpeg.git
cd ffmpeg
git checkout n1.2
./configure --enable-version3 --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libvpx --enable-libfaac \
--enable-libmp3lame --enable-libtheora --enable-libvorbis --enable-libx264 --enable-libvo-aacenc --enable-libxvid --disable-ffplay \
--enable-shared --enable-gpl --enable-postproc --enable-nonfree --enable-avfilter --enable-pthreads --extra-cflags=-fPIC
make
make install
(The --arch=x86_64 option should only be used if you are on a 64Bit System!)

You can also use their Github repository at https://github.com/FFmpeg/FFmpeg.git.

That's it. This should give you a full functional FFMpeg installation for Razuna. Test it now with;

ffmpeg
This should give you the following back (yours might vary a bit);

FFmpeg version SVN-r20525, Copyright (c) 2000-2009 Fabrice Bellard, et al.
configuration: --enable-gpl --enable-nonfree --enable-postproc --enable-libfaad --enable-avfilter
--enable-pthreads --enable-libxvid --enable-libx264 --enable-libmp3lame --enable-libfaac
--disable-ffserver --disable-ffplay --enable-libamr-nb --enable-libamr-wb --enable-libtheora
--enable-libvorbis --disable-ffplay --enable-shared
libavutil 50. 4. 0 / 50. 4. 0
libavcodec 52.39. 0 / 52.39. 0
libavformat 52.39. 2 / 52.39. 2
libavdevice 52. 2. 0 / 52. 2. 0
libavfilter 1. 8. 0 / 1. 8. 0
libswscale 0. 7. 1 / 0. 7. 1
libpostproc 51. 2. 0 / 51. 2. 0
Try to convert a movie with;

ffmpeg -i movie.mov -vcodec libx264 -vpre hq -acodec libfaac movie.mp4

http://ffmpeg.org/trac/ffmpeg/wiki/CentosCompilationGuide

http://wiki.razuna.com/display/ecp/FFMpeg+Installation+on+CentOS+and+RedHat

Sunday, May 5, 2013

Memcached installation

http://www.sohailriaz.com/how-to-install-memcached-with-memcache-php-extension-on-centos-5x/

1) Install memcached.

Enable rpmforge respository to install latest memcached rpm using yum.

For i386 / i686

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

For x86_64

rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Use yum to install memcached

yum -y install memcached

As soon as memcached installation completed, edit options for memcached in /etc/sysconfig/memcached to meet your need.

vi /etc/sysconfig/memcached

PORT=”11211″ #define on which port to urn

USER=”nobody” #same as apache user

MAXCONN=”1024″ #maximum number of connections allowed

CACHESIZE=”64″ #memory used for caching

OPTIONS=”" #use for any custom options

Save the file. All options can be seen by using following command

memcached -h

Start memcached

/etc/init.d/memcached start

Starting Distributed memory caching (memcached): [ OK ]

to check the running status of memcached

/etc/init.d/memcached status

memcached (pid 6475) is running…

and

netstat -anp | grep 11211

tcp 0 0 :::11211 :::* LISTEN 6475/memcached

udp 0 0 0.0.0.0:11211 0.0.0.0:* 6475/memcached

2) Install PHP Extension.

Download and install latest stable memcache version from PECL.

cd /usr/src

wget http://pecl.php.net/get/memcache-2.2.5.tgz

tar zxvf memcache-2.2.5.tgz

cd memcache-2.2.5

phpize

./configure

make

make install

memcache.so will be install in php modules directory, now enable memcache.so extension in php.ini

To find out your php.ini location, execute following command

php -i | grep php.ini

Configuration File (php.ini) Path => /usr/local/lib

Loaded Configuration File => /usr/local/lib/php.ini

vi /usr/local/lib/php.ini

extension = “memcache.so”

save the file and restart httpd server.

/etc/init.d/httpd restart

To check is memcache extension loaded in php, execute following command.

php -i | grep memcache

memcache

memcache support => enabled

memcache.allow_failover => 1 => 1

memcache.chunk_size => 8192 => 8192

memcache.default_port => 11211 => 11211

memcache.default_timeout_ms => 1000 => 1000

memcache.hash_function => crc32 => crc32

memcache.hash_strategy => standard => standard

memcache.max_failover_attempts => 20 => 20

Registered save handlers => files user sqlite memcache

PWD => /usr/src/memcache-2.2.5

_SERVER["PWD"] => /usr/src/memcache-2.2.5
_ENV["PWD"] => /usr/src/memcache-2.2.5

Friday, May 3, 2013

Setting password for mysql user in .my.cnf

Setting password for mysql user in .my.cnf

Sometimes you want automated access for root on your MySQL database. One way of accomplishing that is by doing this:

# cd /root
# touch .my.cnf
# chmod 640 .my.cnf

And put in it:

[client]
user=root
password=<password of mysql root user>
Once you have done the following steps, the root user can login to mysql as root user without giving password.
root@server [~]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 749
Server version: 5.1.68-cll MySQL Community Server (GPL)

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

mysql>

Hide Apache, PHP and Bind Versions

Hide Apache, PHP and Bind Versions
To Check Apache Version:

By default, Apache will send version and modules information like mod_php, mod_perl, mod_ssl in every HTTP header.

If you want to view Apache web server version and sofware of a remote server, follow this procedure.

# telnet example.com 80

Trying example.com...
Connected to example.com.
Escape character is ‘^]'.
HEAD / HTTP/1.0 <- after this press 2 times ENTER
HTTP/1.1 200 OK
Date: Sun, 07 Oct 2012 12:57:57 GMT
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 JRun/4.0
Last-Modified: Tue, 03 Jan 2012 11:41:16 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Connection closed by foreign host.

In the above example it is showing all the details about your web server and php this is not recommended for security reasons.We need to hide this information with the following procedure.
To Hide Apache Information:
To hide the information, add the following two apache directives in Apache configuration file, (httpd.conf or apache2.conf)

ServerTokens ProductOnly

ServerSignature Off

# /etc/init.d/httpd restart

Now the output for apache header looks like below

Server: Apache
To Hide PHP Version Details

Locate php.ini loaded in the server.

Change the following option in php.ini

expose_php On

to

expose_php Off

# /etc/init.d/httpd restart
To Hide BIND Version
You can check the Bind version of a server by using the following command.

# dig +short @XXX.XXX.XXX.XXX -c CH -t txt version.bind
"9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.4"

To hide your version of bind, change the version value in named.conf as like the following.
You can give any string for the version.

options {
directory "/var/named";
version "We Just Hide It";
};

# dig +short @XXX.XXX.XXX.XXX -c CH -t txt version.bind
"We Just Hide It"

Complile and install PHP from source

Complile and install PHP from source

You can follow the steps shown below to install PHP5.2.x , PHP5.3.x and PHP5.4.x . You can download and install the desired PHP version. Please reade the Important notes before starting the installation.

Here i am using Centos 5.8 64 bit to install PHP. It will work in all the other CentOS 64 bit versions. In the 32 bit OS, there will be corresponding changes in yum install packages. You have to make sure that the installing packages are for 32 bit or not.

I have followed the steps in the following urls to setup LAMP server, i have tested and verified installation by following the steps described in there.

http://linuxadmintips4u.blogspot.in/2012/07/configure-apache.html

http://linuxadmintips4u.blogspot.in/2012/07/configuration-of-mysql.html
PHP
Important Notes:

***If you are using Apache2.4.x with PHP, it is recommanded PHP version above 5.3.x. There some complilation errors in using PHP5.2.x. There are some module mismatches in Apache2.4.x with PHP5.2.x.

***If you are planning to install SUPHP, there some changes in PHP complilation in PHP5.2.x and PHP5.3.x. If you are using PHP5.4.x, you can use the same installation as descripbed below.

***If you are using Apache2.4.x, it is not possible to install SUPHP with any of the PHP versions with the suphp-0.7.1. I am awaiting for the next version of suphp.

***You can follow the below url to install SUPHP in PHP5.2.x , PHP5.3.x and PHP5.4.x .
Installation

[root@vps ~]# cd /usr/local/src/

Download one of the following PHP packages and extract the packges as per the selected packages.

[root@vps src]# wget http://in1.php.net/distributions/php-5.2.17.tar.gz
or
[root@vps src]# wget http://in1.php.net/distributions/php-5.3.24.tar.gz
or
[root@vps src]# wget http://in1.php.net/distributions/php-5.4.14.tar.gz
[root@vps src]# tar -xzf php-5.2.17.tar.gz
[root@vps src]# cd php-5.2.17

Create a script, configure.sh with the following contents. I have tested the following script with all the versions of PHP and it is working fine for me.

#================================================================
#!/bin/bash

"./configure" \
"--prefix=/usr/local/php" \
"--with-apxs2=/usr/local/apache/bin/apxs" \
"--with-config-file-path=/usr/local/apache/conf" \
"--disable-debug" \
"--disable-rpath" \
"--enable-inline-optimization" \
"--enable-sockets" \
"--enable-wddx" \
"--enable-calendar" \
"--enable-ftp" \
"--enable-mbstring=all" \
"--enable-dom" \
"--enable-mbregex" \
"--enable-bcmath" \
"--with-openssl" \
"--with-kerberos" \
"--with-mcrypt" \
"--with-curl" \
"--with-gd" \
"--with-zlib-dir=/usr/lib" \
"--with-jpeg-dir=/usr/lib" \
"--with-png-dir=/usr/lib" \
"--with-freetype-dir=/usr/lib" \
"--with-regex=system" \
"--with-gettext" \
"--with-bz2" \
"--with-iconv" \
"--with-layout=GNU" \
"--with-imap=/usr/local/src/imap-2007f" \
"--with-imap-ssl" \
"--enable-soap" \
"--with-snmp" \
"--with-libdir=lib64" \
"--with-mysql=/usr/local/mysql" \
"--with-pdo-mysql"

#================================================================

[root@vps php-5.2.17]# chmod +x configure.sh
[root@vps php-5.2.17]# sh configure.sh

[root@vps php-5.2.17]# make
[root@vps php-5.2.17]# make install

Once the installation completed, create the following link to use the php command directly in terminal.

[root@vps ~]# ln -s /usr/local/php/bin/php /usr/bin/php

Once you done the above steps, check the version of PHP using the following command

[root@vps ~]# php -v
The above compilation command will enable the following modules. You can remove unwanted php modules from the compilation step. You may encounter errors while the compilation. All the errors which i got is added in the 'Possible Error' section at the end of this article. Please check there if you encountered an error during complilation.

Modules Installed During Installation
bcmath bz2 calendar Core ctype curl date dom filter ftp gd gettext hash iconv imap json libxml mbstring mcrypt mime_magic mysql openssl pcre PDO pdo_mysql pdo_sqlite posix Reflection session SimpleXML snmp soap sockets SPL SQLite standard tokenizer wddx xml xmlreader xmlwriter zlib
Possible Errors
I got the following errors while installing php with above modules and the solution i have given fixed those errors.

Compile Time Errors:

Error:
checking libxml2 install dir... no
checking for xml2-config path...
configure: error: xml2-config not found. Please check your libxml2 installation.

Solution:
[root@vps php-5.2.17]# yum install libxml2-devel -y

-------------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: Cannot find OpenSSL's <evp.h>

Solution:
[root@vps php-5.2.17]# yum install openssl-devel -y

-------------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: Please reinstall the BZip2 distribution

Solution:
[root@vps php-5.2.17]# yum install bzip2-devel.x86_64 -y

--------------------------------------------------------------------------------------------------------------------------------------------------

Error:
checking for cURL in default path... not found
configure: error: Please reinstall the libcurl distribution

Solution:
[root@vps php-5.2.17]# yum install curl-devel.x86_64 -y

-----------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: libjpeg.(a|so) not found.

Solution:
[root@vps php-5.2.17]# yum install libjpeg-devel.x86_64 -y

------------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: libpng.(a|so) not found.

Solution:
[root@vps php-5.2.17]# yum install libpng-devel.x86_64 -y

----------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: freetype.h not found.

Solution:
[root@vps php-5.2.17]# yum install freetype-devel.x86_64 -y

-----------------------------------------------------------------------------------------------------------------------------------------------

Error:
checking OpenSSL dir for SNMP... no
checking whether to enable UCD SNMP hack... no
checking for net-snmp-config... no
configure: error: snmp.h not found. Check your SNMP installation

Solution:
[root@vps php-5.2.17]# yum install net-snmp-devel -y

-----------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: mcrypt.h not found. Please reinstall libmcrypt

Solution:
[root@vps php-5.2.17]# yum install libmcrypt.x86_64 libmcrypt-devel.x86_64 -y

------------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: utf8_mime2text() has new signature, but U8T_CANONICAL is missing. This should not happen. Check config.log for additional information.

Solution:

Install imap using the script described in the following url.

http://linuxadmintips4u.blogspot.in/2013/04/error-utf8mime2text-has-new-signature.html

----------------------------------------------------------------------------------------------------------------------------------------

Error:
checking for specified location of the MySQL UNIX socket... no
checking for MySQL UNIX socket location... no
configure: error: Cannot find libmysqlclient_r under /usr/local/mysql.
Note that the MySQL client library is not bundled anymore!

Solution:

http://linuxadmintips4u.blogspot.in/2013/04/error-cannot-find-libmysqlclientr-under.html

--------------------------------------------------------------------------------------------------------------------------------------------

Errors in Make
Error:
/usr/bin/ld: cannot find -lltdl
collect2: ld returned 1 exit status
make: *** [libphp5.la] Error 1

Solution:

Here's what you need to do to fix this issue,
1.Verify that the libtool and libtool-ltdl packages are installed.
[root@vps php-5.2.17]# yum install libtool-ltdl.x86_64 libtool.x86_64 -y

2.Symlink libltdl.so to libltdl.so.x.x.x

PHP looks for the libltdl library only at (for x64 at least) /usr/lib64/libltdl.so. The symlink to this file is not included in the libtool packages,you'll have to make it yourself
[root@vps php-5.2.17]# cd /usr/lib64
[root@vps lib64]# ln -s libltdl.so.3.1.4 libltdl.so

Try once again...

------------------------------------------------------------------------------------------------------------------------------------------------

Error:
/usr/local/imap-2007f/lib/libc-client.a: could not read symbols: Bad value
collect2: ld returned 1 exit status
make: *** [libphp5.la] Error 1
Solution:

Install imap using the script described in the following url.

http://linuxadmintips4u.blogspot.in/2013/04/error-utf8mime2text-has-new-signature.html

Complile and install MYSQL

Complile and install MYSQL
Preliminary installations

[root@vps ~]# yum -y install ncurses-devel
Complile and install Mysql

[root@vps ~]# groupadd mysql
[root@vps ~]# useradd -r -g mysql mysql
[root@vps ~]# cd /usr/local/src/
[root@vps src]# wget http://downloads.mysql.com/archives/mysql-5.5/mysql-5.5.0-m2.tar.gz
[root@vps src]# tar -xzf mysql-5.5.0-m2.tar.gz
[root@vps src]# cd mysql-5.5.0-m2

[root@vps mysql-5.5.0-m2]# ./configure --prefix=/usr/local/mysql --localstatedir=/usr/local/mysql/data --disable-maintainer-mode --with-mysqld-user=mysql --with-unix-socket-path=/tmp/mysql.sock --without-comment --without-debug --without-bench

[root@vps mysql-5.5.0-m2]# make && make install

[root@vps mysql-5.5.0-m2]# ./scripts/mysql_install_db

[root@vps mysql-5.5.0-m2]# chown -R root:mysql /usr/local/mysql
[root@vps mysql-5.5.0-m2]# chown -R mysql:mysql /usr/local/mysql/data
-To set the proper ownership for the MySQL directories and data files, so that only MySQL (and root) can do anything with them.

***Default options are read from the following files in the given order:
/etc/my.cnf /etc/mysql/my.cnf /usr/local/mysql/etc/my.cnf ~/.my.cnf
[root@vps mysql-5.5.0-m2]# cp support-files/my-medium.cnf /etc/my.cnf
[root@vps mysql-5.5.0-m2]# chown root:sys /etc/my.cnf
[root@vps mysql-5.5.0-m2]# chmod 644 /etc/my.cnf
[root@vps ~]# cd /usr/local/mysql/bin
[root@vps ~]# for file in *; do ln -s /usr/local/mysql/bin/$file /usr/bin/$file; done
-To set up symlinks for all the MySQL binaries, so they can be run from anyplace without having to include/specify long paths.
Create Startup service for mysql
[root@vps ~]# echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
***Do not issue the above command more than once.

[root@vps ~]# ldconfig
[root@vps ~]# cp ./support-files/mysql.server /etc/rc.d/init.d/mysql
[root@vps ~]# chmod +x /etc/rc.d/init.d/mysql
[root@vps ~]# chkconfig mysql on

You can now start/stop mysql using the following commands.

[root@vps ~]# /etc/rc.d/init.d/mysql start
[root@vps ~]# /etc/rc.d/init.d/mysql stop
***If you are encounter any problems in start and stop mysql, you can find the reason from the error log of mysql. Error log name is in the <hostname>.err format.
Here my server hostname is vps.arun.com and therefore the error log name og mysql is vps.arun.com.err . You can use find the error log in the var directory of mysql installation. Here in my case it is /usr/local/mysql/var/vps.arun.com.err.
You can set new mysql root password using the followiing command.
[root@vps ~]# mysqladmin -u root password <newpassword>

Notes:-

Error:
Configure: error: No curses termcap library found
Fix:
[root@vps mysql]# yum install ncurses-devel -y
Error:
Error in /usr/local/mysql/var/vps.arun.com.err
/usr/local/mysql/libexec/mysqld: File './mysql-bin.index' not found (Errcode: 13)
fix:
Change the ownership of var directory in mysql's installation directory, as like follows.
chown -R mysql:mysql /usr/local/mysql/var

Complile and install Apache

Complile and install Apache
Here i am explaining the steps to setup a LAMP server. I am hre using CentOS 5.8 64 bit to setup LAMP. There will be similar variations in other OS in LINUX. I think this will work in most of the CentOS versions.

Apache

Preliminary Checking Installations for Apache

In most of the CentOS installations httpd may be installed by default. It is better to remove those installation at first.

[root@vps ~]# rpm -q httpd
httpd-2.2.3-65.el5.centos

The following command will uninstall httpd-2.2.3-65.el5.centos rpm package.

[root@vps ~]# rpm -e httpd-2.2.3-65.el5.centos
It is needed to install the necessary compilers to use the make command. The following comand will help you to install the necessary packages.
[root@vps ~]# yum install gcc gcc-c++ -y
It is needed to Install APR and APR-UTIL packages to install Apache.

Install APR

[root@vps ~]# cd /usr/local/src
[root@vps src]# wget http://apache.techartifact.com/mirror//apr/apr-1.4.6.tar.gz
[root@vps src]# tar -xzf apr-1.4.6.tar.gz
[root@vps src]# cd apr-1.4.6
[root@vps apr-1.4.6]# ./configure --prefix=/usr/local/apr
[root@vps apr-1.4.6]# make
[root@vps apr-1.4.6]# make install
Install APR-UTIL

[root@vps ~]# cd /usr/local/src
[root@vps src]# wget http://apache.techartifact.com/mirror//apr/apr-util-1.5.2.tar.gz
[root@vps src]# tar -xzf apr-util-1.5.2.tar.gz
[root@vps src]# cd apr-util-1.5.2
[root@vps apr-util-1.5.2]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/bin/apr-1-config
[root@vps apr-util-1.5.2]# make
[root@vps apr-util-1.5.2]# make install

Compile and Install Apache 2.2.x

[root@vps ~]# cd /usr/local/src
[root@vps src]# wget http://apache.techartifact.com/mirror//httpd/httpd-2.2.24.tar.gz
[root@vps src]# tar -xzf httpd-2.2.24.tar.gz
[root@vps src]# cd httpd-2.2.24

[root@vps httpd-2.2.24]# ./configure --prefix=/usr/local/apache --with-apr=/usr/local/apr/bin/apr-1-config --with-apr-util=/usr/local/apr-util/bin/apu-1-config --enable-ssl=/usr/include/openssl --enable-rewrite --enable-deflate --enable-suexec

*** You can check the option available for the configuration using the following command. As per your need, you can add new modules.

[root@vps httpd-2.2.24]# ./configure --help

[root@vps httpd-2.2.24]# make
[root@vps httpd-2.2.24]# make install

The following command will enable you to use use httpd command instead of giving full path of apachectl.

[root@vps httpd-2.2.24]# ln -s /usr/local/apache/bin/apachectl /usr/bin/httpd
Once you have done the above configuration and the creating the symbolic link, You can check the settings of Apache using the following commands.
[root@vps ~]# httpd -M
[root@vps ~]# httpd -V

Compile and Install Apache 2.4.4

***I have noted that in Apache 2.4.x, suphp-0.7.1 cannot compile with any of the php version. There no development in suphp after 2009-03-14. So i personally do not recommend Apache 2.4.x at this time.
***Also I have noted that there are some issues in Apache 2.4.x with PHP5.2.x. So think before using Apache 2.4.x in your server.

[root@vps ~]# cd /usr/local/src
[root@vps src]# wget http://apache.techartifact.com/mirror//httpd/httpd-2.4.4.tar.bz2
[root@vps src]# tar -xjf httpd-2.4.4.tar.bz2
[root@vps src]# cd httpd-2.4.4

[root@vps httpd-2.4.4]# ./configure --prefix=/usr/local/apache --enable-load-all-modules --with-apr=/usr/local/apr/bin/apr-1-config --with-apr-util=/usr/local/apr-util/bin/apu-1-config --with-pcre=/usr/local/pcre/bin/pcre-config

[root@vps httpd-2.4.4]# make
[root@vps httpd-2.4.4]# make install

The following command will enable you to use use httpd command instead of giving full path of apachectl.

[root@vps httpd-2.2.24]# ln -s /usr/local/apache/bin/apachectl /usr/bin/httpd
Once you have done the above configuration and the creating the symbolic link, You can check the settings of Apache using the following commands.
[root@vps ~]# httpd -M
[root@vps ~]# httpd -V
Notes:-

It is needed to install pcre to install apache2.4.x. Locate if the 'pcre-config' is in your system. If it is not available, you will encounter the following error while the installation of Apache.

Error:
configure: error: pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/

Fix:
============================================================================================

[root@vps ~]# cd /usr/local/src
[root@vps src]# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.32.tar.gz
[root@vps src]# tar -xzf pcre-8.32.tar.gz
[root@vps src]# cd pcre-8.32
[root@vps pcre-8.32]# ./configure --prefix=/usr/local/pcre
[root@vps pcre-8.32]# make
[root@vps pcre-8.32]# make install
============================================================================================

Create A startup Script for httpd
Create a file /etc/init.d/httpd with the following contents in it. You have to give the pid file location, httpd and apachectl correctly in the script to run the script.
Here in my case, these are the settings.

[root@vps ~]# locate httpd.pid
/var/run/httpd.pid

================================================================================
#!/bin/bash
#
# Startup script for the Apache Web Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web server. It is used to serve \
# HTML files and CGI.
# processname: httpd
# pidfile: /var/run/httpd.pid
# config: /usr/local/apache/conf/httpd.conf

# Source function library.
. /etc/rc.d/init.d/functions

if [ -f /etc/sysconfig/httpd ]; then
. /etc/sysconfig/httpd
fi

# This will prevent initlog from swallowing up a pass-phrase prompt if
# mod_ssl needs a pass-phrase from the user.
INITLOG_ARGS=""

# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/usr/local/apache/bin/apachectl
httpd=/usr/local/apache/bin/httpd
pid=/var/run/httpd.pid
prog=httpd
RETVAL=0
# The semantics of these two functions differ from the way apachectl does
# things -- attempting to start while running is a failure, and shutdown
# when not running is also a failure. So we just do it the way init scripts
# are expected to behave here.
start() {
echo -n $"Starting $prog: "
daemon $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/httpd
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc $httpd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/httpd $pid
}
reload() {
echo -n $"Reloading $prog: "
killproc $httpd -HUP
RETVAL=$?
echo
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $httpd
RETVAL=$?
;;
restart)
stop
start
;;
condrestart)
if [ -f $pid ] ; then
stop
start
fi
;;
reload)
reload
;;
graceful|help|configtest|fullstatus)
$apachectl $@
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|condrestart|reload|status"
echo $"|fullstatus|graceful|help|configtest}"
exit 1
esac

exit $RETVAL
================================================================================
[root@vps ~]# chmod +x /etc/init.d/httpd
[root@vps ~]# chkconfig --add httpd
[root@vps ~]# chkconfig httpd on

This will enable you to start and stop apache using the following commands

[root@vps ~]# /etc/init.d/httpd start
[root@vps ~]# /etc/init.d/httpd stop

Thursday, April 25, 2013

Install FFMPEG Ordered steps

Install FFMPEG Ordered steps

Install FFMPEG Ordered steps
=======

1.Create a new Directory under the src folder

mkdir /usr/local/src/ffmpeg
cd /usr/local/src/ffmpeg

2.Download all the Sources

wget http://www3.mplayerhq.hu/MPlayer/releases/codecs/essential-20061022.tar.bz2
wget http://rubyforge.org/frs/download.php/9225/flvtool2_1.0.5_rc6.tgz
wget http://easynews.dl.sourceforge.net/sourceforge/lame/lame-3.97.tar.gz
wget http://superb-west.dl.sourceforge.net/sourceforge/ffmpeg-php/ffmpeg-php-0.5.0.tbz2
wget http://downloads.xiph.org/releases/ogg/libogg-1.1.3.tar.gz
wget http://downloads.xiph.org/releases/vorbis/libvorbis-1.1.2.tar.gz

3.Uncompress all the source files

bunzip2 essential-20061022.tar.bz2; tar xvf essential-20061022.tar
tar zxvf flvtool2_1.0.5_rc6.tgz
tar zxvf lame-3.97.tar.gz
bunzip2 ffmpeg-php-0.5.0.tbz2; tar xvf ffmpeg-php-0.5.0.tar
tar zxvf libogg-1.1.3.tar.gz
tar zxvf libvorbis-1.1.2.tar.gz

4.Create the new codecs directory and move the codecs

mkdir /usr/local/lib/codecs/
mv essential-20061022/* /usr/local/lib/codecs/
chmod -R 755 /usr/local/lib/codecs/

5.Install SVN and Ruby

yum install subversion
yum install ruby
yum install ncurses-devel

6.Download the latest FFMPEG and Mplayer from the subversion

svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg
svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer

7.Compile LAME

cd /usr/local/src/ffmpeg/lame-3.97
./configure
make
make install

8.Compile libOGG

cd /usr/local/src/ffmpeg/libogg-1.1.3
./configure
make
make install

9.Compile libVorbis

cd /usr/local/src/ffmpeg/libvorbis-1.1.2
./configure
make
make install

10.Compile flvtool2

cd /usr/local/src/ffmpeg/flvtool2_1.0.5_rc6
ruby setup.rb config
ruby setup.rb setup
ruby setup.rb install

11.Compile MPlayer

cd /usr/local/src/ffmpeg/mplayer
./configure
make
make install

12.Compile FFMPEG

cd /usr/local/src/ffmpeg/ffmpeg
./configure --enable-libmp3lame --enable-libogg --enable-libvorbis --disable-mmx
--enable-shared
echo '#define HAVE_LRINTF 1' >> config.h
make
make install

13.Create symblinks

ln -s /usr/local/lib/libavformat.so.50 /usr/lib/libavformat.so.50
ln -s /usr/local/lib/libavcodec.so.51 /usr/lib/libavcodec.so.51
ln -s /usr/local/lib/libavutil.so.49 /usr/lib/libavutil.so.49
ln -s /usr/local/lib/libmp3lame.so.0 /usr/lib/libmp3lame.so.0
ln -s /usr/local/lib/libavformat.so.51 /usr/lib/libavformat.so.51

14.Compile FFMPEG-PHP

cd /usr/local/src/ffmpeg/ffmpeg-php-0.5.0
phpize
./configure
make
make install

15.Install FFMPEG-PHP (make sure the php.ini path is correct.)

Get correct php.ini path add the extesion ffmpeg.so Usually it is given as extension=ffmpeg.so and the extension_dir=/usr/local/lib/php/extensions/

Make sure that the ffmpeg.so is in /usr/local/lib/php/extensions/

echo 'extension=/usr/local/lib/php/extensions/no-debug-non-zts-20020429/ffmpeg.so'>>
/usr/local/Zend/etc/php.ini

Or the best way is to check the path for extension_dir in php.ini Then locate the file ffmpeg.so. Copy the file ffmpeg.so to extension_dir and add the line

extension=ffmpeg.so

in php.ini

16.Restart Apache to load FFMPEG-PHP

service httpd restart

17.Verify the installation

php -r 'phpinfo();' | grep ffmpeg

If you get a few lines such as

ffmpeg
ffmpeg support (ffmpeg-php) => enabled
ffmpeg-php version => 0.5.0
ffmpeg.allow_persistent => 0 => 0

Then everything is installed and working. FFMPEG, FFMPEG-PHP, MPlayer, MEncoder, flv2tool, LAME MP3 encoder & libOGG.

You can use mod_rewrite for redirecting http to https.

You can use mod_rewrite for redirecting http to https.
You need to go in the http vhost container and add the following:

========================================

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Or else, you can add the following lines

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

How to recover Plesk password ?

How to recover Plesk password ?

# /usr/local/psa/bin/admin --show-password

SETTING THE NEW PASSWORD USING COMMAND LINE:

# /usr/local/psa/bin/init_conf -u -passwd <new_password>

Adding Linux templates in SolusVM(OpenVZ)

Firstly, login to your server node vis SSH.
The download link for the distros : http://wiki.openvz.org/Download/template/precreated

Perform the following :
#cd /vz/template/cache
#wget http://wiki.openvz.org/Download/template/precreated/centos-5-x86-devel.tar.gz (CentOS 5 as an example)

Then, login to SolusVM and "Add new template". This will add the new distro.

Error while connecting PHPMyAdmin

Error while connecting PHPMyAdmin
Getting the following error when connecting to PhpMyAdmin :

"#2013 Cannot log in to the MySQL server"

Solution:

# vi /usr/local/cpanel/base/3rdparty/phpMyAdmin/config.inc.php // Configuration file of PhpMyAdmin

Add localhost as follows

$cfg['Servers'][$i]['host'] = 'localhost';

save and quit the file.

Exim4 Error : "Fatal: no entropy gathering module detected"

Exim4 Error : "Fatal: no entropy gathering module detected"
I just want to share with you all the error that I came across regarding exim and here I'm providing the fix for it as well which worked perfectly for me. I tried to send email using 'mail' command which returned me this error message "Fatal: no entropy gathering module detected".

Here is the fix for this that got it working for me!

SSH to your server and perform the following steps :

# cd /dev
Here you can find either URANDOM and/or RANDOM
Delete them.

# rm -rf urandom
# rm -rf random

Now we have to remake both of them and chmod it.
# /sbin/MAKEDEV urandom
# /sbin/MAKEDEV random
# chmod 777 /dev/urandom
# chmod 777 /dev/random

Nagios Configuration

Nagios Configuration
Following steps will take place when Nagios (installed on Nagios server) monitors a service (eg: server load) on the remote host

1) Nagios will execute check_nrpe command on nagios-server and will request it to monitor disk usage on remote host using check_load command.
2) The check_nrpe on the nagios-server will contact the NRPE daemon on remote host and will request it to execute the check_load on remote host.
3) The results of the check_load command will be returned back by NRPE daemon to the check_nrpe on nagios-server.

Nagios Server (check_nrpe) ~~> Remote host (NRPE deamon) ~~> check_load

Nagios Server (check_nrpe) <~~ Remote host (NRPE deamon) <~~ check_load (returns the server load)

Before we begin, we need to install some packages on the remote host for Nagios to work fine.

# yum install elinks gcc make gcc-c++
# yum -y install openssl-devel
# useradd nagios
# passwd nagios
# cd /usr/src/

Then install Nagios plugin and NRPE on remote host.

Install Plug-in
# wget http://sourceforge.net/projects/nagiosplug/files/nagiosplug/1.4.15/nagios-plugins-1.4.15.tar.gz/download
# tar -zxvf nagios-plugins-1.4.15.tar.gz && cd nagios-plugins-1.4.15
# ./configure --with-nagios-user=nagios --with-nagios-group=nagios
# make
# make install
# chown nagios:nagios /usr/local/nagios
# chown -R nagios:nagios /usr/local/nagios/libexec
# cd ..

Install NRPE
#wget http://sourceforge.net/projects/nagios/files/nrpe-2.x/nrpe-2.12/nrpe-2.12.tar.gz/download
# tar -zxvf nrpe-2.12.tar.gz && cd nrpe-2.12
# ./configure
# make all
# make install-plugin
# make install-daemon
# make install-daemon-config
# make install-xinetd
Edit Xinetd NRPE entry
# vi /etc/xinetd.d/nrpe
only_from = 127.0.0.1 Server-IP (nagios monitoring server ip-address is: )
:wq (save and exit)

Edit services file entry
# vi /etc/services
nrpe 5666/tcp # Entry for NRPE daemon
:wq (save and exit)

Restart xinetd
# service xinetd restart

Verify whether NRPE is listening
# netstat -at |grep nrpe # output -: tcp 0 0 *:nrpe *.* LISTEN
Verify to make sure the NRPE is functioning properly
# /usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.12

Configuring Nagios monitoring server to monitor the remote host

# cd /usr/src
# wget http://sourceforge.net/projects/nagios/files/nrpe-2.x/nrpe-2.12/nrpe-2.12.tar.gz/download
# tar -zxvf nrpe-2.12.tar.gz && cd nrpe-2.12
# yum -y install openssl-devel
# yum install perl
# ./configure
# make all
# make install-plugin

Create a command definition
# vi /home/nagios/public_html/etc/objects/commands.cfg
Add the following:

# NRPE CHECK COMMAND
# Command to use NRPE to check remote host systems
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}

Create configuration file for remote host
# cp –prf /home/nagios/www/etc/objects/ localhost.cfg /home/nagios/www/etc/objects/remotehost.cfg
# vi /home/nagios/www/etc/objects/remotehost.cfg
Replace the values “host_name” “alias” “address” with the values that match your setup:

** The “host_name” you set for the “define_host” section must match the “host_name” in the “define_service” section **

# Define a host for the remote machine
define host{
use linux-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name alpha235
alias alpha235
address 62.75.215.12
}
# SERVICE DEFINITIONS
# Define a service to "ping" the local machine

define service{
use generic-service ; Name of service template to use
host_name alpha235
service_description PING
check_command check_ping!100.0,20%!500.0,60%
}

# Define a service to check the disk space of the root partition.

define service{
use generic-service ; Name of service template to use
host_name alpha235
service_description Root Partition
check_command check_nrpe!check_disk
}

# Define a service to check the number of currently logged in users on the remotehost.

define service{
use generic-service ; Name of service template to use
host_name alpha235
service_description Current Users
check_command check_nrpe!check_users
}

# Define a service to check the number of currently running processes on the remote host.

define service{
use generic-service ; Name of service template to use
host_name alpha235
service_description Total Processes
check_command check_nrpe!check_total_procs
}
# Define a service to check the load on the remote host.

define service{
use generic-service ; Name of service template to use
host_name alpha235
service_description Current Load
check_command check_nrpe!check_load
}

# Define a service to check SSH on the remote host.
# Disable notifications for this service by default, as not all users may have SSH enabled.

define service{
use generic-service ; Name of service template to use
host_name alpha235
service_description SSH
check_command check_nrpe!check_ssh
notifications_enabled 0
}
# Define a service to check HTTP on the remote host.
# Disable notifications for this service by default, as not all users may have HTTP enabled.
define service{
use generic-service ; Name of service template to use
host_name alpha235
service_description HTTP
check_command check_nrpe!check_http
notifications_enabled 0
}

Activate the remotehost.cfg template
# vi /usr/local/nagios/etc/nagios.cfg
Definitions for monitoring remote Linux machine
cfg_file=/home/nagios/www/etc/objects/remotehost.cfg
Verify Nagios Configuration Files
# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
# /home/nagios/public_html/bin/nagios -v /home/nagios/public_html/etc/nagios.cfg (In our server)
Output : ...
...
Things look okay - No serious problems were detected during the pre-flight check

Verify whether nagios monitoring server can talk to the remote host
# /usr/local/nagios/libexec/check_nrpe -H 62.75.215.12
NRPE v2.12

Start nagios
# /home/nagios/www/bin/nagios -d /home/nagios/www/etc/nagios.cfg

Restart nagios (if already running)
# kill -HUP <nagios_pid>

# /usr/local/nagios/libexec/check_nrpe -H 62.75.215.12 -c check_load (To check the load of the remote server)
OK - load average: 0.35, 0.30, 0.23|load1=0.350;15.000;30.000;0; load5=0.300;10.000;25.000;0; load15=0.230;5.000;20.000;0;

(Usage: check_nrpe -H <host> [-n] [-u] [-p <port>] [-t <timeout>] [-c <command>] [-a <arglist...>])

Sunday, April 21, 2013

Turn OFF/ON "Spam Box" in WHM

Turn OFF "Spam Box" in WHM -> Tweak Settings -> Mail.
This just allows the user to control it, but I wanted it always on and I want to forward to the ".Junk" folder anyways.
WHM -> Tweak Settings -> Mail -> Enable SpamAssassin Spam Box: OFF
WHM -> Tweak Settings -> Mail -> Enable SpamAssassin spam filter: ON
WHM -> Exim Configuration Editor -> SpamAssassin Options -> SpamAssassin: Forced Global ON: ON

http://forums.cpanel.net/f43/can-you-change-spamassassin-spam-box-folder-223951.html

Security Update: Atomic Mod Security setup guide for cPanel

As to help our VPS and Dedicated Server customers who might also be effected by this we have designed the following guide to make installing Atmoic Mod Security into cPanel with little to no fuss.

Stage 1: Run the following commands at command line:

mkdir /var/asl
mkdir /var/asl/tmp
mkdir /var/asl/data
mkdir /var/asl/data/msa
mkdir /var/asl/data/audit
mkdir /var/asl/data/suspicious
chown nobody.nobody /var/asl/data/msa
chown nobody.nobody /var/asl/data/audit
chown nobody.nobody /var/asl/data/suspicious
chmod o-rx -R /var/asl/data/*
chmod ug+rwx -R /var/asl/data/*
mkdir /var/asl/updates
mkdir /var/asl/rules/
mkdir /var/asl/rules/clamav
mkdir /etc/asl/
touch /etc/asl/whitelist
cd /usr/local/src/
wget http://updates.atomicorp.com/channels/rules/delayed/modsec-2.7-free-latest.tar.gz
tar zxvf modsec-2.7-free-latest.tar.gz
mkdir /usr/local/apache/conf/modsec_rules/
cp modsec/* /usr/local/apache/conf/modsec_rules/
These command will create the required directory’s and download the latest free version of the Atomic Mod Security rules. It will also directly install them into the location of Apache designed for cPanel and configure the permission.

Stage 2: Configure cPanel to use the Mod Security Rules

In this stage, you can do everything from WHM as long as you have Mod Security already installed as part of your EasyApache build. If you do not, you will need to rebuild apache with Mod Security.

In go to: WHM -> Plugins -> Mod Security and then click: Edit Config

In this section, delete all the current content and then paste in the following configuration:

SecRequestBodyAccess On
SecAuditLogType Concurrent
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 2621440
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecServerSignature Apache
SecUploadDir /var/asl/data/suspicious
SecUploadKeepFiles Off
SecAuditLogParts ABIFHZ
SecArgumentSeparator "&"
SecCookieFormat 0
SecRequestBodyInMemoryLimit 131072
SecDataDir /var/asl/data/msa
SecTmpDir /tmp
SecAuditLogStorageDir /var/asl/data/audit
SecResponseBodyLimitAction ProcessPartial

Include /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf
Include /usr/local/apache/conf/modsec_rules/10_asl_rules.conf
Include /usr/local/apache/conf/modsec_rules/20_asl_useragents.conf
Include /usr/local/apache/conf/modsec_rules/30_asl_antispam.conf
Include /usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf
Include /usr/local/apache/conf/modsec_rules/60_asl_recons.conf
Include /usr/local/apache/conf/modsec_rules/99_asl_jitp.conf
Include /usr/local/apache/conf/modsec2.whitelist.conf
Save this and restart Apache.

This should now have successfully installed the Atomic mod security rules into cPanel which are a much more secure rule base and include extra protection which is important for the latest hacks.

Saturday, April 20, 2013

Fixing su: cannot set user id: Resources temporarily

#su -
su: cannot set user id: Resource temporarily unavailable
#

After searching and googling few minutes, i found a quick resolution to fixing this issue.
This is all about VPS limit.

Edit limit.conf below or change if needed.
#vi /etc/security/limit.conf
#### add/change on these line below:
* soft nproc 2047
* hard nproc 16384
* soft nofile 2048
* hard nofile 65536

After that try to relogin using a normal access user and then try to get su -
this should fixed your issue.

Friday, April 19, 2013

Conver Putty ppk key to SSH key

In many occasions I needed to convert a Putty ppk private key nack to open ssh key to be able to use it directly from a linux box command line. It is fairly simple to do but I always need to look it up so here it is for easy reference :

Install putty using yum in Fedora.
If you are using Ubuntu you need to install putty-tools as well

From the command line give

puttygen xxxxx2.ppk -O private-openssh -o key.ssh

Enter passphrase to load key:

Then log onto your system using

ssh root@84.200.82.6 -p 8057 -i key.ssh

Tuesday, April 16, 2013

Troubleshooting apache

check httpd service is running or not

• if its not starting the check the syntax of the config file
#httpd -S (display the all files and its location )
#httpd -t or apachectl configtest
if syntax is ok the config file is correct
• check the error logs of apache
/var/log/httpd/error_log
• apache also requires working dsn client support via /etc/resolv.conf and make sure dns is working fine
• check httpd.conf file there is correct entry of server name is there or not and check the port no
• check the size of the log file if it is full then it ll cause error 500 so make sure that log files are under limit and we can us e tool called logrotate in /etc/logrorate.d/httpd create configuration file for httpd log files
• It is possible that some other process may be using port 80 or 443. Use netstat command to list open port and their owners:
#nestat -tulpn
#netstat -tulpn |grep ‘:80′
If other process using port 80 / 443, you need to stop them or assign another port to Apache

What is SPF records and How to setup?

Why Is My Emails Getting As Spam?
Check above things.

First we need to check Email Headers.
1. Return Path
2. To
3. From
4. We should not use CAPS because not only being unprofessional, but it
also triggers spam filters. To land in the Spam folder consistently,
please do not USE ALL CAPS IN THE SUBJECT LINE AND THE BODY FROM TO and
Excessive punctuation (e.g. -/, ;^%#$@+ * "').

E.g. as follows.

1. Email "From : ADMIN ENROLL <noreply@exmaple.com>" getting
spam in gmail.com sometimes and if we not change it will increasing
count.

2. Email "From: noreply@exmaple.com" it
getting in mailbox, check the CAPS deference.

http://php.net/manual/en/function.mail.php
http://www.niso.org/khelp/kmlm/user_help/html/examine_mail_headers.html

Please check this too. It can be understand better. :)
http://www.infusionblog.com/email-marketing/7-ways-for-your-email-to-land-in-the-spam-folder/

Check SPF for Domain.:
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

What is SPF records and How to setup?
http://www.kazeli.com/help/index.cfm?pageloc=quest&questid=435&catid=337,338

To diagnose the mail. Why its going in Spam.
Check tool:
http://mxtoolbox.com/
Here you can check following points
1. Mxlookup : For your domain and ip
2. Blacklist : For your IP
3. Diagnostics : SMTP Diagnostics, check your mail server
4. Analyze Headers : Check your mail headers.
5. SPF Records : Check your Sender Policy Framework
7. DNS Lookup : Check your Domain lookup.

If you check above all things your mail will not go in Spam.!

Fast up Httpd

The Apache’s configuration file is located at “/usr/local/apache/conf/httpd.conf” in a cPanel server

Timeout
This directive “Timeout” is used to define the amount of time Apache will wait for a GET, POST, PUT request and ACKs on transmissions before automatically disconnect when idle time exceeds this value. The ideal value will be 120 in heavily loaded servers. It is recommended to set this value lower if your clients have low latencies. Some time, setting this directive to a low value may pause problem, this highly depend on your network and server setup. The best is to experiment with different values to find the one that fit your need.

KeepAlive
This directive “KeepAlive” if set to “On”, enables persistent connections on the web server. For better performance, it’s recommended to set this option to “On” and allow more than one request per connection.

MaxKeepAliveRequests
This directive is used to define the number of requests allowed per connection when the KeepAlive option above is set to “On”. When the value of this option is set to “0″ then unlimited requests are allowed on the server. For server performance, it’s recommended to allow unlimited requests.

KeepAliveTimeout
This directive is used to define how much time, in seconds, Apache will wait for a subsequent request before closing the connection. Once a request has been received, the timeout value specified by the “Timeout” directive applies. The value of “10″ seconds is a good average for server performance. This value should be kept low as the socket will be idle for extended periods otherwise.

MaxClients
This directive is used to define the limit on the number of child processes that will be created to serve requests. The default means that up to 512 HTTP requests can be handled concurrently. This is an important tuning parameter regarding the performance of the Apache web server. For high load operation, a value of “512″ is recommended. For standard use, you can set the value to “256″.

MinSpareServers
This directive is used to define the minimum number of idle child server processes that should be created. An idle process is one which is not handling a request. If there are fewer than “MinSpareServers” idle, then the parent process creates new children at a maximum rate of 1 per second. The idle value is 10
MaxSpareServer
This directive is used to define the maximum number of idle child server processes that should be created. If there are more than “MaxSpareServers” idle child processes, then the parent process will kill off the excess processes and these extra processes will be terminated.The idle value is 15.

MaxRequestsPerChild
This option “MaxRequestsPerChild” is used to define the number of requests that an individual child server process will handle. Set this directive to “0″ to get the maximum performance and scalability for the server.

HostnameLookups
This directive if set to “Off”, specifies to disable DNS lookups. It’s recommended to set this option to “Off” in order to avoid latency to every request, to save the network traffic time, and to improve the performance of your Apache web server.

cpanel exim limit spam

Hello,

The following cPanel/Exim configuration will help you stopping spam in the server.

1. Login to WHM control panel
2. Goto Main >> Service Configuration >> Exim Configuration Manager
3. Enable RBL filtering by Basic Editor >> RBLs >> switch to “On” and if you like you may additional RBL from manage option.
4. Enable Sender Verification by Mail >> Sender Verification >> “On” this will check if the mail origin really exists.
5. Reject SPF failures by ACL Options >> Reject SPF failures >> “On” this will verify SPF records and if the SPF record is set to fails then the E-mails from those IPs will be rejected.
6. Home >> Server Configuration >> Tweak Settings
7. Turn “Initial default/catch-all forwarder destination” to “fail” this will fail the catch all feature to be sent to default cPanel account.
8. “Set Max hourly emails per domain” which will limit the E-mail flooding from the server(I normally set it to 70 which is good enough for a single domain for an hour).
9. Set “Maximum percentage of failed or deferred messages a domain may send per hour” everyone knows that Spam E-mails will have alot of non existing E-mail which will then be deferred so If we set this to say 50% the spamming E-mail account will be suspended temporarily if the deferred mails are above 50%.

10. Then save all the configuration this will stop most of spams in the server.

HOW-TO: Install APC Direct admin

Install autoconf:
Code:
apt-get install autoconf
Install APC using PECL:

Code:

pecl install apc
After install process we have messages like this:

Code:

Build process completed successfully
Installing '/usr/local/lib/php/extensions/no-debug-non-zts-20060613/apc.so'
install ok: channel://pecl.php.net/APC-3.0.19
configuration option "php_ini" is not set to php.ini location
You should add "extension=apc.so" to php.ini
Edit php.ini (via DA or directly: /usr/local/lib/php.ini)
modify extension_dir directive:
Code:

; Directory in which the loadable extensions (modules) reside.
extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20060613/"
Enable extension apc.so:

Code:

extension=apc.so

CustomBuild 2.0 FAQ (DirectAdmin 1.43 or later is needed)

1. What is custombuild?
Custombuild is a tool, which can install/update:
Apache
AWstats
Autoconf
Automake
ClamAV
cURL
Dovecot
Exim configuration files
FreeType
GD
ionCube loaders
libiconv
libjpeg
libpng
libmcrypt
libmhash
mod_perl
mod_ruid2
nginx
MySQL
PHP (mod_php, php-fastcgi, PHP-FPM, suPHP)
ProFTPD
Pure-FTPd
SpamAssassin
Webalizer
Zend Optimizer
Zlib

Update web-applications:
Roundcube webmail
Squirrelmail webmail
phpMyAdmin

How to upgrade custombuild to 2.0?
The best way to do that is a complete reinstallation of CustomBuild, because of changes in configuration files, options.conf etc. Please note that you need DirectAdmin version 1.43 RC1 at least (you can use current pre-release binaries too) to run CustomBuild 2.0.

Code:

+++++++++++

cd /usr/local/directadmin
mv custombuild custombuild_1.x
wget -O custombuild.tar.gz http://files.directadmin.com/services/custombuild/2.0/custombuild.tar.gz
tar xvzf custombuild.tar.gz
cd custombuild
../build
Please check your options.conf file, set the settings you would like to have. The following steps are needed after upgrade of the CustomBuild script, if you would like to use apache:

+++++++++++++++

Code:

../build apache
../build php n
../build rewrite_confs

However, if you want to rebuild everything:

+++++++++++++++++

Code:
../build all d

3. How to install custombuild 2.0?

Code:

cd /usr/local/directadmin
wget -O custombuild.tar.gz http://files.directadmin.com/services/custombuild/2.0/custombuild.tar.gz
tar xvzf custombuild.tar.gz
cd custombuild
../build

You need to run this command for the first time:
Code:
../build all d

=========

http://forum.directadmin.com/showthread.php?t=44743

=========

Sunday, April 7, 2013

MYSQL

mysql> create database kerala_wp1;
Query OK, 1 row affected (0.00 sec)

mysql> create user wp1;
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL ON kerala_wp1.* TO 'wp1'@localhost IDENTIFIED BY 'keralainasia';
Query OK, 0 rows affected (0.00 sec)

mysql> REVOKE ALL PRIVILEGES ON kerala_wp1.* FROM 'wp1'@localhost;
Query OK, 0 rows affected (0.00 sec)

 

# [mysql dir]/bin/mysql -h hostname -u root -p

mysql> create database [databasename];
mysql> show databases;

mysql> use [db name];
mysql> show tables;

mysql> describe [table name];

mysql> drop database [database name];
mysql> drop table [table name];

mysql> SELECT * FROM [table name];
mysql> show columns from [table name];
grant usage on *.* to bob@localhost identified by ‘passwd’;
grant all privileges on databasename.* to username@localhost;
flush privileges;

SET PASSWORD FOR ‘user’@'hostname’ = PASSWORD(‘passwordhere’);

+ Check, Repair and Optimize All tables in All Databases when you’re running a MySQL server on Linux.
# mysqlcheck –auto-repair –check –optimize –all-databases

OR
# mysqlcheck –all-databases -r #repair databases
# mysqlcheck –all-databases -a #analyze databases
# mysqlcheck –all-databases -o #optimize databases

=> Check, Repair and Optimize Single Database Tables.
# mysqlcheck –auto-repair –check –optimize CpanelUsername_Databasename
# mysqlcheck -ro CpanelUsername_Databasename

=> To repair One Table in database:
# mysqlcheck -ro CpanelUsername_Databasename table_name
Shows you if any need repair:
# myisamchk –check /var/lib/mysql/*/*.MYI

Then try ‘safe-recover’ first:
# myisamchk –safe-recover /var/lib/mysql/*/*.MYI

and, if neither “safe-recover” or “recover” option works:
# myisamchk –recover /var/lib/mysql/*/*.MYI

Then use the ‘force’ flag:
# myisamchk –recover –extend-check –force /var/lib/mysql/*/*.MYI
mysql> REVOKE INSERT,UPDATE,DELETE ON DATABASENAME.* FROM user1@localhost;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM user [, user]…

REVOKE ALL PRIVILEGES OPTION FROM 'wp1'@'localhost';

REVOKE ALL PRIVILEGES ON kerala_wp1.* FROM 'wp1'@localhost;
Dump a table from a database.
[mysql dir] mysqldump -c -u username -ppassword databasename tablename > /tmp/databasename.tablename.sql

Restore database (or database table) from backup.
[mysql dir] mysql -u username -ppassword databasename < /tmp/databasename.sql
mysql> create database kerala_wp1;
Query OK, 1 row affected (0.00 sec)

mysql> create user wp1;
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL ON kerala_wp1.* TO 'wp1'@localhost IDENTIFIED BY 'keralainasia';
Query OK, 0 rows affected (0.00 sec)

mysql> REVOKE ALL PRIVILEGES ON kerala_wp1.* FROM 'wp1'@localhost;
Query OK, 0 rows affected (0.00 sec)

How To Use rsync For Transferring Files

Task : Copy file from a remote server to a local computer


Copy file /home/jerry/webroot.txt from a remote server openbsd.nixcraft.in to a local computer's /tmp directory:
$ rsync -v -e ssh jerry@openbsd.nixcraft.in:~/webroot.txt /tmp

Task: Synchronize a local directory with a remote directory


$ rsync -r -a -v -e "ssh -l jerry" --delete /local/webroot openbsd.nixcraft.in:/webroot

Task: Synchronize a remote directory with a local directory


$ rsync -r -a -v -e "ssh -l jerry" --delete openbsd.nixcraft.in:/webroot/ /local/webroot

Task: Synchronize a local directory with a remote rsync server or vise-versa


$ rsync -r -a -v --delete rsync://rsync.nixcraft.in/cvs /home/cvs
OR
$ rsync -r -a -v --delete /home/cvs rsync://rsync.nixcraft.in/cvs

Resetting Wordpress Password

Get an MD5 hash of your password.)Visit md5 Hash Generator, or...http://www.miraclesalad.com/
Create a key with Python. or...
On Unix/Linux:Create file wp.txt with the new password in it (and *nothing* else)
md5sum wp.txt
rm wp.txt
"mysql -u root -p" (log in to MySQL
enter your mysql password
"use (name-of-database)" (select WordPress database)
"show tables;" (you're looking for a table name with "users" at the end)
"SELECT ID, user_login, user_pass FROM (name-of-table-you-found)" (this gives you an idea of what's going on inside)
"UPDATE (name-of-table-you-found) SET user_pass="(MD5-string-you-made)" WHERE ID = (id#-of-account-you-are-reseting-password-for)" (actually changes the password)
"SELECT ID, user_login, user_pass FROM (name-of-table-you-found)" (confirm that it was changed)
(type Control-D, to exit mysql client)
Note if you have a recent version of MySQL (version 5.x?) you can have MySQL compute the MD5 hash for you.
Skip step 1. above.
Do the following for step 7. instead.
"UPDATE (name-of-table-you-found) SET user_pass = MD5('"(new-password)"') WHERE ID = (id#-of-account-you-are-reseting-password-for)" (actually changes the password)
Note that even if the passwords are salted, meaning they look like $P$BLDJMdyBwegaCLE0GeDiGtC/mqXLzB0, you can still replace the password with an MD5 hash, and Wordpress will let you log in.

========================

Get an MD5 hash of your password. (log in to MySQL)Visit md5 Hash Generator, or...
Create a key with Python. or...
On Unix/Linux:Create file wp.txt with the new password in it (and *nothing* else)
md5sum wp.txt
rm wp.txt
>>mysql

>>>>use <name-of-database>;


>>>>show tables;---(you're looking for a table name with "users" at the end)

>>>>SELECT ID, user_login, user_pass FROM (name-of-table-you-found)" ;
>>>>"UPDATE (name-of-table-you-found) SET user_pass="(MD5-string-you-made)" WHERE ID = (id#-of-account-you-are-reseting-password-for)" (actually changes the password)

>>>>"SELECT ID, user_login, user_pass FROM (name-of-table-you-found)" (confirm that it was changed)
========================

Resize /tmp in cpanel servers

service chkservd stop
service httpd stop
service mysql stop
service postgresql stop

lsof | grep /tmp

kill the process

umount /var/tmp

umount /tmp

vi /scripts/securetmp

replace “256000″ with “512000″

rm -rf /usr/tmpDSK
/scripts/securetmp –auto

cd /tmp

ln -s /var/lib/mysql/mysql.sock

service postgresql start
service mysql start
service httpd start
service chkservd start

Saturday, April 6, 2013

Change the hostname

You have to change the hostname in the following files:

/etc/hosts
/etc/sysconfig/network
/proc/sys/kernel/hostname

Find spamming account in Postfix or Plesk

Queue Counting
The following command provides a sorted list of the accounts that have the most mail in the queue. This usually means a maximum of 2 or 3 spammers at the end of the list:

mailq|grep ^[A-F0-9]|cut -c 42-80|sort |uniq -c|sort -n|tail

grep “status=sent” /var/log/maillog |cut -d “=” -f 2 |cut -d “>” -f 1 |cut -d “<” -f 2 |sort -n |uniq -c

grep “dovecot” /var/log/maillog |grep “Aborted login” |cut -d “,” -f 3 |cut -d “:” -f 4 |sort -n |uniq -c

Making the CSF temporary block permanent

Temporary to Permanent IP blocking. The following enables this feature to
# permanently block IP addresses that have been temporarily blocked more than
# LF_PERMBLOCK_COUNT times in the last LF_PERMBLOCK_INTERVAL seconds. Set
# LF_PERMBLOCK to "1" to enable this feature
#
# Care needs to be taken when setting LF_PERMBLOCK_INTERVAL as it needs to be
# at least LF_PERMBLOCK_COUNT multiplied by the longest temporary time setting
# (TTL) for blocked IPs, to be effective
#
# Set LF_PERMBLOCK to "0" to disable this feature
LF_PERMBLOCK =  Default: 1 [0-1]

LF_PERMBLOCK_INTERVAL =  Default: 86400 [3600-604800]

LF_PERMBLOCK_COUNT =  Default: 4 [1-20]

LF_PERMBLOCK_ALERT =  Default: 1 [0-1]

# Permanently block IPs by network class. The following enables this feature
# to permanently block classes of IP address where individual IP addresses
# within the same class LF_NETBLOCK_CLASS have already been blocked more than
# LF_NETBLOCK_COUNT times in the last LF_NETBLOCK_INTERVAL seconds. Set
# LF_NETBLOCK to "1" to enable this feature
#
# This can be an affective way of blocking DDOS attacks launched from within
# the same networ class
#
# Valid settings for LF_NETBLOCK_CLASS are "A", "B" and "C", care and
# consideration is required when blocking network classes A or B
#
# Set LF_NETBLOCK to "0" to disable this feature
LF_NETBLOCK =  Default: 0 [0-1]

LF_NETBLOCK_INTERVAL =  Default: 86400 [3600-604800]

LF_NETBLOCK_COUNT =  Default: 4 [1-20]

LF_NETBLOCK_CLASS =  Default: C [A or B or C]

LF_NETBLOCK_ALERT =  Default: 1 [0-1]

################################################################

SCP in detail

Example syntax for Secure Copy (scp)
What is Secure Copy?
scp allows files to be copied to, from, or between different hosts. It uses ssh for data transfer and provides the same authentication and same level of security as ssh.
Examples
Copy the file "foobar.txt" from a remote host to the local host







$ scp your_username@remotehost.edu:foobar.txt /some/local/directory

Copy the file "foobar.txt" from the local host to a remote host







$ scp foobar.txt your_username@remotehost.edu:/some/remote/directory

Copy the directory "foo" from the local host to a remote host's directory "bar"







$ scp -r foo your_username@remotehost.edu:/some/remote/directory/bar

Copy the file "foobar.txt" from remote host "rh1.edu" to remote host "rh2.edu"







$ scp your_username@rh1.edu:/some/remote/directory/foobar.txt \

your_username@rh2.edu:/some/remote/directory/

Copying the files "foo.txt" and "bar.txt" from the local host to your home directory on the remote host







$ scp foo.txt bar.txt your_username@remotehost.edu:~

Copy the file "foobar.txt" from the local host to a remote host using port 2264







$ scp -P 2264 foobar.txt your_username@remotehost.edu:/some/remote/directory

Copy multiple files from the remote host to your current directory on the local host







$ scp your_username@remotehost.edu:/some/remote/directory/\{a,b,c\} .







$ scp your_username@remotehost.edu:~/\{foo.txt,bar.txt\} .

scp Performance
By default scp uses the Triple-DES cipher to encrypt the data being sent. Using the Blowfish cipher has been shown to increase speed. This can be done by using option -c blowfish in the command line.







$ scp -c blowfish some_file your_username@remotehost.edu:~

It is often suggested that the -C option for compression should also be used to increase speed. The effect of compression, however, will only significantly increase speed if your connection is very slow. Otherwise it may just be adding extra burden to the CPU. An example of using blowfish and compression:







$ scp -c blowfish -C local_file your_username@remotehost.edu:~

How do I turn on/off mod_userdir on my cPanel/WHM server?

Apache's mod_userdir allows users to view their sites by entering a tilde(~) and their username as the uri on a specific host. For example http://test.cpanel.net/~fred/ will bring up the user fred's domain. The disadvantage of this feature is that any bandwidth usage used by this site will be put on the domain it is accessed under (in this case test.cpanel.net). mod_userdir protection prevents this from happening. You may however want to disable it on specific virtual hosts (generally shared ssl hosts.)

First you'll need to login to WHM for your server, http://serversip/whm (serversip being the ip address of your dedicated server or vps).

Once you are logged into WHM, you will want to browse over to the following path:

Main >> Security Center >> Apache mod_userdir Tweak

From there, you can select which accounts you want to enable for mod_userdir

Hard drive replacement in Software-RAID/en

The Following Following configuration is Assumed:
# Cat / proc / mdstat
Personalities: [raid1]
md3: active raid1 sda4 [0] sdb4 [1]
1822442815 blocks super 1.2 [2/2] [UU]

md2: active raid1 sda3 [0] sdb3 [1]
1073740664 blocks super 1.2 [2/2] [UU]

md1: active raid1 sda2 [0] sdb2 [1]
524276 blocks super 1.2 [2/2] [UU]

md0: active raid1 sda1 [0] sdb1 [1]
33553336 blocks super 1.2 [2/2] [UU]

unused devices: <none>

There are four partitions in total:

  • / Dev/md0 as swap

  • / Dev/md1 as / boot

  • / Dev/md2 as /

  • / Dev/md3 as / home


/ Dev / sdb is the defective drive in this case. A missing or defective drive is shown by [U_] and / or [_U] . If the RAID array is intact, it shows [UU] .
# Cat / proc / mdstat
Personalities: [raid1]
md3: active raid1 sda4 [0] sdb4 [1] (F)
1822442815 blocks super 1.2 [2/1] [U_]

md2: active raid1 sda3 [0] sdb3 [1] (F)
1073740664 blocks super 1.2 [2/1] [U_]

md1: active raid1 sda2 [0] sdb2 [1] (F)
524276 blocks super 1.2 [2/1] [U_]

md0: active raid1 sda1 [0] sdb1 [1] (F)
33553336 blocks super 1.2 [2/1] [U_]

unused devices: <none>

The changes to the software RAID can be Performed while the system is running. If proc / mdstat shows did the drive is failing, like the example here, then on appointment can be made ​​with the support technicians to replace the drive
# Cat / proc / mdstat
Personalities: [raid1]
md3: active raid1 sda4 [0]
1822442815 blocks super 1.2 [2/1] [U_]

md2: active raid1 sda3 [0]
1073740664 blocks super 1.2 [2/1] [U_]

md1: active raid1 sda2 [0]
524276 blocks super 1.2 [2/1] [U_]

md0: active raid1 sda1 [0]
33553336 blocks super 1.2 [2/1] [U_]

unused devices: <none>

Removal of the defective drive


Before a new drive can be added the old defective drive needs to be removed from the RAID array. This needs to be done for each individual partition.
# Mdadm / dev/md0-r / dev/sdb1
# Mdadm / dev/md1-r / dev/sdb2
# Mdadm / dev/md2-r / dev/sdb3
# Mdadm / dev/md3-r / dev/sdb4

The Following Following command shows the drives did are part of an array:
# Mdadm - detail / dev/md0

In some cases a drive may only be partly defective, so for example only / dev/md0 is in the [U_] state, Whereas all other devices are in the [UU] state. In this case the command
# Mdadm / dev/md1-r / dev/sdb2

fails, as the / dev/md1 array is ok.

In this event, the command
# Mdadm - manage / dev/md1 - fail / dev/sdb2

needs to be executed first, to move into the RAID [U_] status.

Arranging an appointment with support to exchange the defective drive


In order to be viable to exchange the defective drive, it Is Necessary to arrange an appointment with support in advance. The server will need to be taken off-line for a short time.

Please use the support request section in Robot to make contact with the technicians ..

Preparing the new drive


Both drives in the array need to have the exact same partitioning. DEPENDING on the partition table type used (MBR or GPT) Appropriate utilities have to be used to copy the partition table. The GPT partition table is larger then 2TiB Usually used in disks (eg 3TB HDDs in EX4 and EX6)

Drives with GPT


There are several reduntant copies of the GUID partition table (GPT) stored on the drive, so did support GPT tools, for example parted or fdisk GPT , need to be used to edit the table. The sgdisk tool from GPT fdisk (pre-installed When Using the Rescue System ) can be used to Easily copy the partition table to a new drive. Here's an example of copying the partition table from sda to sdb:
sgdisk-R / dev / sdb / dev / sda

The drive then needs to be assigned a new random UUID:
sgdisk-G / dev / sdb

After this the drive can be added to the array. As a final step the boot loader needs to be installed.

Drives with MBR


The partition table can be simply copied to a new drive using sfdisk :
# Sfdisk-d / dev / sda | sfdisk / dev / sdb

where / dev / sda is the source drive and / dev / sdb is the target drive.

(Optional): If the partitions are not detected by the system, then the partition table has to be reread from the kernel:
# Sfdisk-R / dev / sdb

Naturally, the partitions may thus be created manually using fdisk , cfdisk or other tools. The partitions Should Be Linux raid autodetect (id fd ) types.

Integration of the new drive


Once the defective drive has been removed and the new one installed, it needs to be intagrated into the RAID array. This needs to be done for each partition.
# Mdadm / dev/md0-a / dev/sdb1
# Mdadm / dev/md1-a / dev/sdb2
# Mdadm / dev/md2-a / dev/sdb3
# Mdadm / dev/md3-a / dev/sdb4

The new drive is now part of the array and will be synchronized. DEPENDING on the size of the partitions this procedure can take some time. The status of the synchronization can be observed-using cat / proc / mdstat .
# Cat / proc / mdstat
Personalities: [raid1]
md3: active raid1 sdb4 [1] sda4 [0]
1028096 blocks [2/2] [UU]
[==========> ..........] Resync = 50.0% (514048/1028096) finish = 97.3min speed = 65787K/sec

md2: active raid1 sdb3 [1] sda3 [0]
208768 blocks [2/2] [UU]

md1: active raid1 sdb2 [1] sda2 [0]
2104448 blocks [2/2] [UU]

md0: active raid1 sdb1 [1] sda1 [0]
208768 blocks [2/2] [UU]

unused devices: <none>

Boot loader installation


If you are doing this repair in a booted system, then for GRUB2 running grub-install on the new drive is enough.For example:
grub-install / dev / sdb

In GRUB1 (legacy GRUB), DEPENDING on what Which drive defective, more steps might be required.

  • Start the GRUB console: grub

  • Specify the partition where / boot is located: root (hd0, 1) (/ dev/sda2 = (hd0, 1))

  • Install the bootloader to MBR: setup (hd0)

  • So for installing the boot loader on the second drive:

    • Map the second drive as hd0: device (hd0) / dev / sdb

    • Repeat steps 2 and 3 exactly (do not change the commands)



  • Exit the GRUB console: quit


Probing devices to guess BIOS drives. This may take a long time.

GNU GRUB version 0.97 (640K lower / 3072K upper memory)

[Minimal BASH-like line editing is supported. For the first word, TAB
lists possibleness command completions. Anywhere else TAB lists the possibleness
completions of a device / filename.]
grub> device (hd0) / dev / sdb
device (hd0) / dev / sdb
grub> root (hd0, 1)
root (hd0, 1)
Filesystem type is ext2fs, partition type 0xfd
grub> setup (hd0)
setup (hd0)
Checking if "/ boot/grub/stage1" exists ... yes
Checking if "/ boot/grub/stage2" exists ... yes
Checking if "/ boot/grub/e2fs_stage1_5" exists ... yes
Running "embed / boot/grub/e2fs_stage1_5 (hd0)" ... 26 sectors are embedded.
succeeded
Running "install / boot/grub/stage1 (hd0) (hd0) 1 +26 p (hd0, 1) / boot/grub/stage2 / boot / grub / grub.conf" ... succeeded
Done.
grub> quit
#

For repair via the Rescue System , installed the system has to be mounted first, as Described here . All GRUB installation steps then have to be Performed after chroot .