Tuesday, August 23, 2011

Confgure custom php for a particular domain

php 5.3.6 is currently not available in the easy apache script. So if any user want to use thi version in a shared cpanel server, we can manually compile and then enable this version for that user using an htaccess rule.

==============
cd /usr/src

wget http://in2.php.net/get/php-5.3.7.tar.gz/from/us.php.net/mirror

tar -zxf php-5.3.7.tar.gz

cd php-5.3.7

use the same configure option as of 5.3.6 and give the prefix as say for example /usr/local/jibin/php5.3/

=================
./configure --prefix=/usr/local/jibin/php5.3 --enable-bcmath --enable-calendar --enable-ftp --enable-gd-native-ttf --enable-libxml --enable-mbstring --enable-pdo=shared --enable-sockets --enable-wddx --enable-zend-multibyte --enable-zip --with-curl=/opt/curlssl/ --with-curlwrappers --with-freetype-dir=/usr --with-gd --with-gettext --with-imap=/opt/php_with_imap_client/ --with-imap-ssl=/usr --with-jpeg-dir=/usr --with-kerberos --with-libexpat-dir=/usr --with-libxml-dir=/opt/xml2/ --with-mcrypt=/opt/libmcrypt/ --with-mhash=/opt/mhash/ --with-mysql --with-mysqli --with-openssl=/usr --with-openssl-dir=/usr --with-pcre-regex=/opt/pcre --with-pdo-mysql=shared --with-pdo-sqlite=shared --with-png-dir=/usr --with-pspell --with-sqlite=shared --with-tidy=/opt/tidy/ --with-xmlrpc --with-xpm-dir=/usr --with-xsl=/opt/xslt/ --with-zlib --with-zlib-dir=/usr
=================

make

make install

copy the php.ini file from the location /usr.local/lib/php.ini.

cp /usr/local/lib/php.ini /usr/local/jibin/php5.3/lib/

NOTE: Please edit the file php.ini i.e extensions and change the path to /usr/local/jibin/php5.3/lib/php/extensions

Once compiled you can check the version using the command

/usr/local/php-5.3.7/bin/php-cgi -v

add the following line in the section “handlers” in the suphp.conf file if the default php in the server is compiled as suphp

vi /opt/suphp/etc/suphp.conf

application/x-httpd-php5.3=”php:/usr/local/jibin/php5.3/bin/php-cgi”

Now add the rule to the file “pre_main_2.conf” for enabling this version for any particulkar domain.

vi /usr/local/apache/conf/includes/pre_main_2.conf


Allow from All


suPHP_AddHandler application/x-httpd-php5.3
AddType application/x-httpd-php5.3 .php


To remove first 10 lines

tail -n +11 filename

To change the gateway

to delete the current gateway:sudo route -n del default
to add the new gateway : sudo route add gw default IP

To change env

PATH=$PATH:/usr/local/sbin

cpanel restart error

=============
Starting tailwatchd: Can't locate Getopt/Param/Tiny.pm in @INC (@INC contains: /usr/local/cpanel /usr/local/cpanel/Cpanel/CPAN/overload/__Time /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8 .) at /usr/local/cpanel/Cpanel/TailWatch.pm line 17.
BEGIN failed--compilation aborted at /usr/local/cpanel/Cpanel/TailWatch.pm line 17.
Compilation failed in require at /usr/local/cpanel/libexec/tailwatchd line 14.
BEGIN failed--compilation aborted at /usr/local/cpanel/libexec/tailwatchd line 14.
[FAILED]
Starting cPanel Log services: Can't locate Unix/PID.pm in @INC (@INC contains: /usr/local/cpanel/3rdparty/lib/perl/5.8.8/x86_64-linux-thread-multi/auto /usr/local/cpanel/3rdparty/lib/perl/5.8.8/x86_64-linux-thread-multi /usr/local/cpanel/3rdparty/lib/perl/5.8.8 /usr/local/cpanel/3rdparty/lib/perl /usr/local/cpanel /usr/local/cpanel/3rdparty/lib/perl /usr/local/cpanel/Cpanel/CPAN/overload/__Time /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8 .) at /usr/local/cpanel/libexec/cpanellogd line 13.
BEGIN failed--compilation aborted at /usr/local/cpanel/libexec/cpanellogd line 13.
================


root@server1 [~]# ls -alh /usr/bin/perl
-rwxr-xr-x 2 root root 19K Jun 13 05:58 /usr/bin/perl*
root@server1 [~]# ls -alh /usr/local/bin/perl
-rwxr-xr-x 2 root root 1.2M Aug 10 18:26 /usr/local/bin/perl*


One should be a binary file, and the other should be a symlink to the binary file. To fix the problem, I moved the perl from /usr/local/bin to /root and created a symlink to /usr/bin/perl in its place:


root@server1 [~]# mv /usr/local/bin/perl /root/
root@server1 [~]# ln -s /usr/bin/perl /usr/local/bin/perl

To check the total running time of proces

ps -eo pid,etime,args

Script to split a column into multiple columns

awk '{a[NR%14+1]=a[NR%14+1]" "$0} END {for (i in a){print a[i]}}

To create a empty test file

It will create an empty file with size

dd if=/dev/zero of=/home/jibin/jibin/testin bs=1M count=1024

Sunday, August 14, 2011

cpanel dnsonly


cPanel DNS ONLY is software that allows you to run a dedicated physical nameserver, which you can then link to your web server(s) using WHM's DNS Clustering feature. This means that any change to your web server's DNS information will automatically be sent to the DNS ONLY server, eliminating the need to run nameserver software on your web server.

The main advantage to DNS ONLY is stability: if your web server has an outage, your DNS information stays accessible, even when your web server is offline. This allows visitors to reach websites on your server more quickly after the web server comes back online. In addition, you can move accounts from one server to another without your customers having to change their DNS records. For these reasons, DNS ONLY is optimal for web hosts running multiple servers.


================

change ssh port via WHM

Log in to WHM as root user and browse following URL.

http://192.168.0.2:2086/scripts2/autofixer

Use your server ip instead of 192.168.0.2 in above URL. To reset the sshd_config file insert "safesshrestart" in following autofixer window.



The safesshrestart autofixer will show you following execution.



If you are using another port before resetting default sshd_config file by using autofixer then first SSH to server by using default SSH port 22 and restart the SSHD service, it will reset your existing SSHD port.

You can find more information regarding autofixer feature at following URL

Index of /autofixer/

http://httpupdate.cpanel.net/autofixer/

Friday, August 12, 2011

Bash History: Display Date And Time For Each Command

How do I display shell command history with date and time under Linux OS?

If the HISTTIMEFORMAT is set, the time stamp information associated with each history entry is written to the history file, marked with the history comment character. Defining the environment variable as follows:
$ HISTTIMEFORMAT=”%d/%m/%y %T “
OR
echo ‘export HISTTIMEFORMAT=”%d/%m/%y %T “‘ >> ~/.bash_profile

Where,
%d – Day
%m – Month
%y – Year
%T – Time

To see history type

# history

Wednesday, August 10, 2011

File structure

-rw-r----- 1 ramesh team-dev 9275204 Jun 13 15:27 mthesaur.txt.gz

Ist character: type of the file
field 1: File Permissions
field 2 : Number of links
field 3 : Owner
field 4 : Group
field 5 : Size
field 6 : Last modified date & time
Field 7 : File name


83427329 drwxrwx---+ 13 99 nisusers 4096 2010-07-19 15:21 public

It indicates an acl is associated with that file.

83427329 drwxrwx---T 13 99 nisusers 4096 2010-07-19 15:21 public

T=stickybit

Monday, August 8, 2011

awk scripting

awk print {'print $column name'}

To print 2 cloumns

ll | awk {'print $2,$3'}

1. Awk FS : Input field separator variable.

syntax: awk -F 'FS' 'commands' inputfilename

cat /etc/passwd |awk -F : {'print $1'}
OR
awk -F : {'print $1'} < /etc/passwd


EXAMPLES:

test file:

[root@drbd1 korion]# cat emplyeet.xt
100 Thomas Manager Sales $5,000
200 Jason Developer Technology $5,500
300 Sanjay Sysadmin Technology $7,000
400 Nisha Manager Marketing $9,500
500 Randy DBA Technology $6,000

a) To print all the contents

awk {'print ;'}
b) Print the lines which matches with the pattern.

awk can accept any number of patterns, but each pattern should be in a new line

awk '/Thomas/
> /Nisha/'
c)Print only specific field.

cat emplyeet.txt | awk {'print $2'}

d)Initialization and Final Action

Syntax:

BEGIN { Actions}
{ACTION} # Action for everyline in a file
END { Actions }

example:

awk 'BEGIN {print "Name\tDesignation\tDepartment\tSalary";} {print $2,"\t",$3,"\t",$4,"\t",$NF;} END{print "Report Generated\n--------------";}'
[root@drbd1 korion]# awk 'BEGIN {print "Name\tDesignation\tDepartment\tSalary";} {print $2,"\t",$3,"\t",$4,"\t",$NF;} END{print "Report Generated\n--------------";}' Name Designation Department Salary
Thomas Manager Sales $5,000
Jason Developer Technology $5,500
Sanjay Sysadmin Technology $7,000
Nisha Manager Marketing $9,500
Randy DBA Technology $6,000
Report Generated

=========================================================
exapmple2:
To print emplyee details having id >200

awk '$1 >200'
[root@drbd1 korion]# awk '$1 >200' 300 Sanjay Sysadmin Technology $7,000
400 Nisha Manager Marketing $9,500
500 Randy DBA Technology $6,000
[root@drbd1 korion]#
=========================================================

example 3:

Print the list of employees in Technology department

awk '/Technology/'
[root@drbd1 korion]# awk '/Technology/' 200 Jason Developer Technology $5,500
300 Sanjay Sysadmin Technology $7,000
500 Randy DBA Technology $6,000


OR

[root@drbd1 korion]# awk '$4 ~/Technology/' 200 Jason Developer Technology $5,500
300 Sanjay Sysadmin Technology $7,000
500 Randy DBA Technology $6,000
[root@drbd1 korion]#


example 4: Print number of emplyees in technology department

awk 'BEGIN {count=0;} $4 ~/Marketing/ {count++;} END {print "The number of emps in Marketing dept is =",count;}'
[root@drbd1 korion]# awk 'BEGIN {count=0;} $4 ~/Marketing/ {count++;} END {print "The number of emps in Marketing dept is =",count;}' The number of emps in Marketing dept is = 2


IMPORTANT:

To print strings start with a particular letter


EXAMPLE: print emplyee names which starts with T

awk '$2 ~ /^T/'
[root@drbd1 korion]# awk '$2 ~ /^T/' 100 Thomas Manager Sales $5,000
600 Tom Admin Marketing $9,000
[root@drbd1 korion]#

EXAMPLE: print emplyee names which not starts with T

awk '$2 !~ /^T/'
[root@drbd1 korion]# awk '$2 !~ /^T/' 200 Jason Developer Technology $5,500
300 Sanjay Sysadmin Technology $7,000
400 Nisha Manager Marketing $9,500
500 Randy DBA Technology $6,000
[root@drbd1 korion]#

=====================================================

awk script to print directories

ll | awk '$1 ~ /^drwxr/'

awk script to print files in a directory

ll | awk '$1 !~ /^drwxr/'

=====================================================

Friday, August 5, 2011

Find user Bandwidth from SSH (CPanel)

Create a new file with following code and chmod +x the file and then execute with 2 parameters viz. month and year.

cd /root

vi bandwidth

#!/bin/bash

cd /var/cpanel/bandwidth/
ls | grep -v "\." | xargs -n 1 -izzz sh -c "echo -n zzz \" = \"; egrep \"^$1\..*\.$2-all\" zzz | awk -F'=' 'START {bytes=0} { bytes+=\$2 } END {print bytes/1024/1024 \" MB\"}'"
cd -

Usage:

./bandwidth month year

Eg To see top 20 BW taking users in April 2009

./bandwidth 3 2009 | sort -nrk 3 | head -20

The above will show the result in the descending order, the highest BW usage account first.

User names can be related with domain names from /etc/trueuserdomains

To disable ping request

To disable ping request, please use the following

================
# echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
================

SE linux

SELinux is available in all major distros by default. During the installation of Linux [RedHat/Fedora], you will be prompted to enable or disable SELinux along with the firewall option.

In Fedora/Redhat, SELinux can be enabled or disabled by editing the file “/etc/selinux/config “. There are 3 modes for the parameter SELINUX. They are:

SELINUX = disabled
SELINUX = permissive
SELINUX = enforcing

The values ‘disabled‘ and ‘permissive‘ are mainly used to disable SELinux in a server.

The value “disabled” will completely switch off SELinux. All operations will be allowed to work normally and the policies of security attributes will not have any effect on the services or files.

The value “permissive” will allow all operations, but logs those which can be denied using the policy. All warnings get logged, thereby allowing the audit of each process interaction for creating corresponding policy rules.

IP location

You can find the IP address location from the following


============
http://www.maxmind.com/app/locate_demo_ip
============

sar

Sar
=================
1,root@testserver [~]# sar -u
Linux 2.6.18-92.1.18.el5.028stab060.8 (testserver.com) 08/03/11

00:00:01 CPU %user %nice %system %iowait %steal %idle
00:10:01 all 0.04 0.00 0.02 0.00 0.00 99.94
00:20:01 all 0.04 0.00 0.01 0.00 0.00 99.95
00:30:01 all 0.03 0.00 0.01 0.00 0.00 99.95

%user: Percentage of CPU utilization that occurred while executing at the user level (application).
%nice: Percentage of CPU utilization that occurred while executing at the user level with nice priority.
%system: Percentage of CPU utilization that occurred while executing at the system level (kernel).
%iowait: Percentage of time that the CPU or CPUs were idle during which the system had an outstanding disk I/O request.
%idle: Percentage of time that the CPU or CPUs were idle and the system did not have an outstanding disk I/O request.
==============

2,root@testserver [~]# sar -c
Linux 2.6.18-92.1.18.el5.028stab060.8 (testserver.com) 08/03/11

00:00:01 proc/s
00:10:01 67.49
00:20:01 23.24
00:30:01 14.26
00:40:01 14.31


To view process creation statistics, enter:

==============

3,root@testserver [~]# sar -b
Linux 2.6.18-92.1.18.el5.028stab060.8 (testserver.com) 08/03/11

00:00:01 tps rtps wtps bread/s bwrtn/s
00:10:01 0.00 0.00 0.00 0.00 0.00
00:20:01 0.00 0.00 0.00 0.00 0.00

tps
Total number of transfers per second that were issued to physical devices. A transfer is an I/O request to a physical device. Multiple logical requests can be combined into a single I/O request to the device. A transfer is of indeterminate size.

rtps
Total number of read requests per second issued to physical devices.

wtps
Total number of write requests per second issued to physical devices.

bread/s
Total amount of data read from the devices in blocks per second. Blocks are equivalent to sectors and therefore have a size of 512 bytes.

bwrtn/s
Total amount of data written to devices in blocks per second.
==============
sar -r

The -r argument shows free memory and swap space over time.
00:00:01 kbmemfree kbmemused %memused kbbuffers kbcached kbswpfree kbswpused %swpused kbswpcad
00:10:01 7729888 434288 5.32 0 0 0 0 0.00 0
00:20:01 7731636 432540 5.30 0 0 0 0 0.00 0
00:30:01 7728988 435188 5.33 0 0 0 0 0.00 0
00:40:01 7732808 431368 5.28 0 0 0 0 0.00 0
00:50:01 7734200 429976 5.27 0 0 0 0 0.00 0
Average: 7731504 432672 5.30 0 0 0 0 0.00 0
=====================



cd /var/log/sa/
-rw-r--r-- 1 root root 279024 Aug 1 23:50 sa01
-rw-r--r-- 1 root root 279024 Aug 2 23:50 sa02
-rw-r--r-- 1 root root 17664 Aug 3 01:20 sa03

sar -q -f sa01 | less

====================
root@testserver [~]# sar -P ALL
Linux 2.6.18-92.1.18.el5.028stab060.8 (testserver.com) 08/03/11

00:00:01 CPU %user %nice %system %iowait %steal %idle
00:10:01 all 0.04 0.00 0.02 0.00 0.00 99.94
00:10:01 0 0.02 0.00 0.01 0.00 0.00 99.97
00:10:01 1 0.01 0.00 0.01 0.00 0.00 99.99
00:10:01 2 0.05 0.00 0.02 0.00 0.00 99.94
00:10:01 3 0.04 0.00 0.01 0.00 0.00 99.95
00:10:01 4 0.03 0.00 0.02 0.00 0.00 99.95
00:10:01 5 0.07 0.04 0.02 0.02 0.00 99.85
00:10:01 6 0.08 0.00 0.02 0.01 0.00 99.89
00:10:01 7 0.02 0.00 0.01 0.00 0.00 99.96
====================
root@testserver [~]# sar -R
Linux 2.6.18-92.1.18.el5.028stab060.8 (testserver.com) 08/03/11

00:00:01 frmpg/s bufpg/s campg/s
00:10:01 1.46 0.00 0.00
00:20:01 0.73 0.00 0.00
00:30:01 -1.10 0.00 0.00

-R
Report memory statistics. The following values are displayed:

frmpg/s

Number of memory pages freed by the system per second. A negative value represents a number of pages allocated by the system. Note that a page has a size of 4 kB or 8 kB according to the machine architecture.

bufpg/s

Number of additional memory pages used as buffers by the system per second. A negative value means fewer pages used as buffers by the system.

campg/s

Number of additional memory pages cached by the system per second. A negative value means fewer pages in the cache.
====================
root@testserver [/var/log/sa]# sar -q
Linux 2.6.18-92.1.18.el5.028stab060.8 (testserver.com) 08/03/11

00:00:01 runq-sz plist-sz ldavg-1 ldavg-5 ldavg-15
00:10:01 1 88 0.00 0.00 0.00

This reports the run queue size and load average of last 1 minute, 5 minutes, and 15 minutes. “1 3″ reports for every 1 seconds a total of 3 times.
The “blocked” column displays the number of tasks that are currently blocked and waiting for I/O operation to complete.
====================
sar -w

00:00:01 cswch/s
00:10:01 1958.80

his reports the total number of context switches per second.

===========
root@testserver [/var/log/sa]# sar -v
Linux 2.6.18-92.1.18.el5.028stab060.8 (testserver.com) 08/03/11

00:00:01 dentunusd file-sz inode-sz super-sz %super-sz dquot-sz %dquot-sz rtsig-sz %rtsig-sz
00:10:01 528134 510 196314 0 0.00 0 0.00 0 0.00
00:20:01 531924 1 197341 0 0.00 0 0.00 0 0.00

================

sar -n DEV Report network statistics.

IFACE
Name of the network interface for which statistics are reported.

rxpck/s
Total number of packets received per second.

txpck/s
Total number of packets transmitted per second.

rxbyt/s
Total number of bytes received per second.

txbyt/s
Total number of bytes transmitted per second.

rxcmp/s
Number of compressed packets received per second (for cslip etc.).

txcmp/s
Number of compressed packets transmitted per second.

rxmcst/s
Number of multicast packets received per second.
========================



II: SAR: It dispalys the cpu utility

=========================
From the sar command we will get the following informations:

1. CPU utilization
2. Memory paging and its utilization
3. Network I/O, and transfer statistics
4. Process creation activity
5. All block devices activity
6. Interrupts/sec etc.
=========================

contents of sar command /usr/sbin/sar
symbolic link to the sar command. /bin/sar
log file /var/log/sa
==========================

tcpdump

*. tcpdump command is also called as packet analyzer.
*. TCPdump is a tool we can use for packet analysis.
*. TCP dump is software that allows us to see inside the traffic
activity that occurs on a network. TCPdump is a Unix tool used to gather data from the
network, decipher the bits, and display the output in a human readable format (granted it does
take a little bit of instruction to learn the TCPdump language).


Commands:
====================================
1. To select an interface type:

tcpdump -i eth0

where eth0 is the interface
=====================================

2. To select the type of traffic you want to watch you can just specify after your interface. For
now we want to see TCP traffic.

tcpdump -i etho tcp
====================================

3.TCPdump gives us the option to dump the records into binary format to read later with
TCPdump. We do this using the –w filename option.

TCPdump -i eth0 -F myfilter.txt -w LSOoutput

And to read that file back in we use the –r filename option, gee that makes sense; read = –r
& write = –w.

TCPdump -i eth0 -F myfilter.txt -r LSOoutput

====================================

4.Reading TCPdump Output

Here is an example record:
20:08:41.313149 rootwars.org.1086 > 66.102.9.104.80: S
1192278531:1192278531(0) win 1638
-
a) 20:08:41.313149 This is the time stamp in the format of two digits for hours, two
digits for minutes, two digits for seconds, and six digits for fractional parts of a
second.

b) rootwars.org This is the source host name. The default behavior is to resolve the
hostname but you can turn it off with the TCPdump –n option. If you don’t see a
DNS name the IP will appear. Something like IP COMPUTERNAME.
c) 1086 This is the source port number or port service.
> This is a marker to indicate direction flow going from source to destination.
66.102.9.104 This is the desintation host name or IP address.
d) 80 This is the desination port number or maybe it will be translated ad HTTP.
e) S This is the TCP Flag. The S represents a SYN Flag (see the next section).
f) 1192278531:1192278531(0) This is the beginning TCP sequence number: ending
TCP sequence number (data bytes). Sequence nubers are used by TCP to order the
data received. The initial sequence number (ISN) is selected as a unique number to
mark the first byte of data. The ending sequence number is the beginning sequence
plus the number of bytes being sent with this TCP segment. In this case there were
zero bytes sent, the beginning and ending sequence numbers are the same.
win 1638 This is the receiving buffer size in bytes of rootwars.org for this connection.
======================================

5. TCP Flags in TCPdump


1. SYN - S - Session establishment request which is the first part of any TCP connection (3 way handshake).

2. ACK - ack - Ack flag is generally used to acknowledge the receipt of data from the sender. Might be in conjunction
with other flags.
3. FIN - F - Fin flag is generally used to indicate the sender’s intention to gracefully terminate the sending host’s
connection to the receiving

4. RESET - R - Reset flag is generally used to indicate the sender’s intention to immediately abort the existing
connection wit the receiving

5. PUSH - P - Push flag is generally used to immediately “push” data from the sending host to the receiving host. This is for
applications like telnet

6. URGENT - urg - Urgent flag is generally used to mean that there is “urgent” data that takes precedence over other data.

7. Placeholder - . - If the connections does not have a SYN, FIN, RESET,or PUSH flag set, a
placeholder (a period: .)will be found after the destination port

========================================

When you execute tcpdump command without any option, it will capture all the packets flowing through all the interfaces. -i option with tcpdump command, allows you to filter on a particular ethernet interface.

Some examples for tcpdump command :

1.tcpdump -i eth1 : In this example, tcpdump captured all the packets flows in the interface eth1 and displays in the standard output.

2.tcpdump -c 2 -i eth0 : When you execute tcpdump command it gives packets until you cancel the tcpdump command. Using -c option you can specify the number of packets to capture.This tcpdump command captured only 2 packets from interface eth0.

3.Capture the packets and write into a file using tcpdump -w

: tcpdump allows you to save the packets to a file, and later you can use the packet file for further analysis.
-w option writes the packets into a given file. The file extension should be .pcap, which can be read by any network protocol.

4. Display Captured Packets in ASCII using tcpdump -A

: The following tcpdump syntax prints the packet in ASCII.
$ tcpdump -A -i eth0

5.Display Captured Packets in HEX and ASCII using tcpdump -XX

: Some users might want to analyse the packets in hex values. tcpdump provides a way to print packets in both ASCII and HEX format.
$tcpdump -XX -i eth0

6. Capture packets with IP address using tcpdump -n

: In all the above examples, it prints packets with the DNS address, but not the ip address. The following example captures the packets \ and it will display the IP address of the machines involved.
: $ tcpdump -n -i eth0

7. Capture packets with proper readable timestamp using tcpdump -tttt

: $ tcpdump -n -tttt -i eth0

8. Read packets longer than N bytes

: $ tcpdump -w g_1024.pcap greater 1024

9. Receive only the packets of a specific protocol type

: You can receive the packets based on the protocol type. You can specify one of these protocols — fddi, tr, wlan, ip, ip6,arp,rarp, decnet, tcp and udp. The following example captures only arp packets flowing through the eth0 interfac

: $ tcpdump -i eth0 arp

10. Read packets lesser than N bytes

: You can receive only the packets lesser than n number of bytes using a filter ‘less’ through tcpdump command

: $ tcpdump -w l_1024.pcap less 1024

11.Receive packets flows on a particular port using tcpdump port:

: If you want to know all the packets received by a particular port on a machine, you can use tcpdump command as shown below.

: $ tcpdump -i eth0 port 22

12. Capture packets for particular destination IP and Port:

: The packets will have source and destination IP and port numbers. Using tcpdump we can apply filters on source or destination IP and port number. The following command captures packets flows in eth0, with a particular destination ip and port number 22.

: $ tcpdump -w xpackets.pcap -i eth0 dst 10.181.140.216 and port 22

13. Capture TCP communication packets between two hosts

: If two different process from two different machines are communicating through tcp protocol, we can capture those packets using tcpdump as shown below.
: $tcpdump -w comm.pcap -i eth0 dst 16.181.170.246 and port 22

14. tcpdump Filter Packets – Capture all the packets other than arp and rarp

: In tcpdump command, you can give “and”, “or” and “not” condition to filter the packets accordingly.

: $ tcpdump -i eth0 not arp and not rarp
==================

some examples:

tcpdump -npi eth0
9941 2011-08-02 13:58:03 tcpdump -nnpi eth0 not dst port 22
9942 2011-08-02 13:58:47 tcpdump -nnpi eth0 not dst port 22 and src port 22
9943 2011-08-02 13:59:23 tcpdump -nnpi eth0 and not dst port 22 and src port 22
9944 2011-08-02 13:59:31 tcpdump -nnpi eth0 and not dst port 22
9945 2011-08-02 13:59:44 tcpdump -nnp and not dst port 22
9946 2011-08-02 13:59:51 tcpdump -nnp not dst port 22
9947 2011-08-02 14:00:54 tcpdump -nnp not dst port 22 and not src port 22
9948 2011-08-02 14:01:23 tcpdump -nnp -tttt -A not dst port 22 and not src port 22

tcpdump -nnp -tttt -A not dst port 22 and not src port 22 -S

=============================================

tcpdump command examples

tcpdump -nni eth0

tcpdump -nni eth0 host 10.0.0.100

tcpdump -nni eth0 dst host 10.0.0.100 and proto tcp

tcpdump -nni eth0 src net 10.0.0.0/24 and

proto tcp and portrange 1-1024
-nn = don’t use DNS to resolve IPs and display port numbers

-i = interface to watch: lo or eth0 or venet0 (virtual machines)
dst = watch only traffic destined to a net, host, or port
src = watch only traffic whose src is a net, host, or port
net = specifies a network 10.0.0.0/24
host = specifies a host,10.0.0.100
port = specifies a port also portrange
roto = protocol ie tcp udp icmp


tcpdump -s0 -A -nni eth0 dst host 10.0.0.100
tcpdump -s0 -A -nni eth0 dst host 10.0.0.100 and dst port 80

tcpdump -s0 -A -nni eth0 dst host 10.0.0.100 and dst port 80 and

src net 10.100.0/24

tcpdump -s0 -A -nni eth0 dst net 10.0.0.0/24

tcpdump -s0 -A -nni venet0 not port 22 and dst host 10.0.0.100

and not src net 10.20.20.0/24 and not host 10.10.10.10

and src net 10.50.0.0/24
-s0 = Setting snaplen to 0 means use the required length

to catch whole packets.
-A = Print each packet (minus its link level header) in ASCII.


tcpdump -vv -c10000 -s0 -A -w hack3rcon.pcap -nni eth0 not port 22

-c = count of packets to display for exiting

-
vv = displays number of packets captured

-
w = Write the raw packets to file
# you can’t limit the size of the pcap, only the packets count
# use -c & -w together so you don’t fill up your HD.
tcpdump -s0 -A -nn -r hack3rcon.pcap and port 80

-r = read from file

Basic Usage Examples:
View Basic Network communication
tcpdump -nS (Don't resolve DNS names, print the absolute sequence numbers)

View Basic Network communication, with added verbosity
tcpdump -nnvvS (Don't resolve DNS or Port names, be more verbose when printing info, print the absolute sequence numbers)

View Network Communication Payloads in HEX
tcpdump -nnvvXS (Same as above, but this time prints the packets payload in HEX)

View Detailed Packet Information
tcpdmp -nnvvXSs 1514 (Same as above, this time we are specifying a packet length with -s 1514)


As you can see running the above on a busy network will produce loads of network traffic information.
This can be close to impossible to interpret as-is.. Tcpdump has a wonderfull thing called 'expressions'.
Using the tcpdump expressions we can remove all of the traffic we do not wish to see andonly view exactly
what we are looking for.




--------------------------------------.
0xIII TCPDump Expression: /
------------------------------------'

The true network ninja will have mastered these expressions to unleash the true power of tcpdump.
Tcpdump expressions come in three main types, those are as follows: type, dir and proto. The type
options beloging to these types are as follows: host, net and port.

The packet direction is specified by using dir, with this directive you can use the src, dst, src
or dst and src and dst options. Below are some examples of using each of these.

host - Looks for traffic based on the specified IP address, this can also be a valid dns name if the
-n options is not specified.
tcpdump host 192.168.1.1

src,dst - Looks for traffic from a specific source or destination.
tcpdump src 192.168.1.2
tcpdump dst 192.168.1.3

net - Looks for traffic from an entire CIDR range.
tcpdump net 192.168.1.0/24

proto - Looks for the type of traffic specified. proto does not need to be specified.
tcpdump tcp
tcpdump udp
tcpdump icmp

port - Looks for traffic to or from specified port. Port names can be specified by there name or numeric value.
tcpdump port 22 or tcpdump port ssh

src port, dst port - Looks for traffic based on the source or destination ports.
tcpdump src port 1025
tcpdump dst port 22

As you can see tcpdump expressions are fairly powerfull in breaking down the types of traffic we would like to see.
Now we will look into the real funky comadema that lies within tcpdump. Tcpdump has some cool features that will
allow you to combine these expresions to create even more detailed, and specific information related to traffic on
the wire. Tcpdump supports three different combinations to perform these advanced expressions, if your are a c0de
m0nkey then these will be nothing new to see... move along ....

what is loadaverage

It is the average number of processes waiting in queue to be executed by the CPU over the specified period of time.

First off, there are three load averages. From left to right there is, 1 minute load average, 5 minutes load average and 15 minutes load average.

Different Top commands

1. Top : to see the load

2. IfTop : This one will help you know who currently uses the bandwidth of your server. You will see the IP address and hostname of the other party as well as the data transfer rates in and out of these connections. Finally, at the bottom you have peaks, current rates and cummulative data transfers, in and out, and with the 1, 5 and 15 minutes averages…

3. MyTop : This one is fairly simple. It show top SQL requests made to the MySQL server, what the request is exacly (INSERT, UPDATE, DELETE, etc.), who is the user making the request, on which database and for how much time (in seconds) the query has been running.

4. This last one is simply to monitor the number of requests made to Apache, the quantity of data processed by Apache, the files currently being downloaded and such. Once again, it is a great tool to monitor live stats about your apache server.

suspicious process finding

We can use the following command to check the processes that may be using bash shells. When you get a server that seems to be hacked run the below script to check for suspicious porcesses. This will give the path to the scripts that are running curently. This command will give us the currnet working directory of all the process and it will be stored to the file /root/cwd. We can check thsi file for any suspicious process run from the user home directory. Eg given below.

root@navigator [/]# for i in `ps ax | awk {'print $1'} | grep -v PID`; do lsof -p $i | grep cwd; done > /root/cwd

root@navigator [/]# grep home /root/cwd | grep -v mail
bash 1038 root cwd DIR 8,8 4096 15270308 /home/bpcin/public_html
bash 7398 root cwd DIR 8,8 4096 7930070 /home/logger/public_html
crond 21970 madolphi cwd DIR 8,8 4096 95551493 /home/madolphi
php 21973 madolphi cwd DIR 8,8 4096 95551493 /home/madolphi
mysqld 22751 mysql cwd DIR 8,8 69632 78479361 /home/mysql
bash 24774 root cwd DIR 8,8 4096 41418821 /home/bytesil/public_html/images
crond 27996 madolphi cwd DIR 8,8 4096 95551493 /home/madolphi
php 28012 madolphi cwd DIR 8,8 4096 95551493 /home/madolphi
This will also contain the pop process for a mailbox.
eg:
pop3d 4789 morpheww cwd DIR 8,8 4096 8454332 /home/morpheww/mail/morpheusworldwide.com/operations
We can ignore this, so I used "grep -v mail". But you should check the all lines inside the file /root/cwd for a detailed check. If any malicious process is there with name mail, it will be skipped in the above command.


Let me explain some proceeses you see in this output. The processes running below are related to the cronjob of the user madolphi. You can see these processes are using the php and crond binaries. These are not dangerous.
crond 21970 madolphi cwd DIR 8,8 4096 95551493 /home/madolphi
php 21973 madolphi cwd DIR 8,8 4096 95551493 /home/madolphi
root@navigator [/home/bpcin/www]# crontab -lu madolphi
MAILTO="madolphi"
*/15 * * * * /usr/local/bin/php -q /home/madolphi/public_html/followunfollowscript.php
bash 1038 root cwd DIR 8,8 4096 15270308 /home/bpcin/public_html
The above line means a user with root permission has been ssh'ed into the server and is standng in the path /home/bpcin/public_html This could be you itslef.To make sure of this you can run the followng command.

ps aux | grep PID

Suspicious processes finding:
##################################################################
See this entry in the file /root/cwd
php 14362 homerec cwd DIR 8,8 4096 25101348 /home/homerec/public_html/my
root@navigator [/] cd /home/homerec/public_html/my/
root@navigator [/home/homerec/public_html/my]# ps ax | grep homerec
6555 pts/5 R+ 0:00 grep homerec
14362 ? S 0:02 /usr/bin/php /home/homerec/public_html/my/cp3.php
16559 ? S 0:02 /usr/bin/php /home/homerec/public_html/my/cp3.php
23391 ? S 0:02 /usr/bin/php /home/homerec/public_html/my/cp3.php


root@navigator [/home/homerec/public_html/my]# cat /home/homerec/public_html/my/php.ini
safe_mode = OFF
disable_functions = NONE

---> /home/homerec/public_html uses wordpress. php.ini is used to make the safe_mode Off.

root@navigator [/home/homerec/public_html/my]# head /home/homerec/public_html/my/cp3.php

/*||||||||||||||||||||||||||||||||||||||||||||*/
# Coded By Crazy_Hacker |
# Script: Cpanel + FTP Cracker |
# Site: www.0day.com |
# Forums: http://forums.0day.com/index.php |
/*|||||||||||||||||||||||||||||||||||||||||||*/


root@navigator [/home/homerec/public_html/my]# ll | grep php
-rw-r--r-- 1 homerec homerec 13063 May 6 10:47 cp3.php
-rw-r--r-- 1 homerec homerec 73 May 6 10:46 php.ini
-rw-r--r-- 1 homerec homerec 90553 May 6 10:47 phxdomain.php
##################################################################



##################################################################

Another entry:

bash 24774 root cwd DIR 8,8 4096 74842180 /home/amish/public_html

root@navigator [/home/amish/public_html]# lsof -p 24774
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
bash 24774 root cwd DIR 8,8 4096 15305065
/home/uberscap/public_html/cache/high/wunderbar_emporium
bash 24774 root rtd DIR 8,6 4096 2 /
bash 24774 root txt REG 8,6 801512 880457 /bin/bash
##################################################################


##################################################################
bash 24774 root cwd DIR 8,8 4096 41418821 /home/bytesil/public_html/images

root@navigator [/home/waitwhat]# head
/home/bytesil/public_html/images/new.php
GIF89a;
// ketek90@gmail.com
// no malware on this code, you can check it by yourself ;-)
##################################################################

Difference betweeen 0.0.0.0 and 255.255.255.255

0.0.0.0 represents "any address". If you bind a listening socket to 0.0.0.0, you're telling the OS to accept connections on any ip address that the host has network adapters bound to.

255.255.255.255 (INADDR_BROADCAST) is the broadcast address for your LAN segment.

Tuesday, August 2, 2011

Add a module to apache using apxs

To add mod_rewrite.c using apxs. Assuming the apache source file is located at /usr/src/apache/httpd-2.2.14

cd /usr/src/apache/httpd-2.2.14/modules/mappers/

/usr/local/apache/bin/apxs -i -a -c mod_rewrite.c



You will get the message module has been added. Restart apache.

Install mysql

Install mysql

yum list | grep mysql



Choose the mysql you need to install and do the following.

yum install mysql-package




Manual install using rpm:



Download rpms from here and install:

http://httpupdate.cpanel.net/mysqlinstall/

rpm -ivh package-name
Manual install by building from source:

wget http://mysql.he.net/Downloads/MySQL-5.1/mysql-5.1.33.tar.gz
tar xzvf mysql-5.1.33.tar.gz
cd mysql-5.1.33./configure --prefix=/usr/local/mysql
--with-extra-charsets=complex --enable-thread-safe-client
--enable-local-infile --enable-shared --with-plugins=innobase

make

make install

cd /usr/local/mysql
sudo ./bin/mysql_install_db --user=mysql
sudo chown -R mysql ./var

Start mysql

mysql -uroot

Nagios Installation

What You'll End Up With

If you follow these instructions, here's what you'll end up with:

* Nagios and the plugins will be installed underneath /usr/local/nagios
* Nagios will be configured to monitor a few aspects of your local system (CPU load, disk usage, etc.)
* The Nagios web interface will be accessible at http://localhost/nagios/

Prerequisites

During portions of the installation you'll need to have root access to your machine.

Make sure you've installed the following packages on your Fedora installation before continuing.

* Apache
* PHP
* GCC compiler
* GD development libraries

You can use yum to install these packages by running the following commands (as root):

yum install httpd php
yum install gcc glibc glibc-common
yum install gd gd-devel

1) Create Account Information

Become the root user.

su -l

Create a new nagios user account and give it a password.

/usr/sbin/useradd -m nagios
passwd nagios

Create a new nagcmd group for allowing external commands to be submitted through the web interface. Add both the nagios user and the apache user to the group.

/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -a -G nagcmd nagios
/usr/sbin/usermod -a -G nagcmd apache

2) Download Nagios and the Plugins

Create a directory for storing the downloads.

cd /usr/src

Download the source code tarballs of both Nagios and the Nagios plugins (visit http://www.nagios.org/download/ for links to the latest versions). These directions were tested with Nagios 3.1.1 and Nagios Plugins 1.4.11.

wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.1.tar.gz
wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.11.tar.gz

3) Compile and Install Nagios

Extract the Nagios source code tarball.

cd /usr/src

tar xzf nagios-3.2.1.tar.gz
cd nagios-3.2.1

Run the Nagios configure script, passing the name of the group you created earlier like so:

./configure --with-command-group=nagcmd

Compile the Nagios source code.

make all

Install binaries, init script, sample config files and set permissions on the external command directory.

make install
make install-init
make install-config
make install-commandmode

Don't start Nagios yet - there's still more that needs to be done...

4) Customize Configuration

Sample configuration files have now been installed in the /usr/local/nagios/etc directory. These sample files should work fine for getting started with Nagios. You'll need to make just one change before you proceed...

Edit the /usr/local/nagios/etc/objects/contacts.cfg config file with your favorite editor and change the email address associated with the nagiosadmin contact definition to the address you'd like to use for receiving alerts.

vi /usr/local/nagios/etc/objects/contacts.cfg

5) Configure the Web Interface

Install the Nagios web config file in the Apache conf.d directory.

make install-webconf

Create a nagiosadmin account for logging into the Nagios web interface. Remember the password you assign to this account - you'll need it later.

htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Restart Apache to make the new settings take effect.

service httpd restart

Note Note: Consider implementing the ehanced CGI security measures described here to ensure that your web authentication credentials are not compromised.

6) Compile and Install the Nagios Plugins

Extract the Nagios plugins source code tarball.

cd /usr/src
tar xzf nagios-plugins-1.4.11.tar.gz
cd nagios-plugins-1.4.11

Compile and install the plugins.

./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install

7) Start Nagios

Add Nagios to the list of system services and have it automatically start when the system boots.

chkconfig --add nagios
chkconfig nagios on

Verify the sample Nagios configuration files.

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If there are no errors, start Nagios.

service nagios start

8) Modify SELinux Settings

Fedora ships with SELinux (Security Enhanced Linux) installed and in Enforcing mode by default. This can result in "Internal Server Error" messages when you attempt to access the Nagios CGIs.

See if SELinux is in Enforcing mode.

getenforce

Put SELinux into Permissive mode.

setenforce 0

To make this change permanent, you'll have to modify the settings in /etc/selinux/config and reboot.

For information on running the Nagios CGIs under Enforcing mode with a targeted policy, visit the Nagios Support Portal or Nagios Community Wiki.

9) Login to the Web Interface

You should now be able to access the Nagios web interface at the URL below. You'll be prompted for the username (nagiosadmin) and password you specified earlier.

http://server_IP/nagios/



Configure nagios.

The main conf file for nagios is /usr/local/nagios/etc/nagios.cfg

When you take nagios in the browser after this freshinstall, you can see localhost added. The conf fle for this is /usr/local/nagios/etc/objects/localhost.cfg

This has been added to the file usr/local/nagios/etc/nagios.cfg as follows.

[root@localhost objects]# grep localhost.cfg /usr/local/nagios/etc/nagios.cfg
cfg_file=/usr/local/nagios/etc/objects/localhost.cfg

If you need to add another host copy this file in the another name and change the IP, hostname accordingly.

cp
/usr/local/nagios/etc/objects/localhost.cfg /usr/local/nagios/etc/objects/newserver.cfg

Include this cfg file to the nagios.cfg as follows.

cfg_file=/usr/local/nagios/etc/objects/newserver.cfg

Check nagios for errors.

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If no error restart nagios

service nagios restart

Check in browser, if you can see the new server.

Lite speed configuration + PHP recompilation

Features of LiteSpeed WebServer

- Runs on almost all platforms like Linux, FreeBSD, Solaris, Mac OS X etc
- It is fully compatible with most of the common control panels like cPanel, Ensim, DirectAdmin, Plesk, etc.
- PHP scripting is up to 50% faster than Apache’s mod_php

1.Litespeed configuration

1.1 Check Litespeed

Take http://IP:7080/ on the browser, you will see a Litespeed welcome page.

Let us check if it is listening to the port we have mentioned.

# netstat -pant | grep lshttpd
tcp 0 192.168.1.19:7080 0.0.0.0:* LISTEN 18718/lshttpd
tcp 0 192.168.1.19:80 0.0.0.0:* LISTEN 18718/lshttpd

1.2 Admin Area

You can manage the admin area at

http://IP:7080/.

Here IP is your server IP

1.3 Log Files are resides under

log :: /usr/local/lsws/.

2. To Integrate with DA

LiteSpeed Web Server works very well with Directadmin managed web sites. The performance will increase up to 10x times by replacing apache with lsws.

To replace Apache with LSWS :-

2.1 Goto admin area

Access admin area at http://IP:7080 and with the admin username and password.

2.2 Goto Configurations >> Server >> General.

Keeping the cursor against the button along with each option will give you a small definition about the same.

2.3 Scroll down to “Using Apache Configuration File”

Load Apache Configuration => Yes
Auto Reload On Changes => Yes (Changes made in WHM/cPanel will be applied automatically)
Apache Configuration File => /usr/local/apache/conf/httpd.conf
Apache Port Offset => 1000 (Try LiteSpeed on port 1080 and 1443 first, change to 0 later)
Apache IP Offset => 0
PHP suEXEC => Yes (Run PHP in suEXEC mode)
PHP suEXEC Max Conn => 8 (The maximum PHP processor each account can have)

2.4 Scroll back up to “Index Files” and set it as follows:

Index Files index.html, index.php, index.php5, index.php4, index.htm
Auto Index Not Set
Auto Index URI Not Set

2.5 Scroll down to “HT Access”

Allow Override Check: Limit, Auth, FileInfo, Indexes, Options Uncheck: None
Access File Name .htaccess

2.6 Goto Configurations >> Server >> Listeners

delete all current listeners.

2.7 Now restart the webserver

service lsws restart

33 PHP recompilation

By default, Litespeed comes with PHP 4.4.x compiled with LSAPI and hence we have to install latest stable version of PHP with LSAPI for our LiteSpeed. With PHP LiteSpeed SAPI, LiteSpeed’s PHP performance is much more efficient than Apache’s mod_php or fast_CGI.

You can easily recompile PHP in the server from the Panel.

3.1 login to admin area.

http://IP:7080/.

3.2 Go to

Admin >> Actions >> Recompile PHP

3.3 Recompile PHP

Compile PHP with LSAPI

3.3.1 Step 1 : Select a PHP version

Here you can select PHP version. Select your desired PHP version and click next.

3.3.2 Step 2 : Choose PHP 5.2.9 Build Options

Here I have selected PHP 5.2.9

a. Load Configuration

- Use configuration from previous Build
- Restore default

b. Install Path Prefix - You can specify installation path

c. Configure Parameters - Configuration command

d. Security Patches Suhosin (General Hardening) Mail Header (Identifies Mail Source)

e. Install Opcode Cache None APC eAccelerator XCache

3.2.4 Click Build PHP

3.4 Here you will get a custom phpbuild command.

If you log in as root, you can directly run the command:

# /usr/local/lsws/phpbuild/buildphp_manual_run.sh

If you log in as a user who has sudo permission, you can run the command with sudo and input root password after prompt.

$ sudo /usr/local/lsws/phpbuild/buildphp_manual_run.sh

To apply changes, please visit Control Panel and execute a Graceful Restart. Apply Changes

Install Configuring Litespeed Webserver

1.1 Features of LiteSpeed WebServer

- Runs on almost all platforms like Linux, FreeBSD, Solaris, Mac OS X etc
- It is fully compatible with most of the common control panels like cPanel, Ensim, DirectAdmin, Plesk, etc.
- PHP scripting is up to 50% faster than Apache's mod_php
- supports CGI, Fast CGI, PHP, Servlet/JSP, Proxy, SSLv2/SSLv3/TLSv1, IPv4 and IPv6
- GZIP compression
- high performance .htaccess implementation, this alone can double the server capacity and reduce server load by 5-10 times against using apache.
- LDAP authentication
- Apache compatible URL rewrite engine
- MS FrontPage Server Extension
- Strictest HTTP request validation
- Deny any buffer-overrun attempt
- Secure against popular DoS attacks
- Chroot support
- Chroot and suexec CGI script
- supports FastCGI suEXEC for improved security
- Small memory footprint
- Thousands of concurrent connections
- Increase scalability of external web applications
- Efficient and high performing CGI daemon and Perl daemon
- SSL Hardware acceleration
- can recover from service failure instantly
- Migration from other webservers is quite quick and easy
- this can also act as a security guard in front of current webserver and hence improving performance, scalability and security.
- can perform up to 50% better during high loads when compared to httpd and lighttpd.
- PHP CGI/FCGI SAPI
- With PHP LiteSpeed SAPI, LiteSpeed's PHP performance is up to 100% better than Apache's mod_php.
- Ruby LSAPI is about 50% faster than Ruby FCGI for the simple "Hello, World" test.


2. Install LiteSpeed

# cd /usr/src


# wget http://litespeedtech.com/packages/3.0/lsws-3.1.1-std-i386-linux.tar.gz


# tar -xvzf lsws-3.1.1-std-i386-linux.tar.gz


# cd lsws-3.1.1


# ./install.sh



You will encounter few questions and need to select the following options:

* Do you agree with above license? Yes
* Destination [/opt/lsws]: /opt/lsws [ /usr/local/lsws can also be used]
* User name [admin]: admin
* Password: youradminpassword
* Retype password: youradminpassword
* User [nobody]: nobody [use a non-system user that doesn't have a shell access and home directory]
* Group [nobody]: nobody [group the webserver will be running as]
* HTTP port [8088]: 1080 [you can give any port you wish to run lsws. If any other webserver is running on this port, stop it before starting lsws]
* Admin HTTP port [7080]: 7080
* Both these ports should be enabled in the firewall
* Setup up PHP [Y/n]: Y
* Suffix for PHP script(comma separated list) [php]: php
* Would you like to change PHP opcode cache setting [y/N]? N
* Would you like to install AWStats Add-on module [y/N]? N
* Would you like to import Apache configuration [y/N]? N
* Would you like to have LiteSpeed Web Server started automatically when the machine restarts [Y/n]? Y
* Would you like to start it right now [Y/n]? Y


LiteSpeed Web Server started successfully! Have fun!


2.1 Check Litespeed

Take http://192.168.1.19:1080/ on the browser, you will see a Litespeed welcome page.

Let us check if it is listening to the port we have mentioned.

# netstat -pant | grep lshttpd
tcp 0 192.168.1.19:7080 0.0.0.0:* LISTEN 18718/lshttpd
tcp 0 192.168.1.19:80 0.0.0.0:* LISTEN 18718/lshttpd


2.2 Admin Area
You can manage the admin area at

http://192.168.1.19:7080/.


Here 192.168.1.19 is my local machine's ip.


2.3 Log Files
The log files are located at /opt/lsws/logs.


3. To Integrate with Cpanel
LiteSpeed Web Server works very well with cPanel managed web sites. The
performance will increase up to 10x times by replacing apache with lsws.


To replace Apache with LSWS :-
3.1 Goto admin area
Access admin area at http://192.168.1.19:7080 and with the admin username and password.


3.2 Goto Configurations >> Server >> General.
Keeping the cursor against the button along with each option will give you a small definition about the same.


3.3 Scroll down to "Using Apache Configuration File"

Load Apache Configuration => Yes
Auto Reload On Changes => Yes (Changes made in WHM/cPanel will be applied automatically)
Apache Configuration File => /usr/local/apache/conf/httpd.conf
Apache Port Offset => 1000 (Try LiteSpeed on port 1080 and 1443 first, change to 0 later)
Apache IP Offset => 0
PHP suEXEC => Yes (Run PHP in suEXEC mode)
PHP suEXEC Max Conn => 8 (The maximum PHP processor each account can have)


3.4 Scroll back up to "Index Files" and set it as follows:


Index Files index.html, index.php, index.php5, index.php4, index.htm
Auto Index Not Set
Auto Index URI Not Set




3.5 scroll down to "HT Access"


Allow Override Check: Limit, Auth, FileInfo, Indexes, Options Uncheck: None
Access File Name .htaccess




3.6 Goto Configurations >> Server >> Listeners
delete all current listeners.


3.7 Now restart the webserver

service lsws restart


4. PHP
By default, Litespeed comes with PHP 4.4.x compiled with LSAPI and hence we have to install latest stable version of PHP with LSAPI for our LiteSpeed. With PHP LiteSpeed SAPI, LiteSpeed's PHP performance is much more efficient than Apache's mod_php or fast_CGI.

# /opt/lsws/fcgi-bin/lsphp -v
PHP 4.4.7 (litespeed) (built: May 30 2007 05:16:33)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies



4.1 Download the latest stable PHP


# wget http://in2.php.net/distributions/php-5.2.3.tar.gz
# tar -zxf php-5.2.3.tar.gz
# cd php-5.2.3
# cd sapi



4.2 Download and expand latest LSAPI for PHP into the “sapi” folder:

# wget http://www.litespeedtech.com/packages/lsapi/php-litespeed-4.0.tgz
# tar -zxf php-litespeed-4.0.tgz


4.3 Change directory to php-5.2.3 and run commands:

# cd ..
# touch ac*
# ./buildconf --force


4.4 Configure/Compile PHP:

4.4.a # php -i | grep configure | sed "s/'//g" | sed "s/'//g"


4.4.b # Remove the "--with-apxs=/usr/local/apache/bin/apxs" part from 6.4.a

and add '--prefix=/php5' '--with-litespeed' '--with-config-file-path=../php'


# ./configure '--prefix=/php5' '--with-litespeed'

'--with-config-file-path=../php' --with-mysql ...[append the full options from

4.4.a]


# make


# make install



Note: You must compile PCRE (Perl Compatible Regular Expressions) support in
order for the default auto-index PHP script to work correctly (at least this
is true for 3.0RC2).


4.5 Replace the lsphp binary in /opt/lsws/fcgi-bin/lsphp with /php-5.2.3/sapi/litespeed/php:

# cd /opt/lsws/fcgi-bin/
# mv lsphp lsphp.old
# cp /php-5.2.3/sapi/litespeed/php lsphp


4.6 To check installation success:

# /opt/lsws/fcgi-bin/lsphp -v

PHP 5.2.3 (litespeed) (built: May 31 2007 14:05:12)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies



4.7 php.ini

The php.ini file will be located at /opt/lsws/php/php.ini

If we want to use the old PHP.ini just copy it here.

# cd /opt/lsws/php
# mv php.ini php.ini.old
# cp /usr/local/ZEND/etc/php.ini .



4.8 Restart Litespeed Webserver

Finally restart LSWS and use our new PHP binary.

/opt/lsws/bin/lswsctrl restart and thats it. You are done !!!


5. Limitations

This webserver comes as Standard version (which is free and it has several limitations) and it comes as an Enterprise version (which is more optimized and it doesn't have much limitations). Few drawbacks of free version are: the Maximum Concurrent Connections is limited to 150, it cannot utilize more than one processor etc. Hence, to utilize the full advantage of LSWS you have to purchase the Enterprise version.

6. Conclusion

We have installed LiteSpeed Webserver and integrated it to use with CPanel. Now the web pages will load fast. At the same time the server load and memory usage will be lower. More web sites can now be hosted on this server and we can feel the speed. In short, LiteSpeed is the best choice for shared hosting service providers in terms of performance, security and server capacity.

Go ahead, give LiteSpeed a try and discover why over 300,000 internet domains are currently powered by LSWS.


References:
http://litespeedtech.com/
http://en.wikipedia.org/wiki/LiteSpeed_Web_Server/
http://creativeflux.co.uk/entry/replacing-apache-with-litespeed/
http://www.usefuljaja.com/litespeed


Downloads:
http://www.php.net/downloads.php
http://www.litespeedtech.com/products/webserver/lsapi/
Categories for this entry

* Technical Bench » Software Installations - General
* Technical Bench » Webserver

Fuser command

fuser is a UNIX command used to show which processes are using a specified file, file system, or socket.

# To list the process numbers of local processes using the /etc/passwd file, enter:

fuser /etc/passwd

# To list the process numbers and user login names of processes using the /etc/filesystems file, enter:

fuser -u /etc/filesystems

# To terminate all of the processes using a given file system, enter:

fuser -k -x -u -c /dev/hd1

or

fuser -kxuc /home

List the content of a tar file

if You need to list the contents of a tar or tar.gz file on screen before extracting the all files.

List the contents of a tar file
$ tar -tvf file.tar

List the contents of a tar.gz file
$ tar -ztvf file.tar.gz

List the contents of a tar.bz2 file
$ tar -jtvf file.tar.bz2

Setup Password protect file via shell

1. Create a file name .htaccess in the folder that you want to password protect with the content below.

AuthType Basic
AuthUserFile /home/username/pass
AuthName "Members Area"
require valid-user

2. In shell, type

/usr/local/apache/bin/htpasswd -c /home/username/pass your_desire_username

You will be prompt for a new password.

3. Enter the password and confirm it.

Once you enter your password, file with name .htpasswd will be created at /home/username directory and now the website folder has been password protected.

4. To add additional users,

/usr/local/apache/bin/htpasswd /home/username/pass your_desire_username

5. To remove users edit /home/username/pass and remove the line contains the username.

More information: http://blog.dreamhosters.com/kbase/index.cgi?area=834

A memory testing tool

cd /usr/local/src

wget http://pyropus.ca/software/memtester/memtester-4.0.5.tar.gz

tar -zxf memtester-4.0.5.tar.gz

cd memtester-4.0.5

make

./memtester 1024 5 for 1gb(1024 mb) RAM .



The test will be run 5 times.

To list only directories

If you want to list only directories you can use this.

ls -d */.

cut command

I have a large text file (its a log file actually) and I need to truncate each line to about 16 characters.

cut -c1-16 /path/to/filename > /path/to/output_filename

output_filename will contain the result.

Some useful sed commands

to remove the first line of a file from our output stream

$ sed -e '1d' filename | more

to delete lines 1-10 of the output

$ sed -e '1,10d' filename | more

to delete lines that start with a "#" from files

$ sed -e '/^#/d' filename | more

to print only virtualHosts in apache conf

$ sed -n '/^ /path/to/httpd.conf