Pages

Tuesday, December 31, 2013

Enable IPv6 on OpenVZ node


This page provides a guideline for setting up IPv6 on a CentOS 6.2 OpenVZ host node. We used SolusVM, but this guide is applicable to any deployment.

1) Check

/etc/sysctl.conf
It should contain the following:

net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv6.conf.all.proxy_ndp = 1
2) Check

/etc/sysconfig/network
It should contain the following:

NETWORKING=yes
HOSTNAME=eb1.evoboxes.org #Your Hostname goes here
GATEWAY=192.168.1.1 #Your IPv4 Gateway Goes here
NETWORKING_IPV6=yes
IPV6_DEFAULTGW="2001:123:123:1::ffff" #Your IPv6 Gateway goes here
IPV6FORWARDING=yes
3) Check

/etc/sysconfig/network-scripts/ifcfg-eth0
(or ethX depending on your configuration)

It should contain the following:

DEVICE="eth0"
BOOTPROTO="static"
BROADCAST="192.168.1.127" #Your Broadcast Address
DNS1="4.2.2.1"
GATEWAY="192.168.1.1" #Your IPv4 Gateway
HWADDR="00:25:90:55:3C:5A"
IPADDR="192.168.100.1" #Your IPv4 Address
NETMASK="255.255.255.0" #Your IPv6 Address
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
IPV6INIT="yes"
IPV6ADDR="2001:123:123:1::1" #Your IPv6 address, just use the first address from your prefix
IPV6_AUTOCONF=no
4)Run the following command:

cat /proc/sys/net/ipv6/conf/default/disable_ipv6
If the value is 0, you can skip to step 6.

5) If the value of the above command is 1: Run the following command:

echo 0 > /proc/sys/net/ipv6/conf/default/disable_ipv6
6) Disable ip6tables to prevent any issues:

service ip6tables stop
chkconfig ip6tables off
7) Restart Networking:

service networking restart
Make sure you don’t see any errors

8) If you are using SolusVM, proceed to step 10.

9)Add IPv6 address to a VPS:

vzctl set <CTID> -ipadd <ipv6_addr> --save
Currently it seems that OpenVZ cannot add an address prefix, only a single address or /128.

10) If you followed step 9, skip this step. Add the IPv6 block in SolusVM: IP Blocks -> Add IPv6 Block Add IPv6 addresss to the block: IP Blocks -> List IP Blocks -> Manage Addresses and follow the directions Add the IPv6 addresses to the VPS: Virtual Servers -> List Virtual Servers -> Pick one -> IP’s -> Add Additional IPv6.

11) Login to the VPS and Test: SSH into the Host Node

vzctl enter <CTID>
ping6 ipv6.google.com
ping6 comcast6.net
12) Enjoy!

Sunday, December 22, 2013

Install grub from rescue mode: Software raid 1





I use CentOS CD and boot into Linuxrescue. From there i fixed master boot record.

1. open grub
2. grub> find /grub/grub.conf
3. This provide some thing like:
(hd0,2)
(hd1,2)
4. root (hd0,2)
5. setup (hd0)
6. root (hd1,2)
7. setup (hd1)
8. quit grub

Thursday, October 31, 2013

R1soft Agent Installation


Installing Backup Agent Using YUM
================================
You should configure the YUM repository to manage install and upgrades of the Backup Agent.
(1)Create a yum repository for r1soft
#cd /etc/yum.repos.d
# nano -w /etc/yum.repos.d/r1soft.repo
(use any text editor according to your convenience)
(2)Add the following to the .repo file
------------------------------------------------------
[r1soft]
name=R1Soft Repository Server
baseurl=http://repo.r1soft.com/yum/stable/$basearch/
enabled=1
gpgcheck=0
--------------------------------------------------------
(3) Install serverbackup-agent
#yum install serverbackup-agent
(4) Test the connectivity with r1soft server using the following command
#serverbackup-setup –test-connection
(5) Install the kernel-devel package using YUM
#yum install kernel-devel
(Note: Please make sure that you have installed proper kernel-devel and header packages.)
(6) Run the following command to build the kernel module.
#serverbackup-setup --get-module
(7) The cdp-agent is installed now and you can restart it as follows
#/etc/init.d/cdp-agent restart
(8) It is important to fetch key from the server. Use the following command to fetch key from the cdp-server
#serverbackup-setup --get-key http://<cdp-server_IP>:<port>
To view the list of keys.
#serverbackup-setup --list-keys

Custom PHP.ini with FastCGI


A custom php.ini in fastcgi server will be only active if following steps are followed:

1. Copy default php.ini to user's cgi-bin folder. 
cd /home/user/public-html/cgi-bin
cp /usr/local/lib/php.ini /home/user/public_html/cgi-bin

2. Make necessary changes in it.

3. Create php.fcgi file in /home/user/public_html/cgi-bin folder, to load custom php.ini, with the contents below:
#!/bin/sh
export PHP_FCGI_CHILDREN=1
export PHP_FCGI_MAX_REQUESTS=10
exec /usr/local/cpanel/cgi-sys/php5

Where /usr/local/cpanel/cgi-sys/php5 is the path of PHP 5 in a cPanel server. Check /etc/httpd/conf/php.conf to see what it shows for cgi-sys path for your version of PHP.

4. Save file and make it executable. 
chmod +x /home/user/public_html/cgi-bin/php.fcgi
chown -R user:user /home/user/public_html/cgi-bin/

5. Edit .htaccess to point to php.cgi file. 
cd /home/user/public_html
vi .htaccess

At the top of .htaccess, put the contents below: 
AddHandler php5-fastcgi .php
Action php5-fastcgi /cgi-bin/php.fcgi

6. Add following lines to /usr/local/apache/conf/php.conf file: 
Action php5-fastcgi /cgi-bin/php.fcgi
AddType application/x-httpd-php .php

7. Distill, rebuild Apache and then restart it. 
/usr/local/cpanel/bin/apache_conf_distiller --update
/scripts/rebuildhttpdconf
/etc/init.d/httpd restart

Make sure the above values in php.conf files are not deleted with the update.

You can now test using a phpinfo page and make sure the 'Loaded Configuration' is correctly shown as /home/user/public_html/cgi-bin/php.ini

Wednesday, October 9, 2013

Symlink Attack

Script to find out symlinks
===================

ls /var/cpanel/users | grep -v "\`\|\.\|cpanel\|root\|mysql\|nobody" | while read CPUSER; do find /home/$CPUSER -type l -not \( -lname "/home/$CPUSER/*" -o -lname "*rvsitebuilder*" -o -lname "[^/]*" -o -lname "/usr/local/apache/domlogs/*" -o -lname "/usr/local/urchin/*" \) ; done

Security measures.
=============
(1)Change the binary permission
#chmod 760 /bin/ln

(2)WHM Tweak
WHM Main >> Service Configuration >> Apache Configuration >> Global Configuration you will find the settings for Directory “/” Options

(3) Reset all cPanel/FTP passwords

Saturday, October 5, 2013

Cloud Linux: Tips




Conversion of CentOS5 or Centos6 to CloudLinux
---------------------------------------------------
$ wget http://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy
$ sh cldeploy -k <activation_key> # if you have activation key
or
$ sh cldeploy -i # if you have IP based license
$ reboot

CageFS Installation
-------------------------
$ yum install cagefs
$ /usr/sbin/cagefsctl –init

If you don't have enough disk space in /usr/share, use following commands to have cagefs-skeleton being placed in a different location:

$ mkdir /home/cagefs-skeleton
$ ln -s /home/cagefs-skeleton /usr/share/cagefs-skeleton


To enable all user in cageFS

 $/usr/sbin/cagefsctl –enable-all


PHP Selector Installation
---------------------------------
Installation of different versions of PHP & modules:
$ yum groupinstall alt-php

Update CageFS & LVE Manager with support for PHP Alternatives
$ yum update cagefs lvemanager

cPanel/WHM: Make sure 'Select PHP version' is enabled in Feature Manager


Add an rpm/command to CageFS
---------------------------------
/usr/sbin/cagefsctl --addrpm rsync
cagefsctl --force-update

List the available roms in cageFS
------------------------------------
/usr/sbin/cagefsctl --list-rpm


Set to unlimitted: LVE Limits
-------------------------------------
CLoudLinux 6
--------------------
You can set default LVE limits to unlimited, i.e.
#lvectl set default --cpu=100 --ncpu=100 --vmem=0 --pmem=0 --nproc=0 --maxEntryProcs=10000 --io=0
#lvectl apply all

CloudLinux 5
-------------------
pmem and io limits are not available on CL5, please use it this way:
#lvectl set default --cpu=100 --ncpu=100 --vmem=0 --maxEntryProcs=10000
#lvectl apply all

Mounting Software RAID1 member: madadm

(1)I connected my old hard drive and realized that it was RAID member:



#fdisk -l /dev/sdd
Disk /dev/sdd: 250.1 GB, 250058268160 bytes
255 heads, 63 sectors/track, 30401 cylinders, total 488395055 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x90909090

   Device Boot      Start         End      Blocks   Id  System
/dev/sdd1   *        2048     2099199     1048576   fd  Linux raid autodetect
/dev/sdd2         2099200     6293503     2097152   82  Linux swap / Solaris
/dev/sdd3         6293504    69208063    31457280   fd  Linux raid autodetect
/dev/sdd4        69208064   488394751   209593344   fd  Linux raid autodetect

You cannot mount it as a normal partition


#mkdir /mnt/old_hdd 
#mount /dev/sdd4 /mnt/old_hdd 
mount: unknown filesystem type 'linux_raid_member'

(2) If you are using RAID1 array, you can mount using madadm


#mdadm --examine /dev/sdd4
/dev/sdd4:
          Magic : a92b4efc
        Version : 1.2
    Feature Map : 0x0
     Array UUID : 957e7cb5:bfd41f70:9cb84b0d:f53e5a4c
           Name : milosz-desktop:2
  Creation Time : Sat Aug 20 18:48:26 2011
     Raid Level : raid1
   Raid Devices : 2

 Avail Dev Size : 419184640 (199.88 GiB 214.62 GB)
     Array Size : 419184496 (199.88 GiB 214.62 GB)
  Used Dev Size : 419184496 (199.88 GiB 214.62 GB)
    Data Offset : 2048 sectors
   Super Offset : 8 sectors
          State : clean
    Device UUID : db8a694f:750a0ded:22a6d046:5c4db280

    Update Time : Tue May  8 20:50:32 2012
       Checksum : 75dbc3b6 - correct
         Events : 191


   Device Role : Active device 1
   Array State : .A ('A' == active, '.' == missing)


In order to mount it properly, you will have to create a md virtual device with mdadm.


#mdadm -A -R /dev/md9 /dev/sdd4
mdadm: /dev/md9 has been started with 1 drive (out of 2).

Now you can mount /dev/md9 without any problem.


#mount /dev/md9 /mnt/old_hdd/
#mount | grep ^/dev/md9
/dev/md9 on /mnt/old_hdd type ext4 (rw)

You will be able to copy the data to another drive now. Once the data is transferred, you can unmount it as follows 


#umount /mnt/old_hdd 
#mdadm -S /dev/md9
mdadm: stopped /dev/md9








Software RAID: Fail and replace


REPLACE DRIVE IN SOFTWARE RAID
================================

[~]# cat /proc/mdstat
Personalities : [raid1]
md2 : active raid1 sdb2[1] sda2[0]
      2096120 blocks super 1.1 [2/2] [UU]
      bitmap: 1/1 pages [4KB], 65536KB chunk

md0 : active raid1 sdb3[1] sda3[0]
      102388 blocks super 1.0 [2/2] [UU]
     
md3 : active raid1 sda4[0] sdb4[1]
      481990524 blocks super 1.1 [2/2] [UU]
      bitmap: 4/4 pages [16KB], 65536KB chunk

md1 : active raid1 sda1[0] sdb1[1]
      4193272 blocks super 1.1 [2/2] [UU]
---------------------------------------------

Fail and remove the partition from raid

mdadm --fail /dev/md0 /dev/sda3 // this will fail sda3 in md0
mdadm --remove /dev/md0 /dev/sda3 // will remove the sda3 from md0

mdadm --fail /dev/md1 /dev/sda1
mdadm --remove /dev/md1 /dev/sda1

mdadm --fail /dev/md2 /dev/sda2
mdadm --remove /dev/md2 /dev/sda2

mdadm --fail /dev/md3 /dev/sda4
mdadm --remove /dev/md3 /dev/sda4

---------------------------------------------------------
The mdstat will be similar to the following one

[~]# cat /proc/mdstat
Personalities : [raid1]
md2 : active raid1 sdb2[1]
      2096120 blocks super 1.1 [2/1] [_U]
      bitmap: 1/1 pages [4KB], 65536KB chunk

md0 : active raid1 sdb3[1]
      102388 blocks super 1.0 [2/1] [_U]
     
md3 : active raid1 sdb4[1]
      481990524 blocks super 1.1 [2/1] [_U]
      bitmap: 4/4 pages [16KB], 65536KB chunk

md1 : active raid1 sdb1[1]
      4193272 blocks super 1.1 [2/1] [_U]
     
unused devices: <none
---------------------------------------------------------


(2) Replicate partition table to the new drive say 'sda'(if the new disk may be different in real time)

sfdisk -d /dev/sdb | sfdisk /dev/sda



If the partition is GPT Follow the steps below

(!) Install "sgdisk"

#yum install

(!!)use sgdisk to clone the partition table from /dev/sdb(here sda is new) to the other two hard drives
-----------------------------------------
#sgdisk --backup=table /dev/sdb
#sgdisk --load-backup=table /dev/sda
#sgdisk -G /dev/sda
-----------------------------------------

(3) Add new partion to raid accordingly

mdadm --add /dev/md0 /dev/sda3
mdadm --add /dev/md1 /dev/sda1
mdadm --add /dev/md2 /dev/sda2
mdadm --add /dev/md3 /dev/sda4

(4) Raid resync will start automatically. Check status in /proc/mdstat 

To see your Linux kernel speed limits imposed on the RAID reconstruction use:


cat /proc/sys/dev/raid/speed_limit_max
200000
cat /proc/sys/dev/raid/speed_limit_min
1000

To increase the speed:

echo 50000 >/proc/sys/dev/raid/speed_limit_min
echo 50000 >/proc/sys/dev/raid/speed_limit_max


MySQL Backup scripts

Backup all databases in .gz format to location.
----------------------------------------------------------------------

for db in `echo 'show databases;' | mysql | grep -v Database `; do mysqldump $db | gzip > /<backup_dir>/$db.sql.gz ; done

Backup all databases in .gz format to a remote location
-----------------------------------------------------------------------------------
for db in `echo 'show databases;' | mysql | grep -v ^Database ` ; do mysqldump --opt --single-transaction --quick $db | gzip -9 | ssh user@<Remote_IP_address> "cat > /home/<username>/<back_dir>/$db.sql.gz" ; done

NOTE: Make sure that key authentication is enabled b/w the servers.

Friday, October 4, 2013

script to correct the ownership + cPanel


----------------------------------------------------------------------
#!/bin/sh
echo -e "Checking ownership of /home/user \n"
for i in `cat /root/rem1`
do
if [ "$i" != "root" ]; then
chown -R $i:$i /home/$i
chown $i:nobody /home/$i/public_html /home/$i/.htpasswds
chown $i:mail /home/$i/etc /home/$i/etc/*/shadow /home/$i/etc/*/passwd
echo $i
fi
done
--------------------------------------------------------------------------
The file /root/rem1 should contain the list of users

Figure out how to block a spammer domain server wide on a cPanel server.



Add /etc/antivirus.exim and restart exim
----------------------------
if $header_from: contains "@domain.com"
then
fail text "This message has been rejected since your domain or \n\ you are a filthy spammer."
seen finish
endif


=====================================================================

Create a file named /etc/eximblacklist and add the entry "domainname.com" (without quotes). That is, add the domains you need to blacklist.

Now go to WHM >> Exim configuration editor >> Advanced Editor.

Add the below lines in the first section just below the line "#!!# cPanel Exim 4 Config"

domainlist exim_blacklist = lsearch;/etc/eximblacklist

Now add inside the section under "ROUTERS CONFIGURATION "

reject_domains:

driver = redirect
# RBL Blacklist incoming hosts
domains = +exim_blacklist
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

Save the configuration and see the exim error log. You can see the domain blocked.

We can add more domain manually to reject more if domains sending spam.

Prevent FTP user from deleting the file



1)Create an ftp user with access to public_html user. (user1)
2)Create another user with access to public_html/upload (user2)
3)Create a file named .ftpaccess and write these into the file and save it to public_html/upload


Code:

 <Directory /home/"DAUSER"/domains/"DOMAIN"/public_html/upload/>
    <Limit DELE,RETR>
      AllowUser "USER1"
      DenyAll
    </Limit>
  </Directory>

Moving OpenVZ virtual servers around your SolusVM cluster


This is a quick and easy guide to moving OpenVZ virtual servers around your SolusVM cluster.
On the node that hosts the container you want to migrate, do:

Step1.
wget http://files.soluslabs.com/solusvm/scripts/keyput.sh
chmod a+x keyput.sh
./keyput.sh <destination_node_ip> <destination_node_port>
destination_node_ip = the ip of the node you want to transfer the virtual server to.
destination_node_port = the SSH port of the node you want to transfer the virtual server to.


Step2.
Now you need to know the container id you want to move, you can get this by doing the following on the node that contains the virtual server:
vzlist -a

Step3.

When you know the container id you can start the migration. Do the following on the node that contains the virtual server:
vzmigrate -v --ssh="-p <destination_node_port>" <destination_node_ip> <container_id>

When the restore is complete you need to update SolusVM so it knows where the vps has been moved to.
Step 4.

In SSH on your master do the following:
/scripts/vm-migrate <VSERVERID> <NEWNODEID>
<VSERVERID> is the ID listed in your VM list in SolusVM
<NEWNODEID> is the ID of the node listed in your node list in SolusVM

Step5.

Example moving vserverid 150 to node 4:
/scripts/vm-migrate 150 4

Heres some extra flags you can use:
-r, --remove-area yes|no
        Whether to remove container on source host after successful migration.

--keep-dst      
        Do not clean synced destination container private area in case of some
        error. It makes sense to use this option on big container migration to
        avoid re-syncing container private area in case some error
        (on container stop for example) occurs during first migration attempt.

--online
        Perform online (zero-downtime) migration: during the migration the
        container freezes for some time and after the migration it
        keeps working as though nothing has happened.

WP-login Mod security Rule



(1)Compile apache to enable mod_security

(2)Make sure SecDataDir is present.

(3)If you do not have a SecDataDir anywhere then add it and also create the directory, for example:

mkdir /usr/local/apache/logs/modsec
chown root:nobody /usr/local/apache/logs/modsec
--------------------------------------------------------------------------------
root@server [/usr/local/apache/conf]# cat /usr/local/apache/conf/modsec2.conf | grep SecDataDir
SecDataDir /usr/local/apache/logs/modsec
root@server [/usr/local/apache/conf]#
---------------------------------------------------------------------------------

(4)Add the rule in a seperate file as follows.
---------------------------------------------------------------------------------

root@server [/usr/local/apache/conf]# cat modsec2.wplogin.conf
<LocationMatch "/wp-login.php">
SecAction initcol:ip=%{REMOTE_ADDR},pass,nolog,id:313371
SecAction "phase:5,deprecatevar:ip.counter=3/30,pass,nolog,id:313372"
SecRule IP:COUNTER "@gt 1" "phase:2,pause:3000,deny,status:406,setenv:RATELIMITED,skip:1,log,id:313373"
SecAction "phase:2,pass,setvar:ip.counter=+1,nolog,id:313374"
</LocationMatch>
root@server [/usr/local/apache/conf]#
----------------------------------------------------------------------------------
(5) Add the Include file accordingly as follows.
----------------------------------------------------------------------------------
[root@server/usr/local/apache/conf]# cat modsec2.conf | grep Include
Include "/usr/local/apache/conf/modsec2.user.conf"
Include "/usr/local/apache/conf/modsec2.wplogin.conf"
[root@server/usr/local/apache/conf]#
-----------------------------------------------------------------------------------
(6)Make sure that following ErrorDocument is existing
[root@mserver]# cat /usr/local/apache/conf/includes/errordocument.conf | grep 406
# 406 - Not Acceptable
ErrorDocument 406 /406.shtml
[root@server/usr/local/apache/conf]#
-----------------------------------------------------------------------------------


exclude few IPs from the rule
---------------------------------
root@server [/usr/local/apache/conf]# cat modsec2.wplogin.conf
<LocationMatch "/wp-login.php">
SecAction initcol:ip=%{REMOTE_ADDR},pass,nolog,id:313371
SecRule  REMOTE_ADDR  "@pmFromFile /usr/local/apache/conf/whitlist.txt"  "nolog,allow,id:313372"
SecAction "phase:5,deprecatevar:ip.counter=3/30,pass,nolog,id:313372"
SecRule IP:COUNTER "@gt 1" "phase:2,pause:3000,deny,status:406,setenv:RATELIMITED,skip:1,log,id:313373"
SecAction "phase:2,pass,setvar:ip.counter=+1,nolog,id:313374"
</LocationMatch>
root@server [/usr/local/apache/conf]#
-----------------------------------

Change mailserver IP POSTFIX




Follow the steps below if you want to change source SMTP IP address in Postfix.

Modify the variable smtp_bind_address in /etc/postfix/main.cf
If it’s not present, just add it.
smtp_bind_address = IP Address
Then service postfix reload
Make sure you reload postfix. Restart, stop/start may not work

Free Up Disk Space on a cPanel Server

1) Delete user cPanel and Fantastsico backups


To remove cPanel backups on the server with this command:
for user in `/bin/ls -A /var/cpanel/users` ; do rm -fv /home/$user/backup-*$user.tar.gz ; done

To remove Fantastico backups:
rm -rfv /home/*/fantastico_backups

2) Move your backups offsite

3) Delete cPanel File Manager temp files


You can remove these files using this command:

rm -fv /home/*/tmp/Cpanel_*


4) Move or archive logs

Most of the server’s logs are stored in /var/log, which can get rather large on more populated servers. You can change the length of time and frequency of the log rotation in /etc/logrotate.conf, and enable compression to save additional space (at the expense of CPU when the logs are being gzipped).

5) Remove cPanel update archives

The following can be deleted or moved to a backup server to free up a little bit of space:


/usr/local/apache.backup*
/home/cpeasyapache (actual name may vary depending on cpanel version)


6) Clean up Yum files

Yum updates leave package cache files on the server. You can clean up all unneeded yum files by running:

yum clean all

7) Remove pure-ftp partials

If the upload doesn’t complete, these files are left on the server. You can find and delete these by running:

locate .pureftpd-upload | xargs rm -fv







Usefull Virtuozzo Cammands

Create a VPS from command line
----------------------------------------------


vzctl create VEID --ipadd 192.168.1.111  --hostname <hostname> --ostemplate centos-6-x86_64



Increase disk space from node
-----------------------------------------
vzctl set 717 --diskspace 50G:50G --save



increase memory to 4Gb
--------------------------------
vzctl set 200 --slmmode slm --slmmemorylimit 4G --save



Install a package from node.
------------------------------------
# vzpkg install -p 277 yum

Change inodelimit
-----------------------------


vzctl set VEID --diskinodes LIMIT:LIMIT --save




Execute a command in all VPS's from node
---------------------------------------------------------

for i in `vzlist -a  | grep -v CTID | awk {'print $1'}  `; do echo ---------------------; echo $i; vzctl exec $i  w ; done;

How do I secure /tmp and /var/tmp on a OpenVZ VPS?


Secure /tmp

Edit /etc/fstab by typing the command
nano -w /etc/fstab
Paste the following at the bottom of /etc/stab that you just opened:

none /tmp tmpfs nodev,nosuid,noexec 0 0

Press ctrl + x to close the file, press y to save it.
Remount /tmp by typing the following then press enter:
mount -o remount /tmp

You can verify that /tmp is correctly mounted by typing df -h and you should see something similar to the following: none          3.9G   0  3.9MG   0% /tmp.

Secure /var/tmp

Backup /var/tmp by typing the following:
mv /var/tmp /var/tmpbackup
Make a symbolic link that makes /var/tmp point to /tmp by typing the following:
ln -s /tmp /var/tmp
Copy back the old data using the command:
cp /var/tmpbackup/* /tmp/
Remove the un-needed backup you created:
rm -rf /var/tmpbackup

You should now reboot your VPS. This means /tmp and /var/tmp are now secured.

Installing an SSL Certificate on a Shared IP



 I assume at this point that you already know how to use WHM to install a certificate, and you’re aware that the hostname for the certificate has to correspond with a user already on the server.

 Go to  WHM ~> Install a SSL Certificate and Setup the Domain and install the SSL normally, BUT, in the user field, put ‘nobody’ and finish the installation.

Now that the certificate is installed, you need to force cPanel to accept its fate to allow a shared SSL on the main IP. Go into /var/cpanel/userdata and run the following commands, noting that $user should be replaced with the username owning the SSL domain, $ssldomain.

mv nobody/$ssldomain_SSL* $user/
replace nobody $user — $user/*

Then edit ./nobody/main and remove the SSL domain from the sub_domains list, and run /scripts/rebuildhttpdconf to rebuild the Apache configuration, then restart Apache for the changes to take effect.

IF this is a shared SSL certificate (meaning, other users on the server can call it via https://$ssldomain/~$user

You’ll want the SSL to show as the shared certificate on the server, which you can either select from the dropdown in WHM ~> SSL Hosts, or run:

Exim Errors:  T=remote_smtp defer (-53): retry time not reached for any host



 T=remote_smtp defer (-53): retry time not reached for any host

If exim logs report this error then the most likely cause for this issue is corruption of exim databases, specially if it reports this error for each email. To resolve this issue following steps can be done using one of exim database tools ‘exim_tidydb’ :

/usr/sbin/exim_tidydb -t 1d /var/spool/exim retry > /dev/null
/usr/sbin/exim_tidydb -t 1d /var/spool/exim reject > /dev/null
/usr/sbin/exim_tidydb -t 1d /var/spool/exim wait-remote_smtp > /dev/null

After performing above steps, run the following Cpanel scripts :
/scripts/courierup -- force
/scripts/upcp --force

IP Rotation with Exim




1. vi /etc/exim.conf
2. Search for the line under remote_smtp : interface =

3. Replace this line with interface = xxx.xxx.x.1${eval:${substr{-2}{1}{$tod_zulu}}%9+1}

4. If your server is having ip’s from xxx.xxx.x.11 to xxx.xxx.x.20 , you can use above line.
+1 is is the starting ip ie xxx.xxx.x.1′1′ and %9 is the increment value ie 11(xxx.xxx.x.11) to how much. Here it is 20 (xxx.xxx.x.20)

example : interface = xx.xx.xxx.${eval:${substr{-2}{1}{$tod_zulu}}%15+96}
This will rotate IP from .96 to .111

FFMPEG Installation


Install ffmpeg, flvtool2, mplayer, mencoder and ffmpeg-php in Cpanel, CentOS, RHEL


This is by far the easiest way to get up and running with ffmpeg and assorted tools on a Cpanel / RHEL / CentOS server. I can’t take credit for all of it, however the original site where I found it has long since been offline with nothing similar replacing it. Hopefully these instructions help others as they have helped me.

First, install rpmforge so you don’t have to compile a bunch of components from scratch:

#cd /usr/src
#wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
#rpm -ivh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Now, edit ‘/etc/yum.conf’ and remove ‘ruby*’ from the excludes list. This is just to get past the next step; we must restore it later.

(if perl error occur remove perl from exclude list and add later)

For latest version ffmpeg the rpms are available in http://dl.atrpms.net/el6-x86_64/atrpms/stable/

To enable altrpms repo, you may follow the steps below.

  1. Import Key
rpm --import http://packages.atrpms.net/RPM-GPG-KEY.atrpms
  1. Create repo file
vim /etc/yum.repos.d/atrpms.repo

[atrpms]
name=Fedora Core $releasever - $basearch - ATrpms
baseurl=http://dl.atrpms.net/el$releasever-$basearch/atrpms/stable
gpgkey=http://ATrpms.net/RPM-GPG-KEY.atrpms
gpgcheck=1
enabled=0

[atrpms-testing]
name=Fedora Core $releasever - $basearch - ATrpms
baseurl=http://dl.atrpms.net/el$releasever-$basearch/atrpms/testing
gpgkey=http://ATrpms.net/RPM-GPG-KEY.atrpms
gpgcheck=1
enabled=0`

Now, install the required packages:

#yum install ffmpeg ffmpeg-devel flvtool2 mplayer mencoder lame libogg libvorbis libtheora swftools amrnb amrwb transcode x264

Now, add ‘ruby*’ back to the excludes list in ‘/etc/yum.conf’ to keep Cpanel happy.


Install Mplayer directly from source:

#wget http://www.mplayerhq.hu/MPlayer/releases/codecs/essential-20071007.tar.bz2
#tar xjf essential-20071007.tar.bz2
#mv essential-20071007 /usr/lib/codec
#mkdir /usr/local/include/ffmpeg/
#cp -par /usr/include/lib{avcodec,avdevice,avformat,avutil,swscale} /usr/local/include/ffmpeg/
#cp -pa /usr/include/lib{avcodec,avdevice,avformat,avutil,swscale}/*.h /usr/local/include/ffmpeg/

Same with the ffmpeg PHP module:

#wget http://downloads.sourceforge.net/sourceforge/ffmpeg-php/ffmpeg-php-0.6.0.tbz2
#tar xjf ffmpeg-php-0.6.0.tbz2
#cd ffmpeg-php-0.6.0
#phpize
#./configure && make
#make install

Add after the ‘extension_dir’ and ‘zend_extension’ entries in the php.ini:

extension="ffmpeg.so"
Test your installation with the following command. I’ve included the raw shell output so you know what you should be seeing:

root@server [~]# php -i | grep ffmpeg
ffmpeg
ffmpeg-php version => 0.6.0-svn
ffmpeg-php built on => Apr 28 2010 15:40:49
ffmpeg-php gd support  => enabled
ffmpeg libavcodec version => Lavc52.20.0
ffmpeg libavformat version => Lavf52.31.0
ffmpeg swscaler version => SwS0.7.1
ffmpeg.allow_persistent => 0 => 0
ffmpeg.show_warnings => 0 => 0


NOTE:
In certain situations, you may end up with the following error:

/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c: In function âzim_ffmpeg_frame_toGDImageâ:
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: âPIX_FMT_RGBA32â undeclared (first use in this function)
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: (Each undeclared identifier is reported only once
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: for each function it appears in.)
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c: In function âzim_ffmpeg_frame_ffmpeg_frameâ:
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:421: error: âPIX_FMT_RGBA32â undeclared (first use in this function)
make: *** [ffmpeg_frame.lo] Error 1
To resolve this, search for all instance of “PIX_FMT_RGBA32″ and replace with “PIX_FMT_RGB32″ in ffmpeg_frame.c and recompile:

#perl -pi -e "s/PIX_FMT_RGBA32/PIX_FMT_RGB32/g" ffmpeg_frame.c
#make clean
#phpize
#./configure && make
#make install

Customers cannot login / access denied + Plesk




I got an error logging in a Plesk 10 customer saying access denied because the account is suspended. At first sight the account was active, and not suspended. The customer and domains where migrated from another server. Updating a record manually in the psa database resolved the problem.

Access the Plesk database and run this SQL statement;

update smb_users set islocked = 0 where islocked = 1;

Source: http://forum.parallels.com/showthread.php?t=105823

plesk domains loaded httpd config file
cat /usr/local/psa/admin/conf/vhosts_bootstrap.conf 

Set email alert in Exim Configuration


Set email alert from exim configuration.
==============================
The following parameters will help to set an email alert in exim configuration.
----------------------------
mail.add_x_header => Off => Off
mail.force_extra_parameters => no value => no value
mail.log => no value => no value
-----------------------------
Change it to

mail.add_x_header = On
mail.force_extra_parameters = xxx@gmail.com
mail.log = On
mail.log = On


DDOS With CSF



Step 1 : Open the CSF configuration file /etc/csf/csf.conf

Step 2 : In that search for option called CT_LIMIT

By default it will be like CT_LIMIT=0 , change this to CT_LIMIT=90 ,here 90 is the max no.of connections from an IP to your server ( choose this value according to your server usage )

Step 3: Now search for option called CT_PORTS

This option is used to specify the port for which you want prevent DOS attack.Since our aim is to prevent the DOS attack to apache – port 80 , change CT_PORTS = “” to CT_PORTS = “80″

---------------------------------------------------

Prevent DDOS Attack

(D)DoS-Deflate script monitors and tracks the IP addresses that are sending and establishing large amount of TCP network connections. When it detects number of connections from a single IP that exceeds certain preset limit, the script automatically uses APF or IPTABLES to ban and block the IPs.

Installation:

wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh


UnInstall:

wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos

Change Char Set


Change character set of a database
=========================
Run the following command from mysql prompt

DB="<db_name>"; ( echo 'ALTER DATABASE `'"$DB"'` CHARACTER SET utf8 COLLATE utf8_general_ci;'; mysql "$DB" -e "SHOW TABLES" --batch --skip-column-names | xargs -I{} echo 'ALTER TABLE `'{}'` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci;' ) | mysql "$DB"


NOTE: replace the db_name with your database name.
 

Bind Configuration


Bind configuration on plane server
=========================

# yum install bind*  caching-nameserver

# touch /etc/db.cache

# vi /etc/named.conf

options {
    directory "/etc";
    pid-file "/var/run/named/named.pid";
    allow-recursion { localnets; 127.0.0.1; };          
    };

zone "." {
    type hint;
    file "/etc/db.cache";
    };

zone "domain_name" {
        type master;
        file "/var/named/domain_name.db";
        };

allow-recursion { localnets; 127.0.0.1; };  --> This will avoid nameservers performng recursive queries.  You should not have nameservers that allow recursive queries as this will allow almost anyone to use your nameservers and can cause problems.

# vi /var/named/domain_name.db

Add like this :

$ttl 38400
@       IN      SOA     ns1.dmain.com.  support@domain.com (
                        1304230944
                        10800
                        3600
                        604800
                        38400 )
domain.com.         IN      A       192.168.1.100
www.domain.com.     IN      A       192.168.1.100
domain.com.         IN      NS      ns1.domain.com.
domain.com.         IN      NS      ns2.domain.com.
ns1.domain.com.     IN      A       192.168.1.100
ns2.domain.com.     IN      A       192.168.1.100
mail.domain.com.    IN      A       192.168.1.100
domain.com.         IN      MX   10  192.168.1.100

****Don't forget to restart named****


LVM extend
--------------------

Increase A VMware Disk Size (VMDK) Formatted As Linux LVM

To increase the size of your VMware Virtual Machine, you need to do 2 major steps. First, you need to increase the disk's size in your vSphere Client or through the CLI. This will increase the “hardware” disk that your Virtual Machine can see. Then, you need to utilize that extra space by partitioning it. If you're interested in just resizing your Linux LVM, please proceed to step 2.

In this example, I'm increasing a 3GB disk to a 10GB disk (so you can follow using the examples).

NOTE: if your server supports hot adding new disks, you can just as easily add a new Hard Disk to your Virtual Machine. Doing so, would mean you can increase your LVM's size without having to reboot. If you increase the size of your currently attached disk (like the example below), you'll need to reboot your server at least once to re-read your partition table.

1) Checking if you can extend the current disk or need to add a new one
This is rather important step, because a disk that has been partitioned in 4 primary partitions already can not be extended any more. To check this, log into your server and ruk fdisk -l at the command line.

# fdisk -l
Disk /dev/sda: 187.9 GB, 187904819200 bytes
255 heads, 63 sectors/track, 22844 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          25      200781   83  Linux
/dev/sda2              26        2636    20972857+  8e  Linux LVM
If it looks like that, with only 2 partitions, you can safely extend the current hard disk in the Virtual Machine.
However, if it looks like this:

# fdisk -l
Disk /dev/sda: 187.9 GB, 187904819200 bytes
255 heads, 63 sectors/track, 22844 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          25      200781   83  Linux
/dev/sda2              26        2636    20972857+  8e  Linux LVM
/dev/sda3            2637       19581   136110712+  8e  Linux LVM
/dev/sda4           19582       22844    26210047+  8e  Linux LVM

It will show you that there are already 4 primary partitions on the system, and you need to add a new Virtual Disk to your Virtual Machine. You can still use that extra Virtual Disk to increase your LVM size, so don't worry.

2) The “hardware” part, “physically” adding diskspace to your VM

Increasing the disk size can be done via the vSphere Client, by editing the settings of the VM (right click > Settings).
Edit settings
Now, depending on the first step, if there aren't four primary partitions yet, you can increasing the provisioned disk space.

Increase disk size

If the “Provisioned Size” area (top right corner) is greyed out, consider turning off the VM first (if it does not allow “hot adding” of disks/sizes), and check if you have any snapshots made of that VM. You can not increase the disk size, as long as there are available snapshots.
Alternatively, if you already have 4 primary paritions, you can also choose “Add…” to add new Hardware “Virtual Disk” to your VM, with the desired extra space.

3) Partitioning the unalloced space
Once you've changed the disk's size, either boot up your VM again, or restart if it was still running. Linux needs to boot with the new disk, so it can see you've added (unallocated) disk space.
Once you've booted again, you can check if the extra space can be seen on the disk.
lb02.lab.mojah.be ~ $ fdisk -l
Disk /dev/sda: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          13      104391   83  Linux
/dev/sda2              14         391     3036285   8e  Linux LVM
So the server can now see the 10GB hard disk. Let's create a partition, by start fdisk for the /dev/sda device.

server ~ $ fdisk /dev/sda
The number of cylinders for this disk is set to 1305.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)
Command (m for help): n
Now enter 'n', to create a new partition.
Command action
e   extended
p   primary partition (1-4)
p
Now choose “p” to create a new primary partition. Please note, your system can only have 4 primary partitions on this disk! If you've already reached this limit, create an extended partition.
Partition number (1-4): 3
Choose your partition number. Since I already had /dev/sda1 and /dev/sda2, the logical number would be 3.
First cylinder (392-1305, default 392): <enter>
Using default value 392
Last cylinder or +size or +sizeM or +sizeK (392-1305, default 1305): <enter>
Using default value 1305
Note; the cylinder values will vary on your system. It should be safe to just hint enter, as fdisk will give you a default value for the first and last cylinder (and for this, it will use the newly added diskspace).
Command (m for help): t
Partition number (1-4): 3
Hex code (type L to list codes): 8e
Changed system type of partition 3 to 8e (Linux LVM)
Now type t to change the partition type. When prompted, enter the number of the partition you've just created in the previous steps. When you're asked to enter the “Hex code”, enter 8e, and confirm by hitting enter.
Command (m for help): w
Once you get back to the main command within fdisk, type w to write your partitions to the disk. You'll get a message about the kernel still using the old partition table, and to reboot to use the new table. Please obey kindly, and reboot the virtual machine.
After you've rebooted, you can see the newly created partition with fdisk.

server ~ $ fdisk -l
Disk /dev/sda: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          13      104391   83  Linux
/dev/sda2              14         391     3036285   8e  Linux LVM
/dev/sda3             392        1305     7341705   8e  Linux LVM

4) Extend your Logical Volume with the new partition
Now, create the physical volume as a basis for your LVM. Please replace /dev/sda3 with the newly created partition.
server ~ $ pvcreate /dev/sda3
Physical volume “/dev/sda3″ successfully created
Now find out how your Volume Group is called.
server ~ $ vgdisplay
--- Volume group ---
VG Name               VolGroup00

Let's extend that Volume Group by adding the newly created physical volume to it.
server ~ $ vgextend VolGroup00 /dev/sda3
Volume group “VolGroup00″ successfully extended

With pvscan, we can see our newly added physical volume, and the usable space (7GB in this case).

server ~ $ pvscan
PV /dev/sda2   VG VolGroup00   lvm2 [2.88 GB / 0    free]
PV /dev/sda3   VG VolGroup00   lvm2 [7.00 GB / 7.00 GB free]
Total: 2 [9.88 GB] / in use: 2 [9.88 GB] / in no VG: 0 [0   ]
Now we can extend Logical Volume (as opposed to the Physical Volume we added to the group earlier). The command is “lvextend /dev/VolGroupxx /dev/sdXX“.

server ~ $ lvextend /dev/VolGroup00/LogVol00 /dev/sda3
Extending logical volume LogVol00 to 9.38 GB
Logical volume LogVol00 successfully resized
If you're running this on Ubuntu, use the following.

server ~ $ lvextend /dev/mapper/vg-name /dev/sda3

All that remains now, it to resize the file system to the volume group, so we can use the space. Replace the path to the correct /dev device if you're on ubuntu/debian like systems.

server ~ $ resize2fs /dev/VolGroup00/LogVol00
resize2fs 1.39 (29-May-2006)
Filesystem at /dev/VolGroup00/LogVol00 is mounted on /; on-line resizing required
Performing an on-line resize of /dev/VolGroup00/LogVol00 to 2457600 (4k) blocks.
The filesystem on /dev/VolGroup00/LogVol00 is now 2457600 blocks long.
And we're good to go!

server ~ $ df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00 9.1G 1.8G  6.9G  21% /
/dev/sda1              99M   18M   77M  19% /boot
tmpfs                 125M     0  125M   0% /dev/shm

Be Sociable, Share!