Please use following steps on your risk, I won't be responsible for any damage...
OS/ Fedora Core 5
download and install:
libffac
libffad2
xvid
libogg,libvorbis
mp3lame
ffmpeg
Setting Up Install Folder, Logging and download Packages
1)Log into ssh
2) cd /usr/src && mkdir install && cd install
3) Download faad2 and faac
from http://faac.sourceforge.net/oldsite/download.php get Faad2 and faac (new versions
)
wget http://prdownloads.sourceforge.net/f...ar.gz?download
wget http://prdownloads.sourceforge.net/f...ar.gz?download
4) Verify that you have these components are installed
rpm -qa automake
rpm -qa autoconf
rpm -qa libtool
rpm -qa m4
rpm -qa gcc-c++
If any are missing than simply yum install (packagename), if you dont have a package manager than get one, it will save you alot of time
and headaches.
Installing Faac
5)tar -zxvf faac-1.24.tar.gz && cd faac
6) sh bootstrap
7) ./configure
8) make
9) make install
10) cd ..
Installing Faad2
11) tar -zxvf faad2-2.0.tar.gz
12) cd faad2 && less README.linux
13) There is 2 bugs with this package, so need to manually edit these files
14) nano Makefile.am
Edit the file to look like this
SUBDIRS = libfaad common frontend plugins
EXTRA_DIST = faad2.spec
15) cd common/mp4ff && nano mp4ffint.h
16) Comment out this line
//void mp4ff_track_add(mp4ff_t *f);
17)Save file and cd ../..
18)autoreconf -vif
19) ./configure
20) make
21) make install
Installing Libogg and Libvorbis
22)cd .. and then Check to see if libogg and libvorbs
rpm -qa libogg-devel
rpm -qa libvorbis-devel
rpm -qa libncurses-devel
If not installed then simply Package Install (replace yum and install settings with your package manager)
yum install libogg-devel
yum install libvorbis-devel
yum install libncurses-devel
Installing LAME (for audio)
23)go into lame sourceforge - http://sourceforge.net/project/showf...package_id=309
24)wget http://mesh.dl.sourceforge.net/sourc...me-3.97.tar.gz
25)tar -zxvf lame-3.97.tar.gz
26)cd lame*
27) ./configure; make;make install
Installing Xvid
28) cd .. && wget http://downloads.xvid.org/downloads/...e-1.1.2.tar.gz
29)tar -zxvf xvidcore-1.1.2.tar.gz && cd xvid*/build/generic/
30) ./configure; make; make install;
31) cd ../../..
Installing ffmpeg
32) rpm -q subversion If not install, then install subversion
33)svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg && cd ffmpeg
34) ./configure --enable-shared --enable-xvid --enable-vorbis --enable-libogg --enable-mp3lame --enable-gpl --enable-faad --enable-faac --enable-a52
35)make
36)make install
If Installation went ok, run
ldd ./ffmpeg
If Path to Lib Libraries are not ok
37)Check to see if /usr/local/lib exists on this file
cat /etc/ld.so.conf
If not
echo /usr/local/lib >>/etc/ld.so.conf
38) cat/etc/ld.so.conf Now check to see if (/usr/local/lib exist)
39) save file
40) ldconfig
41) run ldd ./ffmpeg
FFmpeg should be complete and installed. On some servers you may need to add Disable Shared and enable flags.
For anyone having problems with faac and faad2, these older versions should work nicely:
wget http://dfn.dl.sourceforge.net/source...ac-1.24.tar.gz
tar zxvf faac-1.24.tar.gz
cd faac
chmod 777 bootstrap
./bootstrap
./configure
make
make install
cd ../
make install
cd ../
rm -rf faac
wget http://dfn.dl.sourceforge.net/source...2.0-rc3.tar.gz
tar zxvf faad2-2.0-rc3.tar.gz
cd faad2
chmod 777 bootstrap
./bootstrap
./configure
make
make install
cd ../
rm -rf faad2
Nov 27, 2009
Nov 25, 2009
Enable Tun/Tap in vps
In order to enable Tun/Tap in vps, you will have to run following commands from hardware node where 201 is nothing but the vps in which you have to enable those modules.
# lsmod | grep tun
# modprobe tun
vzctl set 201 --devices c:10:200:rw --save
vzctl set 201 --capability net_admin:on --save
vzctl exec 201 mkdir -p /dev/net
vzctl exec 201 mknod /dev/net/tun c 10 200
vzctl exec 201 chmod 600 /dev/net/tun
-------------------------------------------------------
#!/usr/bin/perl -w
use strict;
if (-e "/etc/sysconfig/vz-scripts/$ARGV[0].conf") {
system("vzctl set $ARGV[0] --devices c:10:200:rw --save");
system("vzctl exec $ARGV[0] mkdir -p /dev/net");
system("vzctl exec $ARGV[0] mknod /dev/net/tun c 10 200");
system("vzctl exec $ARGV[0] chmod 600 /dev/net/tun");
print "Done setting up /dev/net/tun for VE $ARGV[0]\n";
} else {
die "VE $ARGV[0] not found ..";
}
# lsmod | grep tun
# modprobe tun
vzctl set 201 --devices c:10:200:rw --save
vzctl set 201 --capability net_admin:on --save
vzctl exec 201 mkdir -p /dev/net
vzctl exec 201 mknod /dev/net/tun c 10 200
vzctl exec 201 chmod 600 /dev/net/tun
-------------------------------------------------------
#!/usr/bin/perl -w
use strict;
if (-e "/etc/sysconfig/vz-scripts/$ARGV[0].conf") {
system("vzctl set $ARGV[0] --devices c:10:200:rw --save");
system("vzctl exec $ARGV[0] mkdir -p /dev/net");
system("vzctl exec $ARGV[0] mknod /dev/net/tun c 10 200");
system("vzctl exec $ARGV[0] chmod 600 /dev/net/tun");
print "Done setting up /dev/net/tun for VE $ARGV[0]\n";
} else {
die "VE $ARGV[0] not found ..";
}
Nov 24, 2009
Error establishing a database connection
Warning: mysql_connect(): Access denied for user: 'user1_name1@localhost' (Using password: YES) in /home/joe123/public_html/catalog/includes/functions/database.php on line 19
What this means is that your database now exists in cPanel, but your website cannot communicate with it. Now is time to assign a database username and reconfigure your website's database settings.
1. Login to your cPanel and click the "MySQL Databases" icon.
2. Scroll down till you see MySQL Users > NewUser.
3. The username can be anything you want. For this example, we will choose gatorboy.
4. Pick any random password. You won't need to commit this to memory, so go nuts. For this example, nvGHdCC0dCMz can be our database password. Copy the password and keep it ready. Now enter the password twice and then press the "Create User" button.
The user has now been added, but it has not been assigned to a database.
1. In the same area under MySQL Users you will see a second section called Add User To Database.
2. Choose the username you just created from the drop down. (Notice that cPanel will automatically prepend your database name with your cPanel username. For this example, we get joe123_gatorboy.) Copy this username and keep it ready.
3. Next, choose the name of your database and click the "Submit" button. If you don't know which database name to use, skip this step for now.
Now you need to locate your database configuration file.
* If you have a general error message like the first example, then use our config files article to determine the location.
* If you have a specific error message like the second example, then the error tells us the location. In our example the error says "in /home/joe123/public_html/catalog/includes/functions/database.php on line 19". That is where you need to go.
It is finally time to reconfigure your website's database settings.
1. Go to the configuration file and choose to Edit.
2. Look in the code for a place where your database name is defined. Here is the example of what we see:
define('DB_NAME', 'user1_wrdp1');
define('DB_USER', 'user1_name1');
define('DB_PASSWORD', '5Jmfde%53L');
define('DB_HOST', 'localhost');
3. The database name is very important; it must have your new cPanel name in the first part. Update the part before the underscore, but change nothing after the underscore. Example:
define('DB_NAME', 'joe123_wrdp1');
If you skipped step 3 while assigning the user to the database, you must go back and complete that step. The value you have for your database name is the correct name to choose in the second drop down. (Don't forget to click Submit.)
4. Next, get the database username and password you set aside and replace the ones in the file. Example:
define('DB_USER', 'joe123_gatorboy');
define('DB_PASSWORD', 'nvGHdCC0dCMz');
This is the last time you will need this username and password, so you don't need to keep a copy anymore.
5. The host name is always 'localhost', so make that change if needed.
6. Save the file and you are done! Refresh your webpage to see if it works.
What this means is that your database now exists in cPanel, but your website cannot communicate with it. Now is time to assign a database username and reconfigure your website's database settings.
1. Login to your cPanel and click the "MySQL Databases" icon.
2. Scroll down till you see MySQL Users > NewUser.
3. The username can be anything you want. For this example, we will choose gatorboy.
4. Pick any random password. You won't need to commit this to memory, so go nuts. For this example, nvGHdCC0dCMz can be our database password. Copy the password and keep it ready. Now enter the password twice and then press the "Create User" button.
The user has now been added, but it has not been assigned to a database.
1. In the same area under MySQL Users you will see a second section called Add User To Database.
2. Choose the username you just created from the drop down. (Notice that cPanel will automatically prepend your database name with your cPanel username. For this example, we get joe123_gatorboy.) Copy this username and keep it ready.
3. Next, choose the name of your database and click the "Submit" button. If you don't know which database name to use, skip this step for now.
Now you need to locate your database configuration file.
* If you have a general error message like the first example, then use our config files article to determine the location.
* If you have a specific error message like the second example, then the error tells us the location. In our example the error says "in /home/joe123/public_html/catalog/includes/functions/database.php on line 19". That is where you need to go.
It is finally time to reconfigure your website's database settings.
1. Go to the configuration file and choose to Edit.
2. Look in the code for a place where your database name is defined. Here is the example of what we see:
define('DB_NAME', 'user1_wrdp1');
define('DB_USER', 'user1_name1');
define('DB_PASSWORD', '5Jmfde%53L');
define('DB_HOST', 'localhost');
3. The database name is very important; it must have your new cPanel name in the first part. Update the part before the underscore, but change nothing after the underscore. Example:
define('DB_NAME', 'joe123_wrdp1');
If you skipped step 3 while assigning the user to the database, you must go back and complete that step. The value you have for your database name is the correct name to choose in the second drop down. (Don't forget to click Submit.)
4. Next, get the database username and password you set aside and replace the ones in the file. Example:
define('DB_USER', 'joe123_gatorboy');
define('DB_PASSWORD', 'nvGHdCC0dCMz');
This is the last time you will need this username and password, so you don't need to keep a copy anymore.
5. The host name is always 'localhost', so make that change if needed.
6. Save the file and you are done! Refresh your webpage to see if it works.
Custom error pages
To create a custom error page for your account, please login to cPanel and click Error Pages, under Advanced. Select the domain or subdomain you want and click the page you want to edit. Insert your own custom page code (in HTML or SHTML). The changes will be applied after you click Save.
But I don't know any HTML
Never fear. If you use a design program like Sitebuilder, simply publish a page which you would want to use. Next, visit your website online and pull up that new page you want. At the top of your browser, go to View and choose "Source" or "Page Source". Copy everything from the pop-up window (right click, Select All, right click, Copy) and now you can paste where the HTML code belongs.
Afterward, you may want to remove that extra page from your site builder program.
Common problems
If Internet Explorer is not displaying the custom error page, it is likely because the error page must be larger than 1 kilobyte.
There are many error pages which may be defined.
Client Request Errors
400 - Bad Request
401 - Authorization Required
403 - Forbidden
404 - Not Found
405 - Method Not Allowed
406 - Not Acceptable (encoding)
407 - Proxy Authentication Required
408 - Request Timed Out
409 - Conflicting Request
410 - Gone
411 - Content Length Required
412 - Precondition Failed
413 - Request Entity Too Long
414 - Request URI Too Long
415 - Unsupported Media Type
Server Errors
500 - Internal Server Error
501 - Not Implemented
502 - Bad Gateway
503 - Service Unavailable
504 - Gateway Timeout
505 - HTTP Version Not Supported
How can I revert back to the default error pages?
Simply delete the error page from the public_html folder:
404.shtml
403.shtml
500.shtml
But I don't know any HTML
Never fear. If you use a design program like Sitebuilder, simply publish a page which you would want to use. Next, visit your website online and pull up that new page you want. At the top of your browser, go to View and choose "Source" or "Page Source". Copy everything from the pop-up window (right click, Select All, right click, Copy) and now you can paste where the HTML code belongs.
Afterward, you may want to remove that extra page from your site builder program.
Common problems
If Internet Explorer is not displaying the custom error page, it is likely because the error page must be larger than 1 kilobyte.
There are many error pages which may be defined.
Client Request Errors
400 - Bad Request
401 - Authorization Required
403 - Forbidden
404 - Not Found
405 - Method Not Allowed
406 - Not Acceptable (encoding)
407 - Proxy Authentication Required
408 - Request Timed Out
409 - Conflicting Request
410 - Gone
411 - Content Length Required
412 - Precondition Failed
413 - Request Entity Too Long
414 - Request URI Too Long
415 - Unsupported Media Type
Server Errors
500 - Internal Server Error
501 - Not Implemented
502 - Bad Gateway
503 - Service Unavailable
504 - Gateway Timeout
505 - HTTP Version Not Supported
How can I revert back to the default error pages?
Simply delete the error page from the public_html folder:
404.shtml
403.shtml
500.shtml
Apache error logs
Logs are very importatnt while troublseshooting any problem. I have listed here some apache logs which are very useful in order to debug any issue related with apache on cpanel server
Some things you can ignore:
File does not exist: home/somtin/public_html/robots.txt
File does not exist: home/somwon/public_html/favicon.ico
File does not exist: home/somwer/public_html/500.shtml
Some things you can fix:
File does not exist: /home/yousir/public_html/gallery/pic.jpg
The file is either in the wrong place or needs to be republished. Be sure that all of your files and folders are uploaded inside the public_html.
(13)Permission denied: file permissions deny server access: /home/sumuser/public_html/index.html
This is the most common 403 error. We can help you fix this.
error: file is writable by others: (/home/sumwon/public_html/index.php)
This is the most common 500 error. We can help you fix this.
error: file has no execute permission: (/home/inono/public_html/cgi-bin/img2txt.cgi)
This can be fixed by adding executable permissions [755] to the file.
perhaps mis-spelled or defined by a module not included in the server configuration
This means there is something bad in the .htaccess file. Perhaps there is a php_flag line needs to be deleted.
Premature end of script headers: /home/gyms/public_html/cgi-bin/index.pl
Possibly this is a perl script and needs to say #!/usr/bin/perl -w on the first line.
Some things you can ignore:
File does not exist: home/somtin/public_html/robots.txt
File does not exist: home/somwon/public_html/favicon.ico
File does not exist: home/somwer/public_html/500.shtml
Some things you can fix:
File does not exist: /home/yousir/public_html/gallery/pic.jpg
The file is either in the wrong place or needs to be republished. Be sure that all of your files and folders are uploaded inside the public_html.
(13)Permission denied: file permissions deny server access: /home/sumuser/public_html/index.html
This is the most common 403 error. We can help you fix this.
error: file is writable by others: (/home/sumwon/public_html/index.php)
This is the most common 500 error. We can help you fix this.
error: file has no execute permission: (/home/inono/public_html/cgi-bin/img2txt.cgi)
This can be fixed by adding executable permissions [755] to the file.
perhaps mis-spelled or defined by a module not included in the server configuration
This means there is something bad in the .htaccess file. Perhaps there is a php_flag line needs to be deleted.
Premature end of script headers: /home/gyms/public_html/cgi-bin/index.pl
Possibly this is a perl script and needs to say #!/usr/bin/perl -w on the first line.
Nov 20, 2009
Reset mysql password
/etc/init.d/mysqld stop
mysqld_safe --skip-grant-tables &
mysql -u root
mysql> use mysql;
mysql> update user set password=PASSWORD("newrootpassword") where User='root';
mysql> flush privileges;
mysql> quit
/etc/init.d/mysqld stop
/etc/init.d/mysqld start
mysqld_safe --skip-grant-tables &
mysql -u root
mysql> use mysql;
mysql> update user set password=PASSWORD("newrootpassword") where User='root';
mysql> flush privileges;
mysql> quit
/etc/init.d/mysqld stop
/etc/init.d/mysqld start
Nov 18, 2009
Secure /tmp
Secure /tmp
Please take backup of files before changing configuration, I won't be responsible for any damage.
Secure /tmp:
Step 1: Backup your /etc/fstab file
cp /etc/fstab /etc/fstab.bak
Step 2: Make a 1GB file for /tmp parition and an ext3 filesystem for tmp:
dd if=/dev/zero of=/var/tempFS bs=1024 count=1000000
/sbin/mkfs.ext3 /var/tempFS
Step 3: Create a backup copy of your current /tmp drive:
cp -Rpf /tmp /tmpbackup
Step 4: Mount our new tmp parition and change permissions:
mount -o loop,noexec,nosuid,rw /var/tempFS /tmp
chmod 1777 /tmp
Step 5: Copy the old data:
cp -Rpf /tmp.bak/* /tmp/
* If your /tmp was empty earlier, you might get this error : cp: cannot stat `/tmp.bak/*’: No such file or directory
Step 6: Edit /etc/fstab and add this:
nano -w /etc/fstab
And ADD this line:
/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0
Step 7: Test your fstab entry:
mount -o remount /tmp
Step 8: Verify that your /tmp mount is working:
df -h
Should look something like this:
/var/tempFS 962M 18M 896M 2% /tmp
Secure /var/tmp:
Step 1: Use /tmp as /var/tmp.
mv /var/tmp /var/vartmp
ln -s /tmp /var/tmp
Step 2: Copy the old data back
cp /var/vartmp/* /tmp/
* If your /var/tmp was empty earlier, you might get this error : cp: cannot stat `/var/vartmp/*’: No such file or directory
Secure /dev/shm:
Step 1: Edit your /etc/fstab:
nano -w /etc/fstab
Locate:
none /dev/shm tmpfs defaults,rw 0 0
Change it to:
none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
Step 2: Remount /dev/shm:
mount -o remount /dev/shm
Please take backup of files before changing configuration, I won't be responsible for any damage.
Secure /tmp:
Step 1: Backup your /etc/fstab file
cp /etc/fstab /etc/fstab.bak
Step 2: Make a 1GB file for /tmp parition and an ext3 filesystem for tmp:
dd if=/dev/zero of=/var/tempFS bs=1024 count=1000000
/sbin/mkfs.ext3 /var/tempFS
Step 3: Create a backup copy of your current /tmp drive:
cp -Rpf /tmp /tmpbackup
Step 4: Mount our new tmp parition and change permissions:
mount -o loop,noexec,nosuid,rw /var/tempFS /tmp
chmod 1777 /tmp
Step 5: Copy the old data:
cp -Rpf /tmp.bak/* /tmp/
* If your /tmp was empty earlier, you might get this error : cp: cannot stat `/tmp.bak/*’: No such file or directory
Step 6: Edit /etc/fstab and add this:
nano -w /etc/fstab
And ADD this line:
/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0
Step 7: Test your fstab entry:
mount -o remount /tmp
Step 8: Verify that your /tmp mount is working:
df -h
Should look something like this:
/var/tempFS 962M 18M 896M 2% /tmp
Secure /var/tmp:
Step 1: Use /tmp as /var/tmp.
mv /var/tmp /var/vartmp
ln -s /tmp /var/tmp
Step 2: Copy the old data back
cp /var/vartmp/* /tmp/
* If your /var/tmp was empty earlier, you might get this error : cp: cannot stat `/var/vartmp/*’: No such file or directory
Secure /dev/shm:
Step 1: Edit your /etc/fstab:
nano -w /etc/fstab
Locate:
none /dev/shm tmpfs defaults,rw 0 0
Change it to:
none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
Step 2: Remount /dev/shm:
mount -o remount /dev/shm
Nov 17, 2009
Some Basic vps commands
vzctl create 102 --ostemplate centos-4-i386-default
vzctl destroy 102 :
vzctl create 102 --ostemplate centos-4-i386-default --config vps.basic
vzctl set 102 --onboot yes --save:
vzctl set 102 --hostname ace.316x.net --save
vzctl set 102 --ipadd 208.76.110.211 --save
vzctl set 102 --nameserver 208.76.110.194 --save
vzctl start 102
vzctl exec 102 service sshd status
vzctl exec 102 service sshd start
vzctl exec 102 service sshd status
vzctl start 102
vzctl set 102 --userpasswd root:elite99x
vzctl start 102
vzlist -a | grep 102
vzctl exec 102 df
vzctl 102 stop
vzctl stop 102
vzctl start 102
vzctl restart 102
grep DISK_QUOTA /etc/sysconfig/vz
grep DISKSPACE /etc/sysconfig/vz-scripts/102.conf
grep DISKINODES /etc/sysconfig/vz-scripts/102.conf
grep QUOTATIME /etc/sysconfig/vz-scripts/102.conf
vzctl set 102 --diskspace 35000000000:36000000000 --save
vzctl set 102 --diskspace 34000000000:35000000000 --save
vzctl set 102 --diskspace 3500000000:3600000000 --save
vzctl set 102 --diskspace 35000000:36000000 --save
vzctl exec 102 df -vzctl set 102 --diskspace 36000000:37000000 --save
vzctl exec 102 df -h
vzctl set 102 --vmguarpages 5130000:5140000 --save
vzctl --help
vzctl exec 102 --help
vzctl exec 102 df --help
vzctl set 105 --privvmpages 2G:3G --save
vzctl set 102 --diskinodes 3400000:3500000 --save
vzctl set 102 --quotatime 600 --save
vsyum 102 install yum
vzyum 102 install yum
vzctl enter 102
vzctl destroy 102 :
vzctl create 102 --ostemplate centos-4-i386-default --config vps.basic
vzctl set 102 --onboot yes --save:
vzctl set 102 --hostname ace.316x.net --save
vzctl set 102 --ipadd 208.76.110.211 --save
vzctl set 102 --nameserver 208.76.110.194 --save
vzctl start 102
vzctl exec 102 service sshd status
vzctl exec 102 service sshd start
vzctl exec 102 service sshd status
vzctl start 102
vzctl set 102 --userpasswd root:elite99x
vzctl start 102
vzlist -a | grep 102
vzctl exec 102 df
vzctl 102 stop
vzctl stop 102
vzctl start 102
vzctl restart 102
grep DISK_QUOTA /etc/sysconfig/vz
grep DISKSPACE /etc/sysconfig/vz-scripts/102.conf
grep DISKINODES /etc/sysconfig/vz-scripts/102.conf
grep QUOTATIME /etc/sysconfig/vz-scripts/102.conf
vzctl set 102 --diskspace 35000000000:36000000000 --save
vzctl set 102 --diskspace 34000000000:35000000000 --save
vzctl set 102 --diskspace 3500000000:3600000000 --save
vzctl set 102 --diskspace 35000000:36000000 --save
vzctl exec 102 df -vzctl set 102 --diskspace 36000000:37000000 --save
vzctl exec 102 df -h
vzctl set 102 --vmguarpages 5130000:5140000 --save
vzctl --help
vzctl exec 102 --help
vzctl exec 102 df --help
vzctl set 105 --privvmpages 2G:3G --save
vzctl set 102 --diskinodes 3400000:3500000 --save
vzctl set 102 --quotatime 600 --save
vsyum 102 install yum
vzyum 102 install yum
vzctl enter 102
Useful command to stop httpd ddos
If you are getting ddos. To stop it temporarily, you can use following commands. These commands will work if you have csf firewall installed on your server. It will block those ip's having number of connection to server. It is not always good practice to block Ip's, it can be used when your server is flooded with httpd connections and syn attack.
for i in `netstat -plan | grep :80 |awk '{print $5}' | cut -f1 -d:| sort | uniq |sort -n | tail -3`; do csf -d $i; done;
for i in `netstat -anp | grep SYN* |awk '{print $5}' | cut -f1 -d:| sort | uniq |sort -n | tail -5`; do csf -d $i; done;
for i in `netstat -plan | grep :80 |awk '{print $5}' | cut -f1 -d:| sort | uniq |sort -n | tail -3`; do csf -d $i; done;
for i in `netstat -anp | grep SYN* |awk '{print $5}' | cut -f1 -d:| sort | uniq |sort -n | tail -5`; do csf -d $i; done;
Setup Memory in VPS :-
Setup Memory in VPS :-
========================================================================================
To make things a bit simpler, let's look at setting a VPS with a minimum of 256MB of RAM, and up to 1GB. To do that, set the vmguarpages (that's the memory that's guaranteed to the VPS) and privvmpages (that's the maximum amount of memory that will be granted) parameters:
========================================================================================
vzctl set vpsid --vmguarpages 65536 --save --> 256 MB RAM
vzctl set vpsid --privvmpages 262144 --save --> 1GB burstable RAM
========================================================================================
384MB
vzctl set vpsid --vmguarpages $((384 * 256)) --save
2GB
vzctl set vpsid --privvmpages (262144 * 2) --save = vzctl set vpsid --privvmpages 524288 --save
========================================================================================
512MB
vzctl set vpsid --vmguarpages $((384 * 256)) --save
4GB
vzctl set vpsid --privvmpages (262144 * 4) --save = vzctl set vpsid --privvmpages 1048576 --save
========================================================================================
========================================================================================
Total Memory usage :-
# vzcalc -v vpsid
========================================================================================
To make things a bit simpler, let's look at setting a VPS with a minimum of 256MB of RAM, and up to 1GB. To do that, set the vmguarpages (that's the memory that's guaranteed to the VPS) and privvmpages (that's the maximum amount of memory that will be granted) parameters:
========================================================================================
vzctl set vpsid --vmguarpages 65536 --save --> 256 MB RAM
vzctl set vpsid --privvmpages 262144 --save --> 1GB burstable RAM
========================================================================================
384MB
vzctl set vpsid --vmguarpages $((384 * 256)) --save
2GB
vzctl set vpsid --privvmpages (262144 * 2) --save = vzctl set vpsid --privvmpages 524288 --save
========================================================================================
512MB
vzctl set vpsid --vmguarpages $((384 * 256)) --save
4GB
vzctl set vpsid --privvmpages (262144 * 4) --save = vzctl set vpsid --privvmpages 1048576 --save
========================================================================================
========================================================================================
Total Memory usage :-
# vzcalc -v vpsid
Useful command for server auditing
You can audit your server using following command which will list a lot stuff and their versions. You should run whole command at a time.
uname -a; php -i | grep -E "PHP Version|allow_url|disable_f|register_globals.*="; php4 -i | grep -E "PHP Version|allow_url|disable_f|register_globals.*=" ; grep mod.*sec /etc/httpd/conf/httpd.conf;ls -lha /etc/cron.daily/mod*sec* ; csf -v; apf |grep version ; rkhunter -V | grep "Rootkit Hunter" | grep -Ev "development|WARRANTY"; rpm -q udev; /usr/local/cpanel/bin/rebuild_phpconf --current; lsmod | grep -E "pppox|hidp|l2cap|bluetooth|sctp"; yum check-update bind | grep bind
uname -a; php -i | grep -E "PHP Version|allow_url|disable_f|register_globals.*="; php4 -i | grep -E "PHP Version|allow_url|disable_f|register_globals.*=" ; grep mod.*sec /etc/httpd/conf/httpd.conf;ls -lha /etc/cron.daily/mod*sec* ; csf -v; apf |grep version ; rkhunter -V | grep "Rootkit Hunter" | grep -Ev "development|WARRANTY"; rpm -q udev; /usr/local/cpanel/bin/rebuild_phpconf --current; lsmod | grep -E "pppox|hidp|l2cap|bluetooth|sctp"; yum check-update bind | grep bind
Open port using Iptables
Hello Friends,
Following are the commands to open tcp or udp ports on the server.
Before using commands for opening the port please make sure the specific port is already opend and what is the use of that port.
you can verify the port with
netstat -nap | grep :
Say here we have to open port 25
1.you can open TCp port with
iptables -A INPUT -p tcp –dport 25 -j ACCEPT
2. You can open UDP port with
iptables -A INPUT -p udp –sport -j ACCEPT
after that
3 service iptables save
and for flushhing iptables us
iptables -F
iptables -A INPUT -s 210.0.143.122 -j DROP
203.162.3.147
iptables -L
service iptables save
Following are the commands to open tcp or udp ports on the server.
Before using commands for opening the port please make sure the specific port is already opend and what is the use of that port.
you can verify the port with
netstat -nap | grep :
iptables -A INPUT -p tcp –dport 25
2. You can open UDP port with
iptables -A INPUT -p udp –sport
after that
3 service iptables save
and for flushhing iptables us
iptables -F
iptables -A INPUT -s 210.0.143.122 -j DROP
203.162.3.147
iptables -L
service iptables save
Directadmin License Error :-
Login to the server with root.
1. Go to the /usr/lcoal/directadmin/scripts
2. Run cat setup.txt
Grab the uid and lid from that
3. Then run /usr/lcoal/directadmin/scripts/getLicense.sh
4. Restart the directadmin service.
1. Go to the /usr/lcoal/directadmin/scripts
2. Run cat setup.txt
Grab the uid and lid from that
3. Then run /usr/lcoal/directadmin/scripts/getLicense.sh
4. Restart the directadmin service.
Nov 15, 2009
Email problem in Plesk
mail logs
tail -f /usr/local/psa/var/log/maillog
Q : error > domain not listed in rcpthosts
Sol > check the entry of domain in /var/qmail/control/rcpthosts and virtualdomains
tail -f /usr/local/psa/var/log/maillog
Q : error > domain not listed in rcpthosts
Sol > check the entry of domain in /var/qmail/control/rcpthosts and virtualdomains
Qmail in plesk
flush qmail in plesk
1.To check qmail in plesk:
/var/qmail/bin/qmail-qstat
2.To send qmail in plesk:
/var/qmail/bin/qmail-send
3.To flush qmail in plesk:
/var/qmail/bin/qmail-clean
mails that are send from any user are stored in the following path
/var/qmail/mailnames/rhys-white.org/rhys/Maildir/.sent-mail/cur
Mail that are received are stored at:
/var/qmail/mailnames/rhys-white.org/rhys/Maildir/new
Delete mails from queue:
go to /var/qmail/queue/mess
In mess folder delete all the folders
Mails not being delivered to outside domains:
rm maillog
mv maillog.old maillog
wall we tried stopping qmail and inetd servers to remove maillog but this does seem to have worked
service xinetd stop
service qmail stop
ls
mv maillog maillog.old
touch maillog
service xinetd start
service qmail start
If you send ALRM signal to the qmail-send process, Qmail will try to process all messages in queue again immediately.
# ps ax | grep qmail-send
# kill -ALRM
hold time for mails in queue: to set in /var/qmail/control
http://forum.plesk.com/showthread.php?s=&threadid=11003&highlight=temporary+URL
Block mail from particular address : add the domain in /var/qmail/control/badmailfrom
mail logs:
tail -f /usr/local/psa/var/log/maillog
logfile:/usr/local/psa/var/log/maillog
ignorefile:/usr/local/etc/spam-ignore.txt
badmailfile:/var/qmail/control/badmailfrom
statfile:/usr/local/etc/spamguard.stat
warning count:30
block count:50
paranoid count:100
hostname: web5.3essentials.com
Spammers:
No spammer found yet
Sponsored link
1.To check qmail in plesk:
/var/qmail/bin/qmail-qstat
2.To send qmail in plesk:
/var/qmail/bin/qmail-send
3.To flush qmail in plesk:
/var/qmail/bin/qmail-clean
mails that are send from any user are stored in the following path
/var/qmail/mailnames/rhys-white.org/rhys/Maildir/.sent-mail/cur
Mail that are received are stored at:
/var/qmail/mailnames/rhys-white.org/rhys/Maildir/new
Delete mails from queue:
go to /var/qmail/queue/mess
In mess folder delete all the folders
Mails not being delivered to outside domains:
rm maillog
mv maillog.old maillog
wall we tried stopping qmail and inetd servers to remove maillog but this does seem to have worked
service xinetd stop
service qmail stop
ls
mv maillog maillog.old
touch maillog
service xinetd start
service qmail start
If you send ALRM signal to the qmail-send process, Qmail will try to process all messages in queue again immediately.
# ps ax | grep qmail-send
# kill -ALRM
hold time for mails in queue: to set in /var/qmail/control
http://forum.plesk.com/showthread.php?s=&threadid=11003&highlight=temporary+URL
Block mail from particular address : add the domain in /var/qmail/control/badmailfrom
mail logs:
tail -f /usr/local/psa/var/log/maillog
logfile:/usr/local/psa/var/log/maillog
ignorefile:/usr/local/etc/spam-ignore.txt
badmailfile:/var/qmail/control/badmailfrom
statfile:/usr/local/etc/spamguard.stat
warning count:30
block count:50
paranoid count:100
hostname: web5.3essentials.com
Spammers:
No spammer found yet
Sponsored link
Add new Domain in Plesk
Please follow these steps to add another domain into your control panel :
1. Login into your control panel and click on your main domain.
2. Then click on the limits and set all the limits to half of existing. (eg: if space is set to 500 make it 250).
The above steps will divide all your limits in to two parts, one for each domain.
3. Click on OK.
4. Again go on the main page by clicking on "Up Level" on top right corner.
5. Click on Add New Domain and enter the new domainname.
6. Select template as : Create domain without tamplate and click Ok
7. Select Physical hosting and click Ok
8. Add your FTP details and click Ok
9. Goto the limits of your newly added domain and set the limits to same as your main domain.
1. Login into your control panel and click on your main domain.
2. Then click on the limits and set all the limits to half of existing. (eg: if space is set to 500 make it 250).
The above steps will divide all your limits in to two parts, one for each domain.
3. Click on OK.
4. Again go on the main page by clicking on "Up Level" on top right corner.
5. Click on Add New Domain and enter the new domainname.
6. Select template as : Create domain without tamplate and click Ok
7. Select Physical hosting and click Ok
8. Add your FTP details and click Ok
9. Goto the limits of your newly added domain and set the limits to same as your main domain.
Log file in Plesk
Where are the log files for each domain located in plesk
Each domain's log files are located in the /statistics/logs/ directory in the each domain's home directory
Activate logrotation in plesk from the log manager in control panel.
you can check the entry in shell from here.
log rotation config files for each domain located in /usr/local/psa/etc/logrotate.d/ and the main config file located in /etc/psa/logrotate.conf.
Now the main config file has one include directive for the /usr/local/psa/etc/logrotate.d/ directory.
mail logs
tail -f /usr/local/psa/var/log/maillog
Each domain's log files are located in the /statistics/logs/ directory in the each domain's home directory
Activate logrotation in plesk from the log manager in control panel.
you can check the entry in shell from here.
log rotation config files for each domain located in /usr/local/psa/etc/logrotate.d/ and the main config file located in /etc/psa/logrotate.conf.
Now the main config file has one include directive for the /usr/local/psa/etc/logrotate.d/ directory.
mail logs
tail -f /usr/local/psa/var/log/maillog
Install ClientExec
If you purchased ClientExec or if your hosting package qualifies you for a free instance, you will need to follow these steps;
Obtain the ClientExec from our Download section.
Please note: you will need to be logged in to have access to the downloads.
1) Unzip the contents of your compressed ClientExec file
2) FTP to your server and upload all the content files from the ClientExec zip file.
3) Visit http://yourceurl/install.php and click on Install. Follow the steps until the installer prompts your for a license key. Stop at this point and do not try to continue.
4) Login and submit a ticket in our Support department and include a url to your installation path and we will finish the install for you.
5) Delete install.php and enjoy.
Any ClientExec licenses must remain on ResellerWays's network wiether it be free or paid and must retain a valid hosting account.
The "free" or discounted offering is only valid to the main account holder upon signing up.
Obtain the ClientExec from our Download section.
Please note: you will need to be logged in to have access to the downloads.
1) Unzip the contents of your compressed ClientExec file
2) FTP to your server and upload all the content files from the ClientExec zip file.
3) Visit http://yourceurl/install.php and click on Install. Follow the steps until the installer prompts your for a license key. Stop at this point and do not try to continue.
4) Login and submit a ticket in our Support department and include a url to your installation path and we will finish the install for you.
5) Delete install.php and enjoy.
Any ClientExec licenses must remain on ResellerWays's network wiether it be free or paid and must retain a valid hosting account.
The "free" or discounted offering is only valid to the main account holder upon signing up.
Server Monitoring
Following are few commands used for the Linux server load monitoring and maintenance
Commands:
top: - used for the viewing current process going on the server. You will get a dynamic table of running process as a output .The table content following columns.
For example using more option with the top command you can get a better output
For example: -
top c PID USER Page Ranking NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
PID: - process id
User: - owner of that process
We omit the Page Ranking NI VIRT RES SHR
%CPU: - CPU usage of the process
%MEM : - memory usage of the proces TIME+ :- the process is running form.
COMMAND: - the actual command
You can kill or renice the process is causing high load on the using the kill command
Format:-
1. Kill -9 PID
-9 is special Kill signal, which will kill the process.
2. Killall process name
killall -9 lighttpd
Another command to view process going on the server,
ps aufx
Usage :-
ps aufx | grep processname
example :-
ps aufx | grep nobody
ps -aux | grep ftp >> used for checking ftp action taken by user like uploading /downloading files
Log files :-
tail -f /usr/local/apache/logs/access_log :-
tail -f /usr/local/apache/logs/error_log :- site access error logs
tail -f /var/log/exim_mainlog :- mail logs.
usr/local/apache/logs :: access log, error log, if configured php logs, domain logs(domlogs),module logs, httpd pid
tail -f /usr/local/apache/logs/access_log fro httpd
/var/log/
* /var/log/message: Genreal message and system releated stuff
* /var/log/auth.log: Authenication logs
* /var/log/kern.log: Kernel logs
* /var/log/cron.log: Crond logs
* /var/log/maillog: Mail logs
* /var/log/qmail/ : Qmail log directory (more files inside this directory)
* /var/log/httpd/: Apache access and error logs directory
* /var/log/lighttpd: Lighttpd access and error logs directory
* /var/log/boot.log : System boot log
* /var/log/mysqld.log: MySQL database server log file
* /var/log/secure: Authentication log
* /var/log/utmp or /var/log/wtmp : Login records file
* /var/log/yum.log: Yum log files
For spamming issue or high mail queue you can check the logs
tail -f /var/log/exim_mainlog | grep sendmail, public_html, tmp
MYSQL:-
mysqladmin processlist :- shows current mysql database usage
watch mysqladmin processlist :- dynamic usage of mysql process .
Service restart commands- /scripts/restartsrv_servicename
restartsrv_entropychat*
restartsrv_exim*
restartsrv_eximstats*
restartsrv_ftpserver*
restartsrv_httpd*
restartsrv_imap*
restartsrv_inetd*
restartsrv_interchange*
restartsrv_ipaliases*
restartsrv_melange*
restartsrv_mysql*
restartsrv_named*
restartsrv_nsd*
restartsrv_postgres*
restartsrv_postgresql*
restartsrv_proftpd*
restartsrv_pureftpd*
restartsrv_rsyslogd*
restartsrv_spamd*
restartsrv_sshd*
restartsrv_syslogd*
restartsrv_tailwatchd*
restartsrv_tomcat*
restartsrv_xinetd*
Commands:
top: - used for the viewing current process going on the server. You will get a dynamic table of running process as a output .The table content following columns.
For example using more option with the top command you can get a better output
For example: -
top c PID USER Page Ranking NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
PID: - process id
User: - owner of that process
We omit the Page Ranking NI VIRT RES SHR
%CPU: - CPU usage of the process
%MEM : - memory usage of the proces TIME+ :- the process is running form.
COMMAND: - the actual command
You can kill or renice the process is causing high load on the using the kill command
Format:-
1. Kill -9 PID
-9 is special Kill signal, which will kill the process.
2. Killall process name
killall -9 lighttpd
Another command to view process going on the server,
ps aufx
Usage :-
ps aufx | grep processname
example :-
ps aufx | grep nobody
ps -aux | grep ftp >> used for checking ftp action taken by user like uploading /downloading files
Log files :-
tail -f /usr/local/apache/logs/access_log :-
tail -f /usr/local/apache/logs/error_log :- site access error logs
tail -f /var/log/exim_mainlog :- mail logs.
usr/local/apache/logs :: access log, error log, if configured php logs, domain logs(domlogs),module logs, httpd pid
tail -f /usr/local/apache/logs/access_log fro httpd
/var/log/
* /var/log/message: Genreal message and system releated stuff
* /var/log/auth.log: Authenication logs
* /var/log/kern.log: Kernel logs
* /var/log/cron.log: Crond logs
* /var/log/maillog: Mail logs
* /var/log/qmail/ : Qmail log directory (more files inside this directory)
* /var/log/httpd/: Apache access and error logs directory
* /var/log/lighttpd: Lighttpd access and error logs directory
* /var/log/boot.log : System boot log
* /var/log/mysqld.log: MySQL database server log file
* /var/log/secure: Authentication log
* /var/log/utmp or /var/log/wtmp : Login records file
* /var/log/yum.log: Yum log files
For spamming issue or high mail queue you can check the logs
tail -f /var/log/exim_mainlog | grep sendmail, public_html, tmp
MYSQL:-
mysqladmin processlist :- shows current mysql database usage
watch mysqladmin processlist :- dynamic usage of mysql process .
Service restart commands- /scripts/restartsrv_servicename
restartsrv_entropychat*
restartsrv_exim*
restartsrv_eximstats*
restartsrv_ftpserver*
restartsrv_httpd*
restartsrv_imap*
restartsrv_inetd*
restartsrv_interchange*
restartsrv_ipaliases*
restartsrv_melange*
restartsrv_mysql*
restartsrv_named*
restartsrv_nsd*
restartsrv_postgres*
restartsrv_postgresql*
restartsrv_proftpd*
restartsrv_pureftpd*
restartsrv_rsyslogd*
restartsrv_spamd*
restartsrv_sshd*
restartsrv_syslogd*
restartsrv_tailwatchd*
restartsrv_tomcat*
restartsrv_xinetd*
Secure and harden Linux server
====================================
1. Advanced Policy Firewall -- APF Installation
====================================
Here we are going to install an awesome firewall onto your server. Advanced Policy Firewall
APF Site Description of the software:
APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux.
Summary of features:
- global ports configurtion via simple config file
- configurable policies for each ip on the system [global config overrides]
- powerfull postrouting rules for FWMARK and TOS
- plug-in friendly for QoS [CBQ/HTB]
- antidos subsystem to stop attacks before they become a significant threat
- dshield.org block list support to ban networks exhibiting suspicious activity
- advanced set of sysctl parameters for TCP stack hardening
- advanced set of filter rules to remove undesired traffic
- easy to use firewall managment script
- trust based rule files (allow/deny); with advanced syntax support
________________________________________
1. Make /usr/src the current working directory.
cd /usr/src
2. Obtain the most curent verison of APF.
wget http://rfxnetworks.com/downloads/apf-current.tar.gz
3. Expand the APF tar.gz file.
tar -xvzf apf-current.tar.gz
4. Remove the tar.gz file.
rm -f apf-current.tar.gz
5. Locate the APF directory.
ls -la
Look for a directory named apf-#.#/ where #.# represents the version of APF being installed
(APF version 0.8.7 would be in a directory apf-0.8.7/ and version 0.9 would be in a directory named apf-0.9).
6. Make the APF directory the current working directory.
Use the directory name you located in step 5.
Note that the numbers will change as new versions are released.
cd apf-0.9
7. Run the APF install.
sh ./install.sh
8. Make /etc/apf the current working directory.
cd /etc/apf
9. Edit the conf.apf file as desired.
pico -w conf.apf
In order for this firewall to work properly you have to edit/add/delete ports.
These ports will allow services such as mail, ftp, and ssh to come in and out of the server.
If you have changed any ports, please modify them below and add/remove as needed.
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,9 93,995,2082,2083,2086,2087,2095,2096,3306,10000,35 000_35999"
please note that ports 2082 to port 2095 is mostly used by cpanel, and port 19638 is only use in
ensim.
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="20,21,53,1040"
Change:
* RAB="0" to RAB="1"
* RAB_PSCAN_LEVEL="2" to RAB_PSCAN_LEVEL="3"
* TCR_PASS="1" to TCR_PASS="0"
* DLIST_PHP="0" to DLIST_PHP="1"
* DLIST_SPAMHAUS="0" to DLIST_SPAMHAUS="1"
* DLIST_DSHIELD="0" to DLIST_DSHIELD="1"
* DLIST_RESERVED="0" to DLIST_RESERVED="1"
Find IFACE_IN= and IFACE_OUT= in /etc/apf/conf.apf and verify that they match your network interface
Locate HELPER_SSH_PORT=”22″ and change it to your SSH port IF you changed it in your sshd_config
Locate IG_TCP_CPORTS=”22″ and change it to your SSH port IF you changed it in your sshd_config
10. After you have finished editing the ports save the file and test APF.
CTRL-x, y to save enter to confirm
11. Start APF by typing.
./apf --start
or
service apf start
12. If APF is functioning properly and you are not locked out edit the conf.apf again
pico -w conf.apf
13. When your happy with your firewall and everything works fine, Edit /apf.conf find DEVEL_MODE=”1″ and change it to DEVEL_MODE=”0″
14. Once done Exit and save the file.
CTRL-x, y to save enter to confirm
15. Restart APF
service apf restart
Make sure APF starts automatic after restart
chkconfig --add apf
chkconfig --level 345 apf on
Problem: If you get this error apf(xxxxx): {glob} unable to load iptables module (ip_tables), aborting.
Solution: Try changing SET_MONOKERN=”0″ to SET_MONOKERN=”1″ , then apf -r
Problem: If you get this message: apf(xxxxx): {glob} !!DEVELOPMENT MODE ENABLED!! – firewall will flush every 5 minutes.
Solution: you need to change DEVEL_MODE=1 to DEVEL_MODE=0, make sure your config is working first.
Enabling connections for server monitoring.
Some service providers that offer monitoring need access to your server, and access
without setting off alarms, firewalls etc. is a good thing. Just becareful which IP(s) you put in here.
1. To allow connections from xx.xx.xx.xx/24
pico -w /etc/apf/allow_hosts.rules
2. At the very end of the file add this line
xx.xx.xx.xx/24
Of course replace the xx.xx.xx.xx with the IP address provided to you.
====================================
2. BFD (Brute Force Detection)
====================================
What is Brute Force Detection? (BFD)
BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans.
This How-To will show you how to install BFD on your Linux Server to prevent and monitor brute force hack attempts.
This software like some others has requirements. You must be running APF / Advanced Policy Firewall for Brute Force Detection to work.
1. Login to your server via SSH as Root.
2. Type:
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
3. Type:
tar -xvzf bfd-current.tar.gz
4. Type:
cd bfd*
5. Now let's install BFD onto the server.
Type:
./install.sh
:: You Should See ::
.: BFD installed
Install path: /usr/local/bfd
Config path: /usr/local/bfd/conf.bfd
Executable path: /usr/local/sbin/bfd
6. Now we need to edit the configuration file, and set some options.
Don't worry the BFD Configuration isn't hard to edit or understand!
Type: pico -w /usr/local/bfd/conf.bfd
7. Now we need to find the line to edit:
Press: CTRL-WType: ALERT_USR
Change ALERT_USR="0" TO ALERT_USR="1"
Right below that we need to change the email:
Change EMAIL_USR="root" TO EMAIL_USR="you@yoursite.com"
8. That wasn't to bad let's save and exit the file
Press: CTRL-X then type Y then hit enter 9. Now we have to prevent locking yourself out of the server.
Type: pico -w /usr/local/bfd/ignore.hosts 10. Add any IP address that you want to be ignored from the rules.
If your server provider is doing monitoring add their IP(s) here.
Since you need these IPs open in APF as well you cancopy the IPs you used in APF
Type: pico -w /etc/apf/allow_hosts.rulesThen scroll down to the bottom and copy those IPs (drag mouse over that's it)
Press: CTRL-XType: pico -w /usr/local/bfd/ignore.hosts Paste those IPs to the bottom. You should also add your home IP if you hadn't done so before.
If your home IP is dynamic this is not a good idea, and you should get a static IP.
Press: CTRL-X then Y to save then enter. Now lets run BDF!!!
Type: /usr/local/sbin/bfd -s
====================================
3. CHKROOTKIT
====================================
Installation How-To :
1. Login to your server as root. (SSH)
2. Type:
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
3. Type:
tar xvzf chkrootkit.tar.gz
4. Change to new directory
cd chkrootkit*
5. Compile It
make sense
6. Now give it a test.
./chkrootkit
Everything should read not found, and/or not infected
This is a GOOD thing!
How-To make chkrootkit e-mail you daily :
1. Login to your server as root. (SSH)
2. Type:
crontab -e
3. Add this line to the top:
0 1 * * * (cd /path/to/chkrootkit; ./chkrootkit 2>&1 | mail -s "chkrootkit output" root)
This will run CHKROOTKIT at 1am every day, and e-mail the output to root.
If you are in PICO
CTRl-X, Y, Enter to save and exit
====================================
4. Disabling Direct Root Login (SSH)
====================================
If you're using cPanel make sure you add your anotheruser user to the 'wheel' group so that you will be able to 'su -' to root, otherwise you may lock yourself out of root.
Set up anotheruser if you haven't already got one:
a. Type: groupadd anotheruser
b. Type: useradd anotheruser -ganotheruser
c. Type: passwd anotheruser passwordhere
and add a password for the new account.
On a CPanel system, you can (MUST) now go into root WHM and add anotheruser to the wheel group.
After you do this, you will have to login as anotheruser then you will 'su -' to get to root.
If you need this option send SLHOST an email to support@slhost.com
====================================
5. Disabling Telnet Access
====================================
Telnet should be disabled, and you should use SSH. Telnet sends password in plain text, and 'crackers/hackers' can obtain these passwords easily compared to SSH, and then takeover your dedicated web server.
1. Type: pico -w /etc/xinetd.d/telnet
2. Change the disable = no line to
disable = yes.
3. CTRL+x, then y then enter to save the file.
Restart xinted with:
/etc/rc.d/init.d/xinetd restart
====================================
6. Force the use of SSH protocol 2
====================================
SSH Protocol 1 based systems are facing many automated "root kits".
As a result to step up the security Protcol 2 should be enabled as soon as possible.
The reason to use SSH Protocol 2 on your dedicated webserver is that it is more secure.
1. Type: pico -w /etc/ssh/sshd_config
2. Find the line: #Protocol 2, 1
Uncomment it and change it to look like:
Protocol 2
3. CTRL+x, then y then enter to save the file.
4. Now Restart SSH with
/etc/rc.d/init.d/sshd restart
(If the above restart does not work you will need to login to WHM as root
and restart the service.)
====================================
7. How to install mail scanner
====================================
How to install mail scanner (Mail Scanner & ClamAV Installation)
This is an addon to Exim. Exim is still the MTA, Mail Scanner scans and clamav is the AV system.
This will help in preventing the spread of virus's through your webserver. It will deny/block the virus's
so that they do not reach the recipient. ClamAv can be used at the command line however the main purpose of this
software is the integration with mail servers (attachment scanning). Which is what Mail Scanner & ClamAV do.
1. Login to your server via SSH.
2. Type:
wget http://layer1.cpanel.net/mailscanner...all-1.5.tar.gz
3. Type:
tar zxvf mailscanner-autoinstall-1.5.tar.gz
4. Type:
cd mailscanner*
5. Type:
./install
This make take up to 5 minutes to download, and install all the librarys require for Mail Scanner.
6. If the above Finished and brought you back to prompt goto step #7 if not continue with step 6
Press: CTRL-C
Type: pico -w install
Comment out these lines w/ a #
print "Installing Perl Modules...";
ssystem("/scripts/perlinstaller","MIME::Base64","File::Spec","HTML:: Tagset","HTML::Parser","MIME::Tools","File::Temp", "Convert::TNEF");
print "Done\n";
So they look like this:
#print "Installing Perl Modules...";
#ssystem("/scripts/perlinstaller","MIME::Base64","File::Spec","HTML:: Tagset","HTML::Parser","MIME::Tools","File::Temp", "Convert::TNEF");
#print "Done\n";
Login to WHM as Root.
Install the above Modules in WHM's Perl Module Installer.
Type: ./install
Then goto Step #7 when install finishes
7. Type:
killall -9 MailScanner
8. Type:
/usr/mailscanner/bin/check_mailscanner
If you want to look at the Mail Scanner configuration file you can do so by.
Type: pico -w /usr/mailscanner/etc/MailScanner.conf
DO NOT Enable anything to do with SpamAssin.
====================================
8. Jail all users
====================================
Let's prevent the users from accessing any directories/files outside of their home directory.
This is a great security precaution and should be done.
1. Login to WHM as root.
2. Account Functions
Manage Shell Access
Jail All Users
If possible it is best to NOT
grant shell access to users at all.
====================================
9. Remove Trojan by CHKROOTKIT
====================================
*NOTE* This is a HUGE step "INTO" your server. Doing anything wrong can severly damage your server and make it non-responsive. Do this entire how-to at your own risk. This is NOT a substitute for re-installing the OS, this is simply another WAY to remove a rootkit called T0rnkitv8
If you have not already done so do this step first.
Login to WHM as root
Click Tweak Settings
and please remove the tick from
[ ] Allow cPanel users to reset their password via email
1. Login to your server via SSH
2. Run CHKROOTKIT. If you do not have this installed then visit CHKROOTKIT Installation and continue once you do.
You will see some INFECTED lines/files. It should also report hidden processes.
Here's an example of partial output.
Checking `ifconfig'... INFECTED
Checking `login'... INFECTED
Checking `pstree'... INFECTED
and also:
Checking `lkm'... You have X process hidden for ps command
Warning: Possible LKM Trojan installed
Type: /etc/init.d/syslog restartShutting down kernel logger: [ OK ]
Shutting down system logger: [ OK ]
Starting system logger: [FAILED]
Starting kernel logger: [ OK ]
3. Type: top
You may/will then see:
top: error while loading shared libraries: libncurses.so.4: cannot open shared object file: No such file or directory
4. type: /etc/rc.d/rc.sysinit
# Xntps (NTPv3 daemon) startup..
/usr/sbin/xntps -q
________________________________________
Configuration files
/usr/include/file.h (for file hiding)
/usr/include/proc.h (for ps proc hiding)
/lib/lidps1.so (for pstree hiding)
/usr/include/hosts.h (for netstat and net-hiding)
/usr/include/log.h (for log hiding)
/lib/lblip.tk/ (backdoored ssh configuration files are in this directory)
/dev/sdr0 (systems md5 checksum)
/lib/ldd.so {placing tks(sniffer), tkp(parser) and tksb(log cleaner)}
Infected Binaries:
top, ps, pstree lsof, md5sum, dir, login, encrypt,ifconfig,find,ls,slocate,
tks,tksb,top,tkpnetstat,pg,syslogd,sz
Infected Librairies:
libproc.a,libproc.so.2.0.6,libproc.so
BackDoor: (located at /lib/lblip.tk)
shdc
shhk.pub
shk
shrs
--------------------------------------------------------
Now, Lets start the cleaning process:
1. Type: pico /etc/rc.d/rc.sysinit
remove the lines that show
# Xntps (NTPv3 daemon) startup..
/usr/sbin/xntps -q
2. reboot the system
WARNING: 2 servers got their kernel removed after reboot.
If your's does this too and that is what the DataCenter complains after reboot, please ask them to do the following:
reboot the system using the redhat CD into rescue mode
chroot to the /mnt/sysimage
reinstall kernel packages
that should fix it.
-- since already in resuce mode, perhaps also ask them to -- force install the following rpm's
procps*.rpm
psmisc*.rpm
findutils*.rpm
fileutils*.rpm
util-linux*.rpm
net-tools*.rpm
textutils*.rpm
sysklogd*.rpm
3. After the system is up
Type: cd /lib
Type: rm -rf lblip.tk
4. Remove the configuration files given above.
5. Type: cat /etc/redhat-releasenote down your version of redhat, then from
www.rpmfind.net
search for the following rpm's
procps*.rpm
psmisc*.rpm
findutils*.rpm
fileutils*.rpm
util-linux*.rpm
net-tools*.rpm
textutils*.rpm
sysklogd*.rpm
-- and rpm --force install them
6. if you see the hosts.h file, it says to hide all IP's from
Type: cat /usr/include/hosts.h
193.60
If you want, you can block all the IP's from 193.60 to your server via iptables.
Or if you have APF you can add them to the Deny File.
7. If the above is completed.
Reboot the Server & Run CHKROOTKIT again.
====================================
10. Secure /tmp Directory ( Very Important )
====================================
Many hackers/malicious users are exploiting the /tmp directory to execute files. This is a huge security problem for dedicated server owners as it practically leaves your server wide open for a complete takeover.
The following is how to secure your /TMP directory using a cPanel Script.
You MUST have cPanel installed for this to work.
1. Login to your server as root via SSH.
2. Type: /scripts/securetmp That's it your done. cPanel wrote that script to allow users to secure their /TMP Directory very easily.
Don't miss it
1. Advanced Policy Firewall -- APF Installation
====================================
Here we are going to install an awesome firewall onto your server. Advanced Policy Firewall
APF Site Description of the software:
APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux.
Summary of features:
- global ports configurtion via simple config file
- configurable policies for each ip on the system [global config overrides]
- powerfull postrouting rules for FWMARK and TOS
- plug-in friendly for QoS [CBQ/HTB]
- antidos subsystem to stop attacks before they become a significant threat
- dshield.org block list support to ban networks exhibiting suspicious activity
- advanced set of sysctl parameters for TCP stack hardening
- advanced set of filter rules to remove undesired traffic
- easy to use firewall managment script
- trust based rule files (allow/deny); with advanced syntax support
________________________________________
1. Make /usr/src the current working directory.
cd /usr/src
2. Obtain the most curent verison of APF.
wget http://rfxnetworks.com/downloads/apf-current.tar.gz
3. Expand the APF tar.gz file.
tar -xvzf apf-current.tar.gz
4. Remove the tar.gz file.
rm -f apf-current.tar.gz
5. Locate the APF directory.
ls -la
Look for a directory named apf-#.#/ where #.# represents the version of APF being installed
(APF version 0.8.7 would be in a directory apf-0.8.7/ and version 0.9 would be in a directory named apf-0.9).
6. Make the APF directory the current working directory.
Use the directory name you located in step 5.
Note that the numbers will change as new versions are released.
cd apf-0.9
7. Run the APF install.
sh ./install.sh
8. Make /etc/apf the current working directory.
cd /etc/apf
9. Edit the conf.apf file as desired.
pico -w conf.apf
In order for this firewall to work properly you have to edit/add/delete ports.
These ports will allow services such as mail, ftp, and ssh to come in and out of the server.
If you have changed any ports, please modify them below and add/remove as needed.
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,9 93,995,2082,2083,2086,2087,2095,2096,3306,10000,35 000_35999"
please note that ports 2082 to port 2095 is mostly used by cpanel, and port 19638 is only use in
ensim.
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="20,21,53,1040"
Change:
* RAB="0" to RAB="1"
* RAB_PSCAN_LEVEL="2" to RAB_PSCAN_LEVEL="3"
* TCR_PASS="1" to TCR_PASS="0"
* DLIST_PHP="0" to DLIST_PHP="1"
* DLIST_SPAMHAUS="0" to DLIST_SPAMHAUS="1"
* DLIST_DSHIELD="0" to DLIST_DSHIELD="1"
* DLIST_RESERVED="0" to DLIST_RESERVED="1"
Find IFACE_IN= and IFACE_OUT= in /etc/apf/conf.apf and verify that they match your network interface
Locate HELPER_SSH_PORT=”22″ and change it to your SSH port IF you changed it in your sshd_config
Locate IG_TCP_CPORTS=”22″ and change it to your SSH port IF you changed it in your sshd_config
10. After you have finished editing the ports save the file and test APF.
CTRL-x, y to save enter to confirm
11. Start APF by typing.
./apf --start
or
service apf start
12. If APF is functioning properly and you are not locked out edit the conf.apf again
pico -w conf.apf
13. When your happy with your firewall and everything works fine, Edit /apf.conf find DEVEL_MODE=”1″ and change it to DEVEL_MODE=”0″
14. Once done Exit and save the file.
CTRL-x, y to save enter to confirm
15. Restart APF
service apf restart
Make sure APF starts automatic after restart
chkconfig --add apf
chkconfig --level 345 apf on
Problem: If you get this error apf(xxxxx): {glob} unable to load iptables module (ip_tables), aborting.
Solution: Try changing SET_MONOKERN=”0″ to SET_MONOKERN=”1″ , then apf -r
Problem: If you get this message: apf(xxxxx): {glob} !!DEVELOPMENT MODE ENABLED!! – firewall will flush every 5 minutes.
Solution: you need to change DEVEL_MODE=1 to DEVEL_MODE=0, make sure your config is working first.
Enabling connections for server monitoring.
Some service providers that offer monitoring need access to your server, and access
without setting off alarms, firewalls etc. is a good thing. Just becareful which IP(s) you put in here.
1. To allow connections from xx.xx.xx.xx/24
pico -w /etc/apf/allow_hosts.rules
2. At the very end of the file add this line
xx.xx.xx.xx/24
Of course replace the xx.xx.xx.xx with the IP address provided to you.
====================================
2. BFD (Brute Force Detection)
====================================
What is Brute Force Detection? (BFD)
BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans.
This How-To will show you how to install BFD on your Linux Server to prevent and monitor brute force hack attempts.
This software like some others has requirements. You must be running APF / Advanced Policy Firewall for Brute Force Detection to work.
1. Login to your server via SSH as Root.
2. Type:
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
3. Type:
tar -xvzf bfd-current.tar.gz
4. Type:
cd bfd*
5. Now let's install BFD onto the server.
Type:
./install.sh
:: You Should See ::
.: BFD installed
Install path: /usr/local/bfd
Config path: /usr/local/bfd/conf.bfd
Executable path: /usr/local/sbin/bfd
6. Now we need to edit the configuration file, and set some options.
Don't worry the BFD Configuration isn't hard to edit or understand!
Type: pico -w /usr/local/bfd/conf.bfd
7. Now we need to find the line to edit:
Press: CTRL-WType: ALERT_USR
Change ALERT_USR="0" TO ALERT_USR="1"
Right below that we need to change the email:
Change EMAIL_USR="root" TO EMAIL_USR="you@yoursite.com"
8. That wasn't to bad let's save and exit the file
Press: CTRL-X then type Y then hit enter 9. Now we have to prevent locking yourself out of the server.
Type: pico -w /usr/local/bfd/ignore.hosts 10. Add any IP address that you want to be ignored from the rules.
If your server provider is doing monitoring add their IP(s) here.
Since you need these IPs open in APF as well you cancopy the IPs you used in APF
Type: pico -w /etc/apf/allow_hosts.rulesThen scroll down to the bottom and copy those IPs (drag mouse over that's it)
Press: CTRL-XType: pico -w /usr/local/bfd/ignore.hosts Paste those IPs to the bottom. You should also add your home IP if you hadn't done so before.
If your home IP is dynamic this is not a good idea, and you should get a static IP.
Press: CTRL-X then Y to save then enter. Now lets run BDF!!!
Type: /usr/local/sbin/bfd -s
====================================
3. CHKROOTKIT
====================================
Installation How-To :
1. Login to your server as root. (SSH)
2. Type:
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
3. Type:
tar xvzf chkrootkit.tar.gz
4. Change to new directory
cd chkrootkit*
5. Compile It
make sense
6. Now give it a test.
./chkrootkit
Everything should read not found, and/or not infected
This is a GOOD thing!
How-To make chkrootkit e-mail you daily :
1. Login to your server as root. (SSH)
2. Type:
crontab -e
3. Add this line to the top:
0 1 * * * (cd /path/to/chkrootkit; ./chkrootkit 2>&1 | mail -s "chkrootkit output" root)
This will run CHKROOTKIT at 1am every day, and e-mail the output to root.
If you are in PICO
CTRl-X, Y, Enter to save and exit
====================================
4. Disabling Direct Root Login (SSH)
====================================
If you're using cPanel make sure you add your anotheruser user to the 'wheel' group so that you will be able to 'su -' to root, otherwise you may lock yourself out of root.
Set up anotheruser if you haven't already got one:
a. Type: groupadd anotheruser
b. Type: useradd anotheruser -ganotheruser
c. Type: passwd anotheruser passwordhere
and add a password for the new account.
On a CPanel system, you can (MUST) now go into root WHM and add anotheruser to the wheel group.
After you do this, you will have to login as anotheruser then you will 'su -' to get to root.
If you need this option send SLHOST an email to support@slhost.com
====================================
5. Disabling Telnet Access
====================================
Telnet should be disabled, and you should use SSH. Telnet sends password in plain text, and 'crackers/hackers' can obtain these passwords easily compared to SSH, and then takeover your dedicated web server.
1. Type: pico -w /etc/xinetd.d/telnet
2. Change the disable = no line to
disable = yes.
3. CTRL+x, then y then enter to save the file.
Restart xinted with:
/etc/rc.d/init.d/xinetd restart
====================================
6. Force the use of SSH protocol 2
====================================
SSH Protocol 1 based systems are facing many automated "root kits".
As a result to step up the security Protcol 2 should be enabled as soon as possible.
The reason to use SSH Protocol 2 on your dedicated webserver is that it is more secure.
1. Type: pico -w /etc/ssh/sshd_config
2. Find the line: #Protocol 2, 1
Uncomment it and change it to look like:
Protocol 2
3. CTRL+x, then y then enter to save the file.
4. Now Restart SSH with
/etc/rc.d/init.d/sshd restart
(If the above restart does not work you will need to login to WHM as root
and restart the service.)
====================================
7. How to install mail scanner
====================================
How to install mail scanner (Mail Scanner & ClamAV Installation)
This is an addon to Exim. Exim is still the MTA, Mail Scanner scans and clamav is the AV system.
This will help in preventing the spread of virus's through your webserver. It will deny/block the virus's
so that they do not reach the recipient. ClamAv can be used at the command line however the main purpose of this
software is the integration with mail servers (attachment scanning). Which is what Mail Scanner & ClamAV do.
1. Login to your server via SSH.
2. Type:
wget http://layer1.cpanel.net/mailscanner...all-1.5.tar.gz
3. Type:
tar zxvf mailscanner-autoinstall-1.5.tar.gz
4. Type:
cd mailscanner*
5. Type:
./install
This make take up to 5 minutes to download, and install all the librarys require for Mail Scanner.
6. If the above Finished and brought you back to prompt goto step #7 if not continue with step 6
Press: CTRL-C
Type: pico -w install
Comment out these lines w/ a #
print "Installing Perl Modules...";
ssystem("/scripts/perlinstaller","MIME::Base64","File::Spec","HTML:: Tagset","HTML::Parser","MIME::Tools","File::Temp", "Convert::TNEF");
print "Done\n";
So they look like this:
#print "Installing Perl Modules...";
#ssystem("/scripts/perlinstaller","MIME::Base64","File::Spec","HTML:: Tagset","HTML::Parser","MIME::Tools","File::Temp", "Convert::TNEF");
#print "Done\n";
Login to WHM as Root.
Install the above Modules in WHM's Perl Module Installer.
Type: ./install
Then goto Step #7 when install finishes
7. Type:
killall -9 MailScanner
8. Type:
/usr/mailscanner/bin/check_mailscanner
If you want to look at the Mail Scanner configuration file you can do so by.
Type: pico -w /usr/mailscanner/etc/MailScanner.conf
DO NOT Enable anything to do with SpamAssin.
====================================
8. Jail all users
====================================
Let's prevent the users from accessing any directories/files outside of their home directory.
This is a great security precaution and should be done.
1. Login to WHM as root.
2. Account Functions
Manage Shell Access
Jail All Users
If possible it is best to NOT
grant shell access to users at all.
====================================
9. Remove Trojan by CHKROOTKIT
====================================
*NOTE* This is a HUGE step "INTO" your server. Doing anything wrong can severly damage your server and make it non-responsive. Do this entire how-to at your own risk. This is NOT a substitute for re-installing the OS, this is simply another WAY to remove a rootkit called T0rnkitv8
If you have not already done so do this step first.
Login to WHM as root
Click Tweak Settings
and please remove the tick from
[ ] Allow cPanel users to reset their password via email
1. Login to your server via SSH
2. Run CHKROOTKIT. If you do not have this installed then visit CHKROOTKIT Installation and continue once you do.
You will see some INFECTED lines/files. It should also report hidden processes.
Here's an example of partial output.
Checking `ifconfig'... INFECTED
Checking `login'... INFECTED
Checking `pstree'... INFECTED
and also:
Checking `lkm'... You have X process hidden for ps command
Warning: Possible LKM Trojan installed
Type: /etc/init.d/syslog restartShutting down kernel logger: [ OK ]
Shutting down system logger: [ OK ]
Starting system logger: [FAILED]
Starting kernel logger: [ OK ]
3. Type: top
You may/will then see:
top: error while loading shared libraries: libncurses.so.4: cannot open shared object file: No such file or directory
4. type: /etc/rc.d/rc.sysinit
# Xntps (NTPv3 daemon) startup..
/usr/sbin/xntps -q
________________________________________
Configuration files
/usr/include/file.h (for file hiding)
/usr/include/proc.h (for ps proc hiding)
/lib/lidps1.so (for pstree hiding)
/usr/include/hosts.h (for netstat and net-hiding)
/usr/include/log.h (for log hiding)
/lib/lblip.tk/ (backdoored ssh configuration files are in this directory)
/dev/sdr0 (systems md5 checksum)
/lib/ldd.so {placing tks(sniffer), tkp(parser) and tksb(log cleaner)}
Infected Binaries:
top, ps, pstree lsof, md5sum, dir, login, encrypt,ifconfig,find,ls,slocate,
tks,tksb,top,tkpnetstat,pg,syslogd,sz
Infected Librairies:
libproc.a,libproc.so.2.0.6,libproc.so
BackDoor: (located at /lib/lblip.tk)
shdc
shhk.pub
shk
shrs
--------------------------------------------------------
Now, Lets start the cleaning process:
1. Type: pico /etc/rc.d/rc.sysinit
remove the lines that show
# Xntps (NTPv3 daemon) startup..
/usr/sbin/xntps -q
2. reboot the system
WARNING: 2 servers got their kernel removed after reboot.
If your's does this too and that is what the DataCenter complains after reboot, please ask them to do the following:
reboot the system using the redhat CD into rescue mode
chroot to the /mnt/sysimage
reinstall kernel packages
that should fix it.
-- since already in resuce mode, perhaps also ask them to -- force install the following rpm's
procps*.rpm
psmisc*.rpm
findutils*.rpm
fileutils*.rpm
util-linux*.rpm
net-tools*.rpm
textutils*.rpm
sysklogd*.rpm
3. After the system is up
Type: cd /lib
Type: rm -rf lblip.tk
4. Remove the configuration files given above.
5. Type: cat /etc/redhat-releasenote down your version of redhat, then from
www.rpmfind.net
search for the following rpm's
procps*.rpm
psmisc*.rpm
findutils*.rpm
fileutils*.rpm
util-linux*.rpm
net-tools*.rpm
textutils*.rpm
sysklogd*.rpm
-- and rpm --force install them
6. if you see the hosts.h file, it says to hide all IP's from
Type: cat /usr/include/hosts.h
193.60
If you want, you can block all the IP's from 193.60 to your server via iptables.
Or if you have APF you can add them to the Deny File.
7. If the above is completed.
Reboot the Server & Run CHKROOTKIT again.
====================================
10. Secure /tmp Directory ( Very Important )
====================================
Many hackers/malicious users are exploiting the /tmp directory to execute files. This is a huge security problem for dedicated server owners as it practically leaves your server wide open for a complete takeover.
The following is how to secure your /TMP directory using a cPanel Script.
You MUST have cPanel installed for this to work.
1. Login to your server as root via SSH.
2. Type: /scripts/securetmp That's it your done. cPanel wrote that script to allow users to secure their /TMP Directory very easily.
Don't miss it
Mysql, apche and firewall commands
Firewall - iptables commands
iptables -I INPUT -s IPADDRESSHERE -j DROP : This command stops any connections from the IP address
iptables -L : List all rules in iptables
iptables -F : Flushes all iptables rules (clears the firewall)
iptables --save : Saves the currenty ruleset in memory to disk
service iptables restart : Restarts iptables
Apache Shell Commands
httpd -v : Outputs the build date and version of the Apache server.
httpd -l : Lists compiled in Apache modules
httpd status : Only works if mod_status is enabled and shows a page of active connections
service httpd restart : Restarted Apache web server
MySQL Shell Commands
mysqladmin processlist : Shows active mysql connections and queries
mysqladmin drop databasenamehere : Drops/deletes the selected database
mysqladmin create databasenamehere : Creates a mysql database
Restore MySQL Database Shell Command
mysql -u username -p password databasename < databasefile.sql : Restores a MySQL database from databasefile.sql
Backup MySQL Database Shell Command
mysqldump -u username -p password databasename > databasefile.sql : Backup MySQL database to databasefile.sql
kill: terminate a system process
kill -9 PID EG: kill -9 431
kill PID EG: kill 10550
Use top or ps ux to get system PIDs (Process IDs)
EG:
PID TTY TIME COMMAND
10550 pts/3 0:01 /bin/csh
10574 pts/4 0:02 /bin/csh
10590 pts/4 0:09 APP
Each line represents one process, with a process being loosely defined as a running instance of a program. The column headed PID (process ID) shows the assigned process numbers of the processes. The heading COMMAND shows the location of the executed process.
Putting commands together
Often you will find you need to use different commands on the same line. Here are some examples. Note that the | character is called a pipe, it takes date from one program and pipes it to another.
> :means create a new file, overwriting any content already there.
>> :means tp append data to a file, creating a newone if it doesn not already exist.
< :send input from a file back into a command.
grep User /usr/local/apache/conf/httpd.conf |more
This will dump all lines that match User from the httpd.conf, then print the results to your screen one page at a time.
last -a > /root/lastlogins.tmp
This will print all the current login history to a file called lastlogins.tmp in /root/
tail -10000 /var/log/exim_mainlog |grep domain.com |more
This will grab the last 10,000 lines from /var/log/exim_mainlog, find all occurances of domain.com (the period represents 'anything',
-- comment it out with a so it will be interpretted literally), then send it to your screen page by page.
netstat -an |grep :80 |wc -l
Show how many active connections there are to apache (httpd runs on port 80)
mysqladmin processlist |wc -l
Show how many current open connections there are to mysql
New! - Need server help? Hire an Expert
Get professional help with your configuration, script installation or server issue.
Learn how we can help you with any server problem and make your server run like new. Professional staff will contact you, after submitting a quote request, by phone or email.
Windows command
ADDUSERS Add or list users to/from a CSV file
ARP Address Resolution Protocol
~ ASSOC Change file extension associations
ASSOCIAT One step file association
AT Schedule a command to run at a later time
ATTRIB Change file attributes
b
BOOTCFG Edit Windows boot settings
BROWSTAT Get domain, browser and PDC info
c
CACLS Change file permissions
~ CALL Call one batch program from another
~ CD Change Directory - move to a specific Folder
CHANGE Change Terminal Server Session properties
CHKDSK Check Disk - check and repair disk problems
CHKNTFS Check the NTFS file system
CHOICE Accept keyboard input to a batch file
CIPHER Encrypt or Decrypt files/folders
CleanMgr Automated cleanup of Temp files, recycle bin
CLEARMEM Clear memory leaks
CLIP Copy STDIN to the Windows clipboard.
~ CLS Clear the screen
CLUSTER Windows Clustering
CMD Start a new CMD shell
~ COLOR Change colors of the CMD window
COMP Compare the contents of two files or sets of files
COMPACT Compress files or folders on an NTFS partition
COMPRESS Compress individual files on an NTFS partition
CON2PRT Connect or disconnect a Printer
CONVERT Convert a FAT drive to NTFS.
~ COPY Copy one or more files to another location
CSCcmd Client-side caching (Offline Files)
CSVDE Import or Export Active Directory data
d
~ DATE Display or set the date
Dcomcnfg DCOM Configuration Utility
DEFRAG Defragment hard drive
~ DEL Delete one or more files
DELPROF Delete NT user profiles
DELTREE Delete a folder and all subfolders
DevCon Device Manager Command Line Utility
~ DIR Display a list of files and folders
DIRUSE Display disk usage
DISKCOMP Compare the contents of two floppy disks
DISKCOPY Copy the contents of one floppy disk to another
DISKPART Disk Administration
DNSSTAT DNS Statistics
DOSKEY Edit command line, recall commands, and create macros
DSADD Add user (computer, group..) to active directory
DSQUERY List items in active directory
DSMOD Modify user (computer, group..) in active directory
e
~ ECHO Display message on screen
~ ENDLOCAL End localisation of environment changes in a batch file
~ ERASE Delete one or more files
~ EXIT Quit the current script/routine and set an errorlevel.
EXPAND Uncompress files
EXTRACT Uncompress CAB files
f
FC Compare two files
FIND Search for a text string in a file
FINDSTR Search for strings in files
~ FOR /F Loop command: against a set of files
~ FOR /F Loop command: against the results of another command
~ FOR Loop command: all options Files, Directory, List
FORFILES Batch process multiple files
FORMAT Format a disk
FREEDISK Check free disk space (in bytes)
FSUTIL File and Volume utilities
FTP File Transfer Protocol
~ FTYPE Display or modify file types used in file extension associations
g
GLOBAL Display membership of global groups
~ GOTO Direct a batch program to jump to a labelled line
h
HELP Online Help
i
~ IF Conditionally perform a command
IFMEMBER Is the current user in an NT Workgroup
IPCONFIG Configure IP
k
KILL Remove a program from memory
l
LABEL Edit a disk label
LOCAL Display membership of local groups
LOGEVENT Write text to the NT event viewer.
LOGOFF Log a user off
LOGTIME Log the date and time in a file
m
MAPISEND Send email from the command line
MBSAcli Baseline Security Analyzer.
MEM Display memory usage
~ MD Create new folders
MKLINK Create a symbolic link (linkd)
MODE Configure a system device
MORE Display output, one screen at a time
MOUNTVOL Manage a volume mount point
~ MOVE Move files from one folder to another
MOVEUSER Move a user from one domain to another
MSG Send a message
MSIEXEC Microsoft Windows Installer
MSINFO Windows NT diagnostics
MSTSC Terminal Server Connection (Remote Desktop Protocol)
MUNGE Find and Replace text within file(s)
MV Copy in-use files
n
NET Manage network resources
NETDOM Domain Manager
NETSH Configure network protocols
NETSVC Command-line Service Controller
NBTSTAT Display networking statistics (NetBIOS over TCP/IP)
NETSTAT Display networking statistics (TCP/IP)
NOW Display the current Date and Time
NSLOOKUP Name server lookup
NTBACKUP Backup folders to tape
NTRIGHTS Edit user account rights
p
~ PATH Display or set a search path for executable files
PATHPING Trace route plus network latency and packet loss
~ PAUSE Suspend processing of a batch file and display a message
PERMS Show permissions for a user
PERFMON Performance Monitor
PING Test a network connection
~ POPD Restore the previous value of the current directory saved by PUSHD
PORTQRY Display the status of ports and services
PRINT Print a text file
PRNCNFG Display, configure or rename a printer
PRNMNGR Add, delete, list printers set the default printer
~ PROMPT Change the command prompt
PsExec Execute process remotely
PsFile Show files opened remotely
PsGetSid Display the SID of a computer or a user
PsInfo List information about a system
PsKill Kill processes by name or process ID
PsList List detailed information about processes
PsLoggedOn Who's logged on (locally or via resource sharing)
PsLogList Event log records
PsPasswd Change account password
PsService View and control services
PsShutdown Shutdown or reboot a computer
PsSuspend Suspend processes
~ PUSHD Save and then change the current directory
q
QGREP Search file(s) for lines that match a given pattern.
r
RASDIAL Manage RAS connections
RASPHONE Manage RAS connections
RECOVER Recover a damaged file from a defective disk.
REG Registry: Read, Set, Export, Delete keys and values
REGEDIT Import or export registry settings
REGSVR32 Register or unregister a DLL
REGINI Change Registry Permissions
~ REM Record comments (remarks) in a batch file
~ REN Rename a file or files.
REPLACE Replace or update one file with another
~ RD Delete folder(s)
RMTSHARE Share a folder or a printer
ROBOCOPY Robust File and Folder Copy
ROUTE Manipulate network routing tables
RUNAS Execute a program under a different user account
RUNDLL32 Run a DLL command (add/remove print connections)
s
SC Service Control
SCHTASKS Create or Edit Scheduled Tasks
SCLIST Display NT Services
~ SET Display, set, or remove environment variables
~ SETLOCAL Control the visibility of environment variables
SETX Set environment variables permanently
SHARE List or edit a file share or print share
~ SHIFT Shift the position of replaceable parameters in a batch file
SHORTCUT Create a windows shortcut (.LNK file)
SHOWGRPS List the NT Workgroups a user has joined
SHOWMBRS List the Users who are members of a Workgroup
SHUTDOWN Shutdown the computer
SLEEP Wait for x seconds
SOON Schedule a command to run in the near future
SORT Sort input
~ START Start a program or command in a separate window.
SU Switch User
SUBINACL Edit file and folder Permissions, Ownership and Domain
SUBST Associate a path with a drive letter
SYSTEMINFO List system configuration
t
TASKLIST List running applications and services
TASKKILL Remove a running process from memory
~ TIME Display or set the system time
TIMEOUT Delay processing of a batch file
~ TITLE Set the window title for a CMD.EXE session
TLIST Task list with full path
TOUCH Change file timestamps
TRACERT Trace route to a remote host
TREE Graphical display of folder structure
~ TYPE Display the contents of a text file
u
USRSTAT List domain usernames and last login
v
~ VER Display version information
~ VERIFY Verify that files have been saved
~ VOL Display a disk label
w
WHERE Locate and display files in a directory tree
WHOAMI Output the current UserName and domain
WINDIFF Compare the contents of two files or sets of files
WINMSD Windows system diagnostics
WINMSDP Windows system diagnostics II
WMIC WMI Commands
x
XCACLS Change file permissions
XCOPY Copy files and folders
~ :: Comment / Remark
Subscribe to:
Comments (Atom)