Is your /tmp directory simply getting overrun with SESS files? If so, try this:
make a file in scripts called cleantmp, put the following in it:
************
# This script cleans out /tmp of empty, root, cpanel
# and nobody session files in /tmp
# rev 2.0b by Darren - 8.19.07
# if --test is passed, we just show the results
if [ "$1" == "--test" ]
then
CMD="-exec ls -la"
echo "$0: test mode"
else
CMD="-exec rm -rf"
fi
if [ "$1" == "--help" ]
then
echo ""
echo "cleantmp will clean out your tmp directory for you"
echo ""
echo "Parameters:"
echo "--test to run in test mode"
echo "--help display this file"
echo "-a accountname to remove all files owned by account name"
echo "-e cleans out all empty (zero length) files"
echo ""
exit 0
fi
if [ "$1" == "-a" ]
then
echo ""
echo "Removing session file for account $2"
find /tmp -name "sess*" -user $2 -maxdepth 1 $CMD {} \;
echo "completed"
echo ""
exit 0
fi
if [ "$1" == "-e" ]
then
echo ""
echo "Cleaning out empty files from /tmp"
find /tmp -name "sess*" -empty -maxdepth 1 $CMD {} \;
echo "completed"
echo ""
exit 0
fi
# remove empty session files that are over 2 hours old
find /tmp -name "sess*" -empty -mmin +120 -maxdepth 1 $CMD {} \;
# remove root owned session files
find /tmp -name "sess*" -user root -maxdepth 1 $CMD {} \;
# remove nobody session files
find /tmp -name "*sess*" -user nobody -maxdepth 1 $CMD {} \;
# remove cpanel owned session files
find /tmp -name "sess*" -user cpanel -maxdepth 1 $CMD {} \;
# remove any session file over 5 hours old
find /tmp -name "sess*" -mmin +300 -maxdepth 1 $CMD {} \;
# remove any spamassassin file over 4 hours old
find /tmp -name ".spamassassin*" -mmin +240 -maxdepth 1 $CMD {} \;
************
Now save, and chmod it so it can be run (use your discretion for perm level):
chmod 755 /scripts/cleantmp
Run it as /scripts/cleantmp --test to view which files will be removed or /scripts/cleantmp -a accountname to remove all files owned by account name. And running it with "-e" will remove all empty session files.
What we do on most boxes is have it run in cron.hourly so that it purges session files. It cleans empties that are over 2 hours old, and normal ones that are over 5 hours old. Keep in mind, this may break software that uses "Keep Me Logged In Indefinitely" option for users. But the script could be easily modified to skip some session files if needed.
So, go to /etc/cron.hourly and create a file called cleantmp. Put this into it:
****************
#!/bin/bash
/scripts/cleantmp -e >/dev/null 2>&1
/scripts/cleantmp >/dev/null 2>&1
****************
and save it, then do the same permissions procedure as above. Now every hour, the script wil clean out empty and older SESS files and keep your sites up. Modify this and the other script as needed.
Hope this helps! Suggestions, questions are welcome.
Thursday, January 27, 2011
FTP hangs when CSF is on
This is very known issue between CSF and ftp and it hangs while we change directory through ftp so this is what I tried to get this fixed.
Server the follwoing line in /etc/pure-ftpd.conf
Port range for passive connections replies. - for firewalling.
and simply comment it.
Then restart FTP and CSF and FTP should be working fine now.
Server the follwoing line in /etc/pure-ftpd.conf
Port range for passive connections replies. - for firewalling.
and simply comment it.
Then restart FTP and CSF and FTP should be working fine now.
Disable eAccelerator for one domain
I had an issue where I had to disable eAccelerator for a single domain on my VPS.
I've seen instructions that say to put following lines .htaccess file in the site's root directory,
php_flag eaccelerator.enable 0
php_flag eaccelerator.optimizer 0
but when I did that trying to access any pages on that site resulted in a 500 error.
I found that the only way to make this work is to locate the VirtualHost section for the domain in question in /etc/httpd/conf/httpd.conf. Within that VirtualHost section, there should be a section that looks similar to this:
php_admin_value open_basedir "/home/site-name/:/usr/lib/php:/usr/local/lib/php:/tmp"
Add the following lines to this section, before the ""
php_flag eaccelerator.enable 0
php_flag eaccelerator.optimizer 0
Any suggestions or questions are welcome.
I've seen instructions that say to put following lines .htaccess file in the site's root directory,
php_flag eaccelerator.enable 0
php_flag eaccelerator.optimizer 0
but when I did that trying to access any pages on that site resulted in a 500 error.
I found that the only way to make this work is to locate the VirtualHost section for the domain in question in /etc/httpd/conf/httpd.conf. Within that VirtualHost section, there should be a section that looks similar to this:
php_admin_value open_basedir "/home/site-name/:/usr/lib/php:/usr/local/lib/php:/tmp"
Add the following lines to this section, before the ""
php_flag eaccelerator.enable 0
php_flag eaccelerator.optimizer 0
Any suggestions or questions are welcome.
cPanel shows wrong quota for database.
Getting 0.00MB disk quota for databases in cpanel ?
Here is the answer ::
The disk quota for MySQL databases will show 0.00 in cPanel > MySQL Databases area unless this option is selected in WHM's Tweak Settings area:
------------------------
When displaying disk usage in cPanel/WHM include Postgresql and MySQL® disk usage. [Requires MySQL® 5+] (SQL disk usage is only updated every four hours)
------------------------
So go ahead and enable this in Tweak Settings, then manually run the command to update the quotas:
/scripts/update_db_cache
This command will run by cron every 4 hours now that the Tweak Settings option has been enabled.
Thanks
Here is the answer ::
The disk quota for MySQL databases will show 0.00 in cPanel > MySQL Databases area unless this option is selected in WHM's Tweak Settings area:
------------------------
When displaying disk usage in cPanel/WHM include Postgresql and MySQL® disk usage. [Requires MySQL® 5+] (SQL disk usage is only updated every four hours)
------------------------
So go ahead and enable this in Tweak Settings, then manually run the command to update the quotas:
/scripts/update_db_cache
This command will run by cron every 4 hours now that the Tweak Settings option has been enabled.
Thanks
Change Linux timezone
Select the method as per your Linux distribution:
If you are using Fedora / RHEL / Cent OS Linux
Type the redhat-config-date command at the command line to start the time and date properties tool.
# redhat-config-date
OR type setup and select time zone configuration (good for remote ssh text based Linux server sessiob)
# setup
Now, just follow on screen instructions to change timezone
Set timezone using /etc/localtime configuration file [any Linux distro]
Often /etc/localtime is a symlink to the file localtime or to the correct time zone file in the system time zone directory.
Generic procedure to change timezone
Change directory to /etc
# cd /etc
Create a symlink to file localtime:
# ln -sf /usr/share/zoneinfo/EST localtime
OR some distro use /usr/share/zoneinfo/dirname/zonefile format (Red hat and friends)
# ln -sf /usr/share/zoneinfo/EST localtime
OR if you want to set up it to IST (Asia/Calcutta):
# ln -sf /usr/share/zoneinfo/Asia/Calcutta localtime
Please mote that in above example you need to use directory structure i.e. if you want to set the timezone to Calcutta (India) which is located in the Asia directory you will then have to setup using as above.
Use date command to verify that your timezone is changed:
$ date
Output:
Tue Aug 27 14:46:08 EST 2006
Use of environment variable
You can use TZ environment variable to display date and time according to your timezone:
$ export TZ=America/Los_Angeles
$ date
If you are using Fedora / RHEL / Cent OS Linux
Type the redhat-config-date command at the command line to start the time and date properties tool.
# redhat-config-date
OR type setup and select time zone configuration (good for remote ssh text based Linux server sessiob)
# setup
Now, just follow on screen instructions to change timezone
Set timezone using /etc/localtime configuration file [any Linux distro]
Often /etc/localtime is a symlink to the file localtime or to the correct time zone file in the system time zone directory.
Generic procedure to change timezone
Change directory to /etc
# cd /etc
Create a symlink to file localtime:
# ln -sf /usr/share/zoneinfo/EST localtime
OR some distro use /usr/share/zoneinfo/dirname/zonefile format (Red hat and friends)
# ln -sf /usr/share/zoneinfo/EST localtime
OR if you want to set up it to IST (Asia/Calcutta):
# ln -sf /usr/share/zoneinfo/Asia/Calcutta localtime
Please mote that in above example you need to use directory structure i.e. if you want to set the timezone to Calcutta (India) which is located in the Asia directory you will then have to setup using as above.
Use date command to verify that your timezone is changed:
$ date
Output:
Tue Aug 27 14:46:08 EST 2006
Use of environment variable
You can use TZ environment variable to display date and time according to your timezone:
$ export TZ=America/Los_Angeles
$ date
WGET with FTP
Here are some useful commands to download data from an account which is exist on different server.
wget ftp://username:password@ftp.domainname.com * -r
For exa : wget ftp://test:celita0201@ftp.domainname.com * -r
OR
wget ftp://ftp.domainname.com/* --ftp-user=username --ftp-pass=password -r
wget ftp://ftp.domainname.com/* --ftp-user=test@domainname.com --ftp-pass=neHGyxhjr -r
wget ftp://username:password@ftp.domainname.com * -r
For exa : wget ftp://test:celita0201@ftp.domainname.com * -r
OR
wget ftp://ftp.domainname.com/* --ftp-user=username --ftp-pass=password -r
wget ftp://ftp.domainname.com/* --ftp-user=test@domainname.com --ftp-pass=neHGyxhjr -r
How to Check Memory Usage on Linux Servers.
Memory is one of the most important resource components on a server to ensure that process run smooth and fast. Thus, the availability of physical memory for any server is very important, especially for high load web host server which runs database server such as Oracle or MySQL, which require high memory utilization for smooth running. Linux [CentOS] which is popular on cPanel and Plesk web hosting server, comes with several commands and tools to check memory usage on server
1. meminfo
"/proc/meminfo" contain all your memory usage information when you type:
cat /proc/meminfo
you will get an out of your server memory info, below is an example of meminfo.
2. Using free Command
free displays the total amount of free and used physical and swap memory in the system, as well as the buffers used by the kernel.
free -m
The command will display information about physical memory in MB.
free -m -t
Same with “free -m”, but -t switch will display a line containing the totals of physical memory and swap space.
free -m -s 10
The command will display memory status in megabytes on terminal with continuous polling delay at 10 seconds,You can specify any number for delay.
3. Using vmstat Command
vmstat reports information about processes, memory, paging, block IO, traps, and cpu activity. The command will display report based on averages since last reboot.
Syntax of vmstat
vmstat -[options] [delay count]
vmstat 10
The command will pool average system resources usage level for a sampling period of 10 seconds at interval of 10 seconds, except the first result that is averages since the last reboot.
If no delay is specified, only one report is printed with the average values since boot.
4. Using top Command
Syntax of top
top
Using top is very simple, Just type "top" at command shell [without ""], it constantly update stats page will be shown.
top -d 2
Same as "top", but "-d" used to Specifies the delay between screen updates after 2 sec.
5. Using ps Command
Syntax of ps aux
ps -aux
aux is the options for ps command to see every process on the system.
To see only the memory resources occupied by each category of processes, such as Apache httpd, MySQL mysqld or Java, use the following command:
ps aux | awk '{print $4"\t"$11}' | sort | uniq -c | awk '{print $2" "$1" "$3}' | sort -nr
1. meminfo
"/proc/meminfo" contain all your memory usage information when you type:
cat /proc/meminfo
you will get an out of your server memory info, below is an example of meminfo.
2. Using free Command
free displays the total amount of free and used physical and swap memory in the system, as well as the buffers used by the kernel.
free -m
The command will display information about physical memory in MB.
free -m -t
Same with “free -m”, but -t switch will display a line containing the totals of physical memory and swap space.
free -m -s 10
The command will display memory status in megabytes on terminal with continuous polling delay at 10 seconds,You can specify any number for delay.
3. Using vmstat Command
vmstat reports information about processes, memory, paging, block IO, traps, and cpu activity. The command will display report based on averages since last reboot.
Syntax of vmstat
vmstat -[options] [delay count]
vmstat 10
The command will pool average system resources usage level for a sampling period of 10 seconds at interval of 10 seconds, except the first result that is averages since the last reboot.
If no delay is specified, only one report is printed with the average values since boot.
4. Using top Command
Syntax of top
top
Using top is very simple, Just type "top" at command shell [without ""], it constantly update stats page will be shown.
top -d 2
Same as "top", but "-d" used to Specifies the delay between screen updates after 2 sec.
5. Using ps Command
Syntax of ps aux
ps -aux
aux is the options for ps command to see every process on the system.
To see only the memory resources occupied by each category of processes, such as Apache httpd, MySQL mysqld or Java, use the following command:
ps aux | awk '{print $4"\t"$11}' | sort | uniq -c | awk '{print $2" "$1" "$3}' | sort -nr
Configuring a Cpanel Counter
A counter counts the number of visitors on your site. If you refresh the page counter will get increased by one.
Follow the steps given below to configure a Cpanel counter.
1. Go to counter option in your cpanel. Cpanel >> CGI center >> counters.
2. Click on counter radio button.
3. Edit/Reset a counter
Counter name:-> generally it is account username. It creates file with .dat extension on server.
New Count:-> Enter number from where you want to setup counter generally start from 0.
If you want to reset counter you have to edit both features and click on “select commit changes”. You are also able to view
counters preview through option preview.
4. Click on 'Make HTML', this will display a line.
5. On server go to following path
# cd /var/cpanel/Counters
Check file is created with the name countername.dat. Changes file permission to 777.
6. # vi countername.dat
Add the line which is created by clicking 'Make HTML' in cpanel to countername.dat file.
Follow the steps given below to configure a Cpanel counter.
1. Go to counter option in your cpanel. Cpanel >> CGI center >> counters.
2. Click on counter radio button.
3. Edit/Reset a counter
Counter name:-> generally it is account username. It creates file with .dat extension on server.
New Count:-> Enter number from where you want to setup counter generally start from 0.
If you want to reset counter you have to edit both features and click on “select commit changes”. You are also able to view
counters preview through option preview.
4. Click on 'Make HTML', this will display a line.
5. On server go to following path
# cd /var/cpanel/Counters
Check file is created with the name countername.dat. Changes file permission to 777.
6. # vi countername.dat
Add the line which is created by clicking 'Make HTML' in cpanel to countername.dat file.
Spamd Failing
If you find the "spamd" failing error on an exim restart.
root@server [~]# /etc/init.d/exim restart
Shutting down exim: [ OK ]
Shutting down antirelayd: [ OK ]
Shutting down spamd: [ FAILED ]
Starting exim-26: [ OK ]
Starting exim: [ OK ]
Starting exim-smtps: [ OK ]
Starting antirelayd: [ OK ]
Then use he following steps
When disabling "spamd", the Cpanel create a file named "/etc/spamdisable" which may not get deleted on enabling the "spamd" feature again. Check the presence of the above said file.
The issue may also arise due to unavailability of the perl module "Mail::SpamAssassin" by installing the the same and on restarting the exim, the issue will be fixed.
# /scripts/perlinstaller --force Mail::SpamAssassin
#/etc/init.d/exim restart
root@server [~]# /etc/init.d/exim restart
Shutting down exim: [ OK ]
Shutting down antirelayd: [ OK ]
Shutting down spamd: [ FAILED ]
Starting exim-26: [ OK ]
Starting exim: [ OK ]
Starting exim-smtps: [ OK ]
Starting antirelayd: [ OK ]
Then use he following steps
When disabling "spamd", the Cpanel create a file named "/etc/spamdisable" which may not get deleted on enabling the "spamd" feature again. Check the presence of the above said file.
The issue may also arise due to unavailability of the perl module "Mail::SpamAssassin" by installing the the same and on restarting the exim, the issue will be fixed.
# /scripts/perlinstaller --force Mail::SpamAssassin
#/etc/init.d/exim restart
disable the the stats services in a cpanel
You can disable Analog or Awstats or Webalizer stats in a cpanel server via backend by editing the file "/var/cpanel/cpanel.config".
# Check for the variables skipanalog, skipawstats, skipwebalizer in the file and change the values
of the variables to one. Now the variables should look like as follows:
skipanalog=1
skipawstats=1
skipwebalizer=1
# Save the changes and restart the cpanel service in the server.
/etc/init.d/cpanel restart
# Now the all the three stats will be disabled server wide.
# Check for the variables skipanalog, skipawstats, skipwebalizer in the file and change the values
of the variables to one. Now the variables should look like as follows:
skipanalog=1
skipawstats=1
skipwebalizer=1
# Save the changes and restart the cpanel service in the server.
/etc/init.d/cpanel restart
# Now the all the three stats will be disabled server wide.
The recipient cannot be verified. Please check all recipients of this 550 message to verify they are valid
If you are receiving the following error;
PERM_FAILURE: SMTP Error (state 13): 550-"The recipient cannot be verified. Please check all recipients of this
550 message to verify they are valid."
SOLUTION:
First you need to check the corresponding Domain name in the file '/etc/valiases'.
root@f ~] cat /etc/valiases/domainname
*: username@domainname
Here 'username@domainname' indicates an added email account.
You need to change the username only instead of giving 'username@domainname'. That is;
root@f ~] cat /etc/valiases/domainname
*: username
Here the entry username (without the domain name) indicates the default account.
Then Restart the exim mail service.
root@f ~] /etc/init.d/exim restart
PERM_FAILURE: SMTP Error (state 13): 550-"The recipient cannot be verified. Please check all recipients of this
550 message to verify they are valid."
SOLUTION:
First you need to check the corresponding Domain name in the file '/etc/valiases'.
root@f ~] cat /etc/valiases/domainname
*: username@domainname
Here 'username@domainname' indicates an added email account.
You need to change the username only instead of giving 'username@domainname'. That is;
root@f ~] cat /etc/valiases/domainname
*: username
Here the entry username (without the domain name) indicates the default account.
Then Restart the exim mail service.
root@f ~] /etc/init.d/exim restart
IMAP Error (Connection dropped by IMAP server)
To troubleshoot the IMAP error(Inbox lock errors) while accessing mailbox via any webmail clients(Horde, SquirrelMail, NeoMail, Round Cube etc.):
The error will be shown as below,
Connection dropped by IMAP server
ERROR: Connection dropped by IMAP server.
Query: SELECT "INBOX"
Reason Given: Unable to open this mailbox.
The error usually occurs when there is inbox.lock file in the mailbox.
Here the inbox gets locked and hence the mailbox can't be accessed and
you will get the above said error.
1. Remove the "inbox.lock" file from the particular mailbox.
Eventhough the "inbox.lock" file is deleted, it will be created when
the mailbox is accessed again. Hence after removing the file, we need
to copy the inbox to a new file name so as to fix the issue which can
be done as follows,
2. cat inbox > inbox.new
3. rm inbox
4. mv inbox.new inbox
5. Then fix ownership and permissions.
This fixes the issue.
The error will be shown as below,
Connection dropped by IMAP server
ERROR: Connection dropped by IMAP server.
Query: SELECT "INBOX"
Reason Given: Unable to open this mailbox.
The error usually occurs when there is inbox.lock file in the mailbox.
Here the inbox gets locked and hence the mailbox can't be accessed and
you will get the above said error.
1. Remove the "inbox.lock" file from the particular mailbox.
Eventhough the "inbox.lock" file is deleted, it will be created when
the mailbox is accessed again. Hence after removing the file, we need
to copy the inbox to a new file name so as to fix the issue which can
be done as follows,
2. cat inbox > inbox.new
3. rm inbox
4. mv inbox.new inbox
5. Then fix ownership and permissions.
This fixes the issue.
How to avoid overwrite option with cp, scp command ?
senario : Copy all files from the folder which contains around 20,000 files to the folder where 10,000 same files are already exist.
Now what ? Dont worry simply fire the following command:
# unalias cp
Reason - because cp has an alias which is (alias cp='cp -i')
-i, --interactive which menas prompt before overwrite
Note: Make sure you will revert the changes once you are done with cp
also You can overwrite files without [ y/n ] prompt by using following syntax.
# /bin/cp -pafrH /home/user/source/* /home/user/destination/
Now what ? Dont worry simply fire the following command:
# unalias cp
Reason - because cp has an alias which is (alias cp='cp -i')
-i, --interactive which menas prompt before overwrite
Note: Make sure you will revert the changes once you are done with cp
also You can overwrite files without [ y/n ] prompt by using following syntax.
# /bin/cp -pafrH /home/user/source/* /home/user/destination/
Cpanel hardning from shell
Cpanel hardning from shell
Posted by Mayur's BLOG
From Shell prompt
Applicable : Centos/RedhatEnterprise/FedoraCore
check the hardware
cat /proc/cpuinfo
cat /etc/redhat-release
uname -a
cat /proc/meminfo
==========================
SSH Server Hardening
nano -w /etc/ssh/sshd_config
Uncomment #Protocol 2, 1
Change to Protocol 2
Append these lines to the bottom:
LoginGraceTime 120
IgnoreRhosts yes
X11Forwarding no
/etc/rc.d/init.d/sshd restart
============================
cd /etc
mv /etc/host.conf /etc/host.conf.bak
wget http://www.indiageeks.net/myscripts//host.conf
============================
mv /etc/sysctl.conf /etc/sysctl.conf.bak
cd /etc
wget http://www.indiageeks.net/myscripts/sysctl.conf
/sbin/sysctl -p
sysctl -w net.ipv4.route.flush=1
/sbin/ifconfig eth0 txqueuelen 1000
echo /dev/null > /proc/sys/kernel/core_pattern
=============================
cp /etc/fstab /etc/fstab.bak
First check to see that no /tmp partition is present.
df
If no /tmp partition is present, use this guide:
cd /usr
dd if=/dev/zero of=/usr/tmpMnt bs=1024 count=1000000
mke2fs -j /usr/tmpMnt
cd /
cp -R /tmp /tmp_backup
mount -o loop,noexec,nosuid,rw /usr/tmpMnt /tmp
chmod 0777 /tmp
/bin/cp -R /tmp_backup/* /tmp/
rm -rf /tmp_backup
nano -w /etc/fstab
At the bottom add
/usr/tmpMnt /tmp ext3 loop,noexec,nosuid,rw 0 0
If “df” shows a /usr/tmpDSK partition,
Then leave it!
If a standard /tmp partition is already present,
nano -w /etc/fstab
change “defaults” to loop,noexec,nosuid,rw
mount /tmp
/tmp should always have this: loop,noexec,nosuid,rw
/tmp and /var/tmp should be symlinked on EVERY server.
rm -rf /var/tmp
ln -s /tmp /var/tmp
/dev/shm
nano -w /etc/fstab
in /dev/shm line, change 'defaults' to noexec,nosuid
umount /dev/shm
mount /dev/shm
rm -rf /etc/httpd/proxy
rm -rf /var/spool/vbox
mount -o remount,noexec,nosuid /proc
Modify /etc/fstab, add options “noexec,nosuid” to the /proc line:
none /proc proc defaults,noexec,nosuid 0 0
=====================================
php -i | grep php.ini
disable_functions = dl,passthru,proc_open,proc_close,shell_exec,system
/etc/rc.d/init.d/httpd restart
=========================================
Logwatch
cd /root/
wget http://www.indiageeks.net/myscripts//logwatch-7.3.1-1.noarch.rpm
rpm -Uvh logwatch-7.3.1-1.noarch.rpm
rm -rf /etc/logwatch/conf/logwatch.conf
cd /etc/logwatch/conf
wget http://www.indiageeks.net/myscripts//logwatch.conf
=====================
chmod 750 /usr/bin/GET
chmod 750 /usr/bin/wget
chmod 750 /usr/bin/gcc
chmod 750 /usr/bin/rcp
chmod 750 /usr/bin/lynx
chmod 750 /usr/bin/links
chmod 750 /usr/bin/scp
history -c
=====================
From WHM:
Tweak Settings (Check all these options)
--------------
Allow Creation of Parked/Addon Domains that are not registered
Prevent users from parking/adding on common internet domains
E-mail users when they have reached 80% of bandwidth
Each domain can send out per hour: 500
Pop 3 in hour: 180
Allow Sharing Nameserver IPs
Use Jailshell as default
Set Default catch-all to FAIL
Delete each domain's access logs after stats run
Things to Uncheck
Boxtrapper
** When adding a new domain, if the domain is already registered, ignore the configured nameservers, and set the NS line to the authoritative (registered) ones.
** FormMail-clone cgi
Change:
The load average above the number of cpus at which logs file processing should be suspended (default 0):
To 10
** Number of minutes between mail server queue runs (default is 60).:
To 180
=================================================================================================
Tweak Security
--------------
open_basedir: Enable php open_basedir
Compilers disable
==========================
System Health - Background Process Killer
Check all of them
==========================
Please read carefully and make sure that you are aware of all the commands & settings and their effect.
Posted by Mayur's BLOG
From Shell prompt
Applicable : Centos/RedhatEnterprise/FedoraCore
check the hardware
cat /proc/cpuinfo
cat /etc/redhat-release
uname -a
cat /proc/meminfo
==========================
SSH Server Hardening
nano -w /etc/ssh/sshd_config
Uncomment #Protocol 2, 1
Change to Protocol 2
Append these lines to the bottom:
LoginGraceTime 120
IgnoreRhosts yes
X11Forwarding no
/etc/rc.d/init.d/sshd restart
============================
cd /etc
mv /etc/host.conf /etc/host.conf.bak
wget http://www.indiageeks.net/myscripts//host.conf
============================
mv /etc/sysctl.conf /etc/sysctl.conf.bak
cd /etc
wget http://www.indiageeks.net/myscripts/sysctl.conf
/sbin/sysctl -p
sysctl -w net.ipv4.route.flush=1
/sbin/ifconfig eth0 txqueuelen 1000
echo /dev/null > /proc/sys/kernel/core_pattern
=============================
cp /etc/fstab /etc/fstab.bak
First check to see that no /tmp partition is present.
df
If no /tmp partition is present, use this guide:
cd /usr
dd if=/dev/zero of=/usr/tmpMnt bs=1024 count=1000000
mke2fs -j /usr/tmpMnt
cd /
cp -R /tmp /tmp_backup
mount -o loop,noexec,nosuid,rw /usr/tmpMnt /tmp
chmod 0777 /tmp
/bin/cp -R /tmp_backup/* /tmp/
rm -rf /tmp_backup
nano -w /etc/fstab
At the bottom add
/usr/tmpMnt /tmp ext3 loop,noexec,nosuid,rw 0 0
If “df” shows a /usr/tmpDSK partition,
Then leave it!
If a standard /tmp partition is already present,
nano -w /etc/fstab
change “defaults” to loop,noexec,nosuid,rw
mount /tmp
/tmp should always have this: loop,noexec,nosuid,rw
/tmp and /var/tmp should be symlinked on EVERY server.
rm -rf /var/tmp
ln -s /tmp /var/tmp
/dev/shm
nano -w /etc/fstab
in /dev/shm line, change 'defaults' to noexec,nosuid
umount /dev/shm
mount /dev/shm
rm -rf /etc/httpd/proxy
rm -rf /var/spool/vbox
mount -o remount,noexec,nosuid /proc
Modify /etc/fstab, add options “noexec,nosuid” to the /proc line:
none /proc proc defaults,noexec,nosuid 0 0
=====================================
php -i | grep php.ini
disable_functions = dl,passthru,proc_open,proc_close,shell_exec,system
/etc/rc.d/init.d/httpd restart
=========================================
Logwatch
cd /root/
wget http://www.indiageeks.net/myscripts//logwatch-7.3.1-1.noarch.rpm
rpm -Uvh logwatch-7.3.1-1.noarch.rpm
rm -rf /etc/logwatch/conf/logwatch.conf
cd /etc/logwatch/conf
wget http://www.indiageeks.net/myscripts//logwatch.conf
=====================
chmod 750 /usr/bin/GET
chmod 750 /usr/bin/wget
chmod 750 /usr/bin/gcc
chmod 750 /usr/bin/rcp
chmod 750 /usr/bin/lynx
chmod 750 /usr/bin/links
chmod 750 /usr/bin/scp
history -c
=====================
From WHM:
Tweak Settings (Check all these options)
--------------
Allow Creation of Parked/Addon Domains that are not registered
Prevent users from parking/adding on common internet domains
E-mail users when they have reached 80% of bandwidth
Each domain can send out per hour: 500
Pop 3 in hour: 180
Allow Sharing Nameserver IPs
Use Jailshell as default
Set Default catch-all to FAIL
Delete each domain's access logs after stats run
Things to Uncheck
Boxtrapper
** When adding a new domain, if the domain is already registered, ignore the configured nameservers, and set the NS line to the authoritative (registered) ones.
** FormMail-clone cgi
Change:
The load average above the number of cpus at which logs file processing should be suspended (default 0):
To 10
** Number of minutes between mail server queue runs (default is 60).:
To 180
=================================================================================================
Tweak Security
--------------
open_basedir: Enable php open_basedir
Compilers disable
==========================
System Health - Background Process Killer
Check all of them
==========================
Please read carefully and make sure that you are aware of all the commands & settings and their effect.
How to set date from linux shell
For instance, to set the date/time for May 19th, 2007, 6:00pm (and 0 seconds), you would type:
[root@srv ~]# date 051918002007.00
05 - March [Month]
19 - [Date]
1800 - [Time] 6.00 PM
2007 - [Year]
.00 - [Seconds]
OR use following syntax which is very easy and I always prefer it Smile
[root@srv ~]# date -s "31 JULY 1998 23:16:00'"
this will set date and time as July 31, 11:16pm , 1998
Please read man page of date for more info.
[root@srv ~]# date 051918002007.00
05 - March [Month]
19 - [Date]
1800 - [Time] 6.00 PM
2007 - [Year]
.00 - [Seconds]
OR use following syntax which is very easy and I always prefer it Smile
[root@srv ~]# date -s "31 JULY 1998 23:16:00'"
this will set date and time as July 31, 11:16pm , 1998
Please read man page of date for more info.
Server load monitoring
Q:- How to trace the server load? (Inludes with all application.)
The steps are according to services :-
----------------------------------------------------------------
1. Apache :-
+ top command >> check for many httpd processes
+ Login to WHM >> Check for "Apache ststus",if find anyone downloading mp3,rar,exe,zip files then suspen that account
+ also used to check "cpu/memory/Mysql Usage" option from WHM >> Here we can find actual CPU and Memory usage for particular domain.
----------------------------------------------------------------
2. Mysql :-
+ top command >> check for many httpd processes
+ mysqladmin process / mysqladmin status
+ also used to check "cpu/memory/Mysql Usage" option from WHM >> Here we can find actual CPU and Memory usage for particular domain.
----------------------------------------------------------------
3. Ftp :-
+ ps -aux | grep ftp >> used for checking ftp action taken by user like uploading /downloading files
+ tail -f /var/log/secure
----------------------------------------------------------------
4. SMTP / POP3 /IMAP :-
+ tail -f /var/log/exim_mainlog >> checking for logs and check which email addresses is continuesly scrolling and confirm is it doing spaming,if confirmed then suspend account
+ tail -f /var/log/exim_mainlog | grep public_html >> check for spamming if anybody is using php script for sending mail
+ Login to whm and select "Manage Mailqueue" to find the email address which is doing spamming.
===========================================================================================================================
First of all check the load and if its above safe limits, we have to settle it down. run deep scripts untill you get the messages "no processes found" for mysql, exim and http. check the load again. restart the services by proper restart scripts
s-http, s-mysql, s-exim. Then proceed for investigation.
* top, shift p, check processes taking load and are in plenty.
* if apache
* quickly go to whm and check apache status and do the needful. if theres nothing in apache
check netstat -n|less . it can be http attack.
* if mysql-
do mysqladmin process and look for processes and queries.
* if exim-
go to /var/log/exim_maillog and check the logs for spam.
this can be done by grepping the logs as follows:
tail -f /var/log/exim_mainlog|grep /tmp
tail -f /var/logs/exim_mainlog |grep public_html
tail -f /var/logs/exim_mainlog |grep sendmail
check mail queue
check for frozen mails and delete frozen mails.
* check io wait if its more.
there can be some reasons for this.
* any user may be downloading heavy files- this you can see in the apache status.
* you can see the heavy cpu consuming processes on the server by ps auxw|grep mvi,mgp,mp3,pkgacct,backup,gzip and you can get the processes. check it and kill it as necessary.
* last is check out for bad processes by ps auxw|grep nobody and kill the bad processes. to know more about what is happening behind the process you can check at /proc/procid.==============================================================================================
1> ps aux | grep nobody or gzip /backup /fixquota
2> TOP / shift + p / shift + m / k =kill
3> tail -f /var/log/... | grep ... .avi/.mpg/.rar/.jpg all logs
4> cd /proc/pid ls -alh
5> Apache status/ cpu mysql memory usage form whm
6> netstat -n
7> w
8> Event Viewer log / Task manager for windows
9>tail -f /var/log/exim_mainlog|grep tmp /sendmail /public_html
==============================================================================================
1) top.....to see the process list, then accroding kill the process which is taking load
2) ps -aux
ps -aux | grep gzip, backup, pkg
tail -f /var/log/exim_maillog | grep sendmail, public, tmp
3) w to see whois online
4) kill httpd, mysqld, cppop
5) netstat
6) mysqladmin process :- to see the mysql process
7) /scripts/restartsrv_service name:- to restart the service if it goes down
8) tail -f /etc/httpd/logs/access_log
tail -f /etc/httpd/logs/error_log
or you can manage the serverload using WHM
1) under the server status option you can see the
apache status...
CPU/Mysql usages/memory
service status and you can manage the server
2) SQL services under this option you can see the mysqladmin process
3) restart services:- using this option you can restart the services
==============================================================================================
---
top
---
Will display the processes that are using the maximum processor resources
We can use various options to monitor and control process through top like shift + p, shift + m and k which is used to kill processes. r can be used to renice a process and prioritise a process. In case of high i/o wait we need to check the logs for
high resources using processes.
------
uptime
------
It displays the the time since the server has been up and running, number of users logged in and the load average. Similarly we can use 'w'.
---------
ps -auxwf
---------
Will display the process with details like, username, pid, resource usage and child processes. It is very effective in monitoring processes.
We generally use ps -auxwf | grep gzip
ps -auxwf | grep backup
ps -auxwf | grep pkg
For bad processes - ps -auxwf | grep nobody
ps -aufxw |sort -nr |grep -v 0.0 - Shows which CPU consumming proccesses
----------------
kill and killall
Scenario: Want to kill all processes of particular user, fire the following command:
kill -9 $(pgrep -u username)
Ex: kill -9 $(pgrep -u nobody)
OR
kill -9 `ps -u username -o "pid="`
Ex: kill -9 `ps -u nobody -o "pid="`
----------------
used to kill processes or services that are found to be eating up server resources.
--------
Spamming
--------
To check spamming we can watch for the mail logs using :
tail -f /var/log/exim_mainlog | grep sendmail
tail -f /var/log/exim_mainlog | grep tmp
tail -f /var/log/exim_mainlog | grep public_html
as spamming can be done from a user's public_html directory using a script or through sendmail. Another way of spamming is using the tmp directory as it is the 'world writable directory'.
--------------
WebServer logs
--------------
We can check for customized logs in the WHM under the Server Status section.
We can trace the user responsible for high web server resource usage by the folowing command
tail -f /etc/httpd/logs/access_log | grep mp3
tail -f /etc/httpd/logs/access_log | grep rar
tail -f /etc/httpd/logs/access_log | grep wav etc
tail -f /etc/httpd/logs/access_log | grep 408 can be used to check for DDOS attacks on the server.
-----
mysql
-----
Apart from top and ps, 'mysqladmin processlist' can be used to check the mysql processes, users and the type of process/query being run by the user.
Killing a proceess is the first option to control server load, restarting the affected server is another option. Still if the load is high we track down the responsible user and suspend him.(This applies for all servers,i.e,apache, mysql, exim etc.)
==============================================================================================
1. top - check load average, iowait, httpd, mysql, exim etc.
2. P = CPU Usage, M = Memory Usage, K = kill unwanted processes.
3. If load is high, run "deep".
4. Login to WHM of the server and check apache, cpu/memory, mysql status.
5. If any user found downloading gif images, mp3, etc; suspend that particular user.
iowait is high, someone is backing up their files; run
# ps aux | grep pkg
# ps aux | grep gzip
# ps aux | grep backup
Spamming check-
# tail /var/log/exim_mainlog –f | grep public_html
MySQLdump check-
# ps aux | grep mysqldump
# mysqladmin processlist -- mysql status
Bad processes running-
# ps aux | grep nobody
Service restart commands-
#/scripts/restartsrv_mysql
#/scripts/restartsrv_httpd
#/scripts/restartsrv_exim
==============================================================================================
By using a top command you can find out the process which is causing the load on the server. You can use kill or kilall command to kill that process. OR you can run deep command which will kill all the httpd, exim and mysql process. once the server load comes down restart the service which you have killed.
1. Apache :-
Using top command, we will come to know whether httpd service is eating up high resources on server. if so then kill the httpd service and restart it again when load comes to normal.
You can check if any backup is going on, run the following commands:
# ps aux | grep pkg
# ps aux | grep gzip
# ps aux | grep backup
If any backup process is going on, kill that process.
Also Login to WHM and Check for "Apache ststus", if find anyone downloading mp3,rar,exe,zip files then suspend that account.
the other way to check any download is going on is by using
ps auxw | grep nobody | grep mp3 , jpeg, wmv, mpeg, rar and kill that process.
ALso you can used to check "cpu/memory/Mysql Usage" option from WHM. Here we can find actual CPU and Memory usage for particular domain.
2. Exim Mail :-
Check for spamming by checking the logs for exim
tail -f /var/log/exim_mainlog >> checking for logs and check which email addresses is continuesly scrolling and confirm is it doing spaming,if confirmed then suspend account.
tail -f /var/log/exim_mainlog | grep tmp
Login to whm and select "Manage Mailqueue" to find the email address which is doing spamming.
3. MySQL :-
Use the mysqladmin command as mysqladmin process / mysqladmin status
Also used to check "cpu/memory/Mysql Usage" option from WHM. You can get actual CPU and Memory usage for particular domain.
4. Ftp :-
ps -aux | grep ftp >> used for checking ftp action taken by user like uploading /downloading files
tail -f /var/log/secure
5. ps command :-
Use ps -auxw command ALWAYS to check if there is bad processes running by doing ps aux|grep nobody. You'll sometimes see bad scripts running as nobody. Normally only httpd, merlange chat, and sometimes proftpd are run as user nobody. so if you find any other process is running as user nobody kill that process.
kill -9 pidofproc
==============================================================================================
Some basic commands to see load average and process running on the server,
1]top :: This command is very useful for system administartion. Basically it gives you summary view of system, including number of users, memory usage, CPU usage and active processes.
Shift+p =>list all processes accourding to maximum CPU usage.
Shift+m=>list all processes accourding to maximum memory usage.
2]w :: This commands gives us information regarding who is logged into server and what processes they are running
w -s , gives you shorter process listing.
3]uptime:: It will also gives us information regarding the number of user logged into server, Current time, time since server is up, load average.
4]ps :: list the current running processes.
ps -aux , gives us information of users, PID, resoure usages like CPU and memory, processes running.
Reasons for increase of load on the server::
Load on server will get increase due to sevral reasons sated below,
1.many httpd processes
2.any user is downloading mp3, exe, zip files
3.email spamming
4.uploading/downloading files via FTP
5.mysql processes and queries run by user
Troubleshooting::
1.If many load increased suddenly, fire "deep" command, which kills httpd, mysql and exim processes.
2. Also Login to WHM and Check for "Apache ststus", if find anyone downloading mp3,rar,exe,zip files then suspend that account.
3.For spamming, you need to fire following commands,
tail -f /var/log/exim_mainlog | grep public_html
==============================================================================================
1)top
2)w
3)shift+m
4)shift+p
5)tail -f /usr/local/apache/logs/access_log
6)tail -f /usr/local/apache/logs/error_log
7)tail -f /var/log/exim_mainlog
==============================================================================================
1. Check for server load using top command with following options:
Shift p CPU Usage,
Shift m Memory Usage
& check which process is taking load with the help of above two options.
Kill the responsible process using k option.
2. Check for the downloads using
# ps auxw | grep nobody | grep mp3 , jpeg, wmv, mpeg, rar
# ps auxw | grep gzip, backup, fixquota
Suspend the perticular account who is repeatedly downloading the above mentioned files.
3. Check for access & error logs for following options
# tail -f /etc/httpd/logs/access_log | grep 408, zip
# tail -f /etc/httpd/logs/error_log | grep 203
4. Check mail spamming with following commands.
#tail -f /var/log/exim_mainlog | grep sendmail, public_html, tmp
5. Login to WHM of the server and check apache, cpu/memory, mysql status & check for frozen mails in mail queue manager.
6. Check Mysql errors with
# mysqladmin processlist
check the users, command, time & information fields.
7. If you are making changes to httpd.conf then first run # httpd -configtest before restarting httpd to reduce the downtime.
8. Restart the perticular service causing load tomgo hihg with # /scripts/restartsrv_httpd, exim, mysql
============================================
The steps are according to services :-
----------------------------------------------------------------
1. Apache :-
+ top command >> check for many httpd processes
+ Login to WHM >> Check for "Apache ststus",if find anyone downloading mp3,rar,exe,zip files then suspen that account
+ also used to check "cpu/memory/Mysql Usage" option from WHM >> Here we can find actual CPU and Memory usage for particular domain.
----------------------------------------------------------------
2. Mysql :-
+ top command >> check for many httpd processes
+ mysqladmin process / mysqladmin status
+ also used to check "cpu/memory/Mysql Usage" option from WHM >> Here we can find actual CPU and Memory usage for particular domain.
----------------------------------------------------------------
3. Ftp :-
+ ps -aux | grep ftp >> used for checking ftp action taken by user like uploading /downloading files
+ tail -f /var/log/secure
----------------------------------------------------------------
4. SMTP / POP3 /IMAP :-
+ tail -f /var/log/exim_mainlog >> checking for logs and check which email addresses is continuesly scrolling and confirm is it doing spaming,if confirmed then suspend account
+ tail -f /var/log/exim_mainlog | grep public_html >> check for spamming if anybody is using php script for sending mail
+ Login to whm and select "Manage Mailqueue" to find the email address which is doing spamming.
===========================================================================================================================
First of all check the load and if its above safe limits, we have to settle it down. run deep scripts untill you get the messages "no processes found" for mysql, exim and http. check the load again. restart the services by proper restart scripts
s-http, s-mysql, s-exim. Then proceed for investigation.
* top, shift p, check processes taking load and are in plenty.
* if apache
* quickly go to whm and check apache status and do the needful. if theres nothing in apache
check netstat -n|less . it can be http attack.
* if mysql-
do mysqladmin process and look for processes and queries.
* if exim-
go to /var/log/exim_maillog and check the logs for spam.
this can be done by grepping the logs as follows:
tail -f /var/log/exim_mainlog|grep /tmp
tail -f /var/logs/exim_mainlog |grep public_html
tail -f /var/logs/exim_mainlog |grep sendmail
check mail queue
check for frozen mails and delete frozen mails.
* check io wait if its more.
there can be some reasons for this.
* any user may be downloading heavy files- this you can see in the apache status.
* you can see the heavy cpu consuming processes on the server by ps auxw|grep mvi,mgp,mp3,pkgacct,backup,gzip and you can get the processes. check it and kill it as necessary.
* last is check out for bad processes by ps auxw|grep nobody and kill the bad processes. to know more about what is happening behind the process you can check at /proc/procid.==============================================================================================
1> ps aux | grep nobody or gzip /backup /fixquota
2> TOP / shift + p / shift + m / k =kill
3> tail -f /var/log/... | grep ... .avi/.mpg/.rar/.jpg all logs
4> cd /proc/pid ls -alh
5> Apache status/ cpu mysql memory usage form whm
6> netstat -n
7> w
8> Event Viewer log / Task manager for windows
9>tail -f /var/log/exim_mainlog|grep tmp /sendmail /public_html
==============================================================================================
1) top.....to see the process list, then accroding kill the process which is taking load
2) ps -aux
ps -aux | grep gzip, backup, pkg
tail -f /var/log/exim_maillog | grep sendmail, public, tmp
3) w to see whois online
4) kill httpd, mysqld, cppop
5) netstat
6) mysqladmin process :- to see the mysql process
7) /scripts/restartsrv_service name:- to restart the service if it goes down
8) tail -f /etc/httpd/logs/access_log
tail -f /etc/httpd/logs/error_log
or you can manage the serverload using WHM
1) under the server status option you can see the
apache status...
CPU/Mysql usages/memory
service status and you can manage the server
2) SQL services under this option you can see the mysqladmin process
3) restart services:- using this option you can restart the services
==============================================================================================
---
top
---
Will display the processes that are using the maximum processor resources
We can use various options to monitor and control process through top like shift + p, shift + m and k which is used to kill processes. r can be used to renice a process and prioritise a process. In case of high i/o wait we need to check the logs for
high resources using processes.
------
uptime
------
It displays the the time since the server has been up and running, number of users logged in and the load average. Similarly we can use 'w'.
---------
ps -auxwf
---------
Will display the process with details like, username, pid, resource usage and child processes. It is very effective in monitoring processes.
We generally use ps -auxwf | grep gzip
ps -auxwf | grep backup
ps -auxwf | grep pkg
For bad processes - ps -auxwf | grep nobody
ps -aufxw |sort -nr |grep -v 0.0 - Shows which CPU consumming proccesses
----------------
kill and killall
Scenario: Want to kill all processes of particular user, fire the following command:
kill -9 $(pgrep -u username)
Ex: kill -9 $(pgrep -u nobody)
OR
kill -9 `ps -u username -o "pid="`
Ex: kill -9 `ps -u nobody -o "pid="`
----------------
used to kill processes or services that are found to be eating up server resources.
--------
Spamming
--------
To check spamming we can watch for the mail logs using :
tail -f /var/log/exim_mainlog | grep sendmail
tail -f /var/log/exim_mainlog | grep tmp
tail -f /var/log/exim_mainlog | grep public_html
as spamming can be done from a user's public_html directory using a script or through sendmail. Another way of spamming is using the tmp directory as it is the 'world writable directory'.
--------------
WebServer logs
--------------
We can check for customized logs in the WHM under the Server Status section.
We can trace the user responsible for high web server resource usage by the folowing command
tail -f /etc/httpd/logs/access_log | grep mp3
tail -f /etc/httpd/logs/access_log | grep rar
tail -f /etc/httpd/logs/access_log | grep wav etc
tail -f /etc/httpd/logs/access_log | grep 408 can be used to check for DDOS attacks on the server.
-----
mysql
-----
Apart from top and ps, 'mysqladmin processlist' can be used to check the mysql processes, users and the type of process/query being run by the user.
Killing a proceess is the first option to control server load, restarting the affected server is another option. Still if the load is high we track down the responsible user and suspend him.(This applies for all servers,i.e,apache, mysql, exim etc.)
==============================================================================================
1. top - check load average, iowait, httpd, mysql, exim etc.
2. P = CPU Usage, M = Memory Usage, K = kill unwanted processes.
3. If load is high, run "deep".
4. Login to WHM of the server and check apache, cpu/memory, mysql status.
5. If any user found downloading gif images, mp3, etc; suspend that particular user.
iowait is high, someone is backing up their files; run
# ps aux | grep pkg
# ps aux | grep gzip
# ps aux | grep backup
Spamming check-
# tail /var/log/exim_mainlog –f | grep public_html
MySQLdump check-
# ps aux | grep mysqldump
# mysqladmin processlist -- mysql status
Bad processes running-
# ps aux | grep nobody
Service restart commands-
#/scripts/restartsrv_mysql
#/scripts/restartsrv_httpd
#/scripts/restartsrv_exim
==============================================================================================
By using a top command you can find out the process which is causing the load on the server. You can use kill or kilall command to kill that process. OR you can run deep command which will kill all the httpd, exim and mysql process. once the server load comes down restart the service which you have killed.
1. Apache :-
Using top command, we will come to know whether httpd service is eating up high resources on server. if so then kill the httpd service and restart it again when load comes to normal.
You can check if any backup is going on, run the following commands:
# ps aux | grep pkg
# ps aux | grep gzip
# ps aux | grep backup
If any backup process is going on, kill that process.
Also Login to WHM and Check for "Apache ststus", if find anyone downloading mp3,rar,exe,zip files then suspend that account.
the other way to check any download is going on is by using
ps auxw | grep nobody | grep mp3 , jpeg, wmv, mpeg, rar and kill that process.
ALso you can used to check "cpu/memory/Mysql Usage" option from WHM. Here we can find actual CPU and Memory usage for particular domain.
2. Exim Mail :-
Check for spamming by checking the logs for exim
tail -f /var/log/exim_mainlog >> checking for logs and check which email addresses is continuesly scrolling and confirm is it doing spaming,if confirmed then suspend account.
tail -f /var/log/exim_mainlog | grep tmp
Login to whm and select "Manage Mailqueue" to find the email address which is doing spamming.
3. MySQL :-
Use the mysqladmin command as mysqladmin process / mysqladmin status
Also used to check "cpu/memory/Mysql Usage" option from WHM. You can get actual CPU and Memory usage for particular domain.
4. Ftp :-
ps -aux | grep ftp >> used for checking ftp action taken by user like uploading /downloading files
tail -f /var/log/secure
5. ps command :-
Use ps -auxw command ALWAYS to check if there is bad processes running by doing ps aux|grep nobody. You'll sometimes see bad scripts running as nobody. Normally only httpd, merlange chat, and sometimes proftpd are run as user nobody. so if you find any other process is running as user nobody kill that process.
kill -9 pidofproc
==============================================================================================
Some basic commands to see load average and process running on the server,
1]top :: This command is very useful for system administartion. Basically it gives you summary view of system, including number of users, memory usage, CPU usage and active processes.
Shift+p =>list all processes accourding to maximum CPU usage.
Shift+m=>list all processes accourding to maximum memory usage.
2]w :: This commands gives us information regarding who is logged into server and what processes they are running
w -s , gives you shorter process listing.
3]uptime:: It will also gives us information regarding the number of user logged into server, Current time, time since server is up, load average.
4]ps :: list the current running processes.
ps -aux , gives us information of users, PID, resoure usages like CPU and memory, processes running.
Reasons for increase of load on the server::
Load on server will get increase due to sevral reasons sated below,
1.many httpd processes
2.any user is downloading mp3, exe, zip files
3.email spamming
4.uploading/downloading files via FTP
5.mysql processes and queries run by user
Troubleshooting::
1.If many load increased suddenly, fire "deep" command, which kills httpd, mysql and exim processes.
2. Also Login to WHM and Check for "Apache ststus", if find anyone downloading mp3,rar,exe,zip files then suspend that account.
3.For spamming, you need to fire following commands,
tail -f /var/log/exim_mainlog | grep public_html
==============================================================================================
1)top
2)w
3)shift+m
4)shift+p
5)tail -f /usr/local/apache/logs/access_log
6)tail -f /usr/local/apache/logs/error_log
7)tail -f /var/log/exim_mainlog
==============================================================================================
1. Check for server load using top command with following options:
Shift p CPU Usage,
Shift m Memory Usage
& check which process is taking load with the help of above two options.
Kill the responsible process using k option.
2. Check for the downloads using
# ps auxw | grep nobody | grep mp3 , jpeg, wmv, mpeg, rar
# ps auxw | grep gzip, backup, fixquota
Suspend the perticular account who is repeatedly downloading the above mentioned files.
3. Check for access & error logs for following options
# tail -f /etc/httpd/logs/access_log | grep 408, zip
# tail -f /etc/httpd/logs/error_log | grep 203
4. Check mail spamming with following commands.
#tail -f /var/log/exim_mainlog | grep sendmail, public_html, tmp
5. Login to WHM of the server and check apache, cpu/memory, mysql status & check for frozen mails in mail queue manager.
6. Check Mysql errors with
# mysqladmin processlist
check the users, command, time & information fields.
7. If you are making changes to httpd.conf then first run # httpd -configtest before restarting httpd to reduce the downtime.
8. Restart the perticular service causing load tomgo hihg with # /scripts/restartsrv_httpd, exim, mysql
============================================
find command:
find - search for files in a directory hierarchy
Some useful syntax for find commands
find -perm 777 - to find files and folders which have 777 permission
find -user nobody - to find files and folders which have nobody ownership
find -name "test" - to find files or folders which have the name "test"
You can use special caracters like *, ?, \ etc with find command as per your requirment.
For exa- How to find all directories and files from /home which have the name contents like "fishingbank" with the nobody ownership ?
root@server [~]# find /home/ -name "*fishingbank*" -user nobody
Please read man page for more info
Enjoy:)
Some useful syntax for find commands
find -perm 777 - to find files and folders which have 777 permission
find -user nobody - to find files and folders which have nobody ownership
find -name "test" - to find files or folders which have the name "test"
You can use special caracters like *, ?, \ etc with find command as per your requirment.
For exa- How to find all directories and files from /home which have the name contents like "fishingbank" with the nobody ownership ?
root@server [~]# find /home/ -name "*fishingbank*" -user nobody
Please read man page for more info
Enjoy:)
semget: No space left on device
Whenever you start Apache, it keeps crashing with error "semget: No space left on device".
# tail /etc/httpd/logs/error_log
semget: No space left on device
semget: No space left on device
[Wed Sep 12 10:54:27 2007] [warn] pid file /usr/local/apache/logs/httpd.pid overwritten
-- Unclean shutdown of previous Apache run? semget: No space left on device
[Wed Sep 12 10:56:27 2007] [warn] pid file /usr/local/apache/logs/httpd.pid overwritten
-- Unclean shutdown of previous Apache run? semget: No space left on device
[Wed Sep 12 10:58:27 2007] [warn] pid file /usr/local/apache/logs/httpd.pid overwritten
-- Unclean shutdown of previous Apache run? semget: No space left on device
[Wed Sep 12 11:00:27 2007] [warn] pid file /usr/local/apache/logs/httpd.pid overwritten
-- Unclean shutdown of previous Apache run? semget: No space left on device
If you have similar problem as mine above + if your disk space is nowhere near/above 100% + /var/messages and /usr/local/apache/logs/error_log shows no clue about this problem + any files in /etc/httpd/logs/ and /etc/httpd/domlogs nowhere near/above 2GB in size, its most probably semaphore problem. Use the following script to cure your Apache.
#!/bin/bash
ipcs -s | grep nobody | perl -e 'while () {
@a=split(/\s+/); print `ipcrm sem $a[1]`}'
/scripts/restartsrv httpd
Script how to:
- SSH as root to your CPanel server
- Go to root dir
# cd /root
- Create a httpdsemclean.sh blank file
# pico httpdsemclean.sh
- Write above script
- Save
Ctrl + O
- Exit pico
Ctrl + X
- Chmod httpdsemclean.sh to 777
# chmod 777 httpdsemclean.sh
- Execute the script
./httpdsemclean.sh
If all goes fine, you'll see something like this:
...
resource(s) deleted
resource(s) deleted
resource(s) deleted
resource(s) deleted
resource(s) deleted
resource(s) deleted
resource(s) deleted
resource(s) deleted
resource(s) deleted
resource(s) deleted
Waiting for httpd to restart..............finished.
httpd started ok
PS: Do this at your own risk, we do not guarantee this will work on all CPanel servers!
# tail /etc/httpd/logs/error_log
semget: No space left on device
semget: No space left on device
[Wed Sep 12 10:54:27 2007] [warn] pid file /usr/local/apache/logs/httpd.pid overwritten
-- Unclean shutdown of previous Apache run? semget: No space left on device
[Wed Sep 12 10:56:27 2007] [warn] pid file /usr/local/apache/logs/httpd.pid overwritten
-- Unclean shutdown of previous Apache run? semget: No space left on device
[Wed Sep 12 10:58:27 2007] [warn] pid file /usr/local/apache/logs/httpd.pid overwritten
-- Unclean shutdown of previous Apache run? semget: No space left on device
[Wed Sep 12 11:00:27 2007] [warn] pid file /usr/local/apache/logs/httpd.pid overwritten
-- Unclean shutdown of previous Apache run? semget: No space left on device
If you have similar problem as mine above + if your disk space is nowhere near/above 100% + /var/messages and /usr/local/apache/logs/error_log shows no clue about this problem + any files in /etc/httpd/logs/ and /etc/httpd/domlogs nowhere near/above 2GB in size, its most probably semaphore problem. Use the following script to cure your Apache.
#!/bin/bash
ipcs -s | grep nobody | perl -e 'while () {
@a=split(/\s+/); print `ipcrm sem $a[1]`}'
/scripts/restartsrv httpd
Script how to:
- SSH as root to your CPanel server
- Go to root dir
# cd /root
- Create a httpdsemclean.sh blank file
# pico httpdsemclean.sh
- Write above script
- Save
Ctrl + O
- Exit pico
Ctrl + X
- Chmod httpdsemclean.sh to 777
# chmod 777 httpdsemclean.sh
- Execute the script
./httpdsemclean.sh
If all goes fine, you'll see something like this:
...
resource(s) deleted
resource(s) deleted
resource(s) deleted
resource(s) deleted
resource(s) deleted
resource(s) deleted
resource(s) deleted
resource(s) deleted
resource(s) deleted
resource(s) deleted
Waiting for httpd to restart..............finished.
httpd started ok
PS: Do this at your own risk, we do not guarantee this will work on all CPanel servers!
Changing multiple account ownerships via SSH
Issue:
How to change the ownership of multiple accounts under /home via SSH? The option in WHM is a bit tedious.
Solution :
To change the ownership of all accounts to the respective user.user :
cd /home
ls -al | grep root
for i in `ls /var/cpanel/users/`; do chown $i:$i /home/$i ; done
for i in `ls /var/cpanel/users/`; do chown -R $i:$i /home/$i/* ; done
Then change the ownership of the individual public_htmls to their respective user.nobody:
for i in `ls /var/cpanel/users/`; do chown $i:nobody /home/$i/public_html ; done
Change the permissions for public_htmls to 750:
for i in `ls /var/cpanel/users/`; do chmod 750 /home/$i/public_html ; done
Fix the permissions for mail to work fine:
/scripts/mailperm
Fix the ownership of /home:
chown root.root /home
How to change the ownership of multiple accounts under /home via SSH? The option in WHM is a bit tedious.
Solution :
To change the ownership of all accounts to the respective user.user :
cd /home
ls -al | grep root
for i in `ls /var/cpanel/users/`; do chown $i:$i /home/$i ; done
for i in `ls /var/cpanel/users/`; do chown -R $i:$i /home/$i/* ; done
Then change the ownership of the individual public_htmls to their respective user.nobody:
for i in `ls /var/cpanel/users/`; do chown $i:nobody /home/$i/public_html ; done
Change the permissions for public_htmls to 750:
for i in `ls /var/cpanel/users/`; do chmod 750 /home/$i/public_html ; done
Fix the permissions for mail to work fine:
/scripts/mailperm
Fix the ownership of /home:
chown root.root /home
Spamd child process causing high server load
Spamd child process causing high server load
Posted by Mayur's BLOG
Sometimes, spamd child process for a particular user can cause high server load. This is a bug with spamassassin :
To fix the issue, apply the patch mentioned in the bug.
For cPanel servers, run the following scripts:
/scripts/autorepair spamd_dbm_fix
/etc/init.d/exim restart
Posted by Mayur's BLOG
Sometimes, spamd child process for a particular user can cause high server load. This is a bug with spamassassin :
To fix the issue, apply the patch mentioned in the bug.
For cPanel servers, run the following scripts:
/scripts/autorepair spamd_dbm_fix
/etc/init.d/exim restart
Wednesday, January 12, 2011
Lynx command to download files
Lynx command is useful to browser websites via command line
lynx URL
=========
To download a file
lynx -source URL > filename
eg: To download from the web using Lynx from the Unix command line prompt, enter: lynx -source URL > filename Replace URL with the URL of the page or image that you want to download. Replace filename with a filename that you want to give to what you are downloading. For example, if you are trying to download a web page at the address http://empire.gov/dvader.html, and you'd like to name the page on your account myhero.html, then you'd enter: lynx -source http://empire.gov/dvader.html > myhero.html
If you want to download a web page in formatted output (i.e., without HTML tags, but instead as it would appear in Lynx), then enter: lynx -dump URL > filename
lynx URL
=========
To download a file
lynx -source URL > filename
eg: To download from the web using Lynx from the Unix command line prompt, enter: lynx -source URL > filename Replace URL with the URL of the page or image that you want to download. Replace filename with a filename that you want to give to what you are downloading. For example, if you are trying to download a web page at the address http://empire.gov/dvader.html, and you'd like to name the page on your account myhero.html, then you'd enter: lynx -source http://empire.gov/dvader.html > myhero.html
If you want to download a web page in formatted output (i.e., without HTML tags, but instead as it would appear in Lynx), then enter: lynx -dump URL > filename
Tuesday, January 11, 2011
Directory listing is not working in FTP
Hello,
We can sort this by using the following commands
==========
modprobe ip_conntrack_ftp
lsmod
=========
We can sort this by using the following commands
==========
modprobe ip_conntrack_ftp
lsmod
=========
Monday, January 3, 2011
Webmail shows Internale server error + quota warning
Error message:
Internal Server Error
User 'morejoyo' is over quota.
=============
Solution:
vi /var/cpanel/overquota/username
edit the entries
=========
i.e 1024010:1024000
corrected syntax 1024010:1024010
=========
then restart cpanel : /etc/init.d/cpanel restart
Internal Server Error
User 'morejoyo' is over quota.
=============
Solution:
vi /var/cpanel/overquota/username
edit the entries
=========
i.e 1024010:1024000
corrected syntax 1024010:1024010
=========
then restart cpanel : /etc/init.d/cpanel restart
Subscribe to:
Posts (Atom)