Enable IPv6 on OpenVZ node

This page provides a guideline for setting up IPv6 on a CentOS 6.2 OpenVZ host node. We used SolusVM, but this guide is applicable to any deployment.

1) Check

/etc/sysctl.conf

It should contain the following:

net.ipv4.ip_forward = 1

net.ipv6.conf.default.forwarding = 1

net.ipv6.conf.all.forwarding = 1

net.ipv4.conf.default.proxy_arp = 0

net.ipv4.conf.all.rp_filter = 1

kernel.sysrq = 1

net.ipv4.conf.default.send_redirects = 1

net.ipv4.conf.all.send_redirects = 0

net.ipv6.conf.all.proxy_ndp = 1

2) Check

/etc/sysconfig/network

It should contain the following:

NETWORKING=yes

HOSTNAME=eb1.evoboxes.org #Your Hostname goes here

GATEWAY=192.168.1.1 #Your IPv4 Gateway Goes here

NETWORKING_IPV6=yes

IPV6_DEFAULTGW="2001:123:123:1::ffff" #Your IPv6 Gateway goes here

IPV6FORWARDING=yes

3) Check

/etc/sysconfig/network-scripts/ifcfg-eth0

(or ethX depending on your configuration)

It should contain the following:

DEVICE="eth0"

BOOTPROTO="static"

BROADCAST="192.168.1.127" #Your Broadcast Address

DNS1="4.2.2.1"

GATEWAY="192.168.1.1" #Your IPv4 Gateway

HWADDR="00:25:90:55:3C:5A"

IPADDR="192.168.100.1" #Your IPv4 Address

NETMASK="255.255.255.0" #Your IPv6 Address

NM_CONTROLLED="yes"

ONBOOT="yes"

TYPE="Ethernet"

IPV6INIT="yes"

IPV6ADDR="2001:123:123:1::1" #Your IPv6 address, just use the first address from your prefix

IPV6_AUTOCONF=no

4)Run the following command:

cat /proc/sys/net/ipv6/conf/default/disable_ipv6

If the value is 0, you can skip to step 6.

5) If the value of the above command is 1: Run the following command:

echo 0 > /proc/sys/net/ipv6/conf/default/disable_ipv6

6) Disable ip6tables to prevent any issues:

service ip6tables stop

chkconfig ip6tables off

7) Restart Networking:

service networking restart

Make sure you don’t see any errors

8) If you are using SolusVM, proceed to step 10.

9)Add IPv6 address to a VPS:

vzctl set <CTID> -ipadd <ipv6_addr> --save

Currently it seems that OpenVZ cannot add an address prefix, only a single address or /128.

10) If you followed step 9, skip this step. Add the IPv6 block in SolusVM: IP Blocks -> Add IPv6 Block Add IPv6 addresss to the block: IP Blocks -> List IP Blocks -> Manage Addresses and follow the directions Add the IPv6 addresses to the VPS: Virtual Servers -> List Virtual Servers -> Pick one -> IP’s -> Add Additional IPv6.

11) Login to the VPS and Test: SSH into the Host Node

vzctl enter <CTID>

ping6 ipv6.google.com

ping6 comcast6.net

12) Enjoy!

Install grub from rescue mode: Software raid 1

I use CentOS CD and boot into Linuxrescue. From there i fixed master boot record.
1. open grub
2. grub> find /grub/grub.conf
3. This provide some thing like:
(hd0,2)
(hd1,2)
4. root (hd0,2)
5. setup (hd0)
6. root (hd1,2)
7. setup (hd1)
8. quit grub

R1soft Agent Installation

Installing Backup Agent Using YUM

================================
You should configure the YUM repository to manage install and upgrades of the Backup Agent.
(1)Create a yum repository for r1soft
#cd /etc/yum.repos.d
# nano -w /etc/yum.repos.d/r1soft.repo
(use any text editor according to your convenience)

(2)Add the following to the .repo file

------------------------------------------------------
[r1soft]
name=R1Soft Repository Server
baseurl=http://repo.r1soft.com/yum/stable/$basearch/
enabled=1
gpgcheck=0

--------------------------------------------------------

(3) Install serverbackup-agent

#yum install serverbackup-agent

(4) Test the connectivity with r1soft server using the following command

#serverbackup-setup –test-connection

(5) Install the kernel-devel package using YUM

#yum install kernel-devel

(Note: Please make sure that you have installed proper kernel-devel and header packages.)

(6) Run the following command to build the kernel module.

#serverbackup-setup --get-module

(7) The cdp-agent is installed now and you can restart it as follows

#/etc/init.d/cdp-agent restart

(8) It is important to fetch key from the server. Use the following command to fetch key from the cdp-server

#serverbackup-setup --get-key http://<cdp-server_IP>:<port>

To view the list of keys.

#serverbackup-setup --list-keys

Custom PHP.ini with FastCGI

A custom php.ini in fastcgi server will be only active if following steps are followed:

1. Copy default php.ini to user's cgi-bin folder. 
cd /home/user/public-html/cgi-bin
cp /usr/local/lib/php.ini /home/user/public_html/cgi-bin

2. Make necessary changes in it.

3. Create php.fcgi file in /home/user/public_html/cgi-bin folder, to load custom php.ini, with the contents below:
#!/bin/sh
export PHP_FCGI_CHILDREN=1
export PHP_FCGI_MAX_REQUESTS=10
exec /usr/local/cpanel/cgi-sys/php5

Where /usr/local/cpanel/cgi-sys/php5 is the path of PHP 5 in a cPanel server. Check /etc/httpd/conf/php.conf to see what it shows for cgi-sys path for your version of PHP.

4. Save file and make it executable. 
chmod +x /home/user/public_html/cgi-bin/php.fcgi
chown -R user:user /home/user/public_html/cgi-bin/

5. Edit .htaccess to point to php.cgi file. 
cd /home/user/public_html
vi .htaccess

At the top of .htaccess, put the contents below: 
AddHandler php5-fastcgi .php
Action php5-fastcgi /cgi-bin/php.fcgi

6. Add following lines to /usr/local/apache/conf/php.conf file: 
Action php5-fastcgi /cgi-bin/php.fcgi
AddType application/x-httpd-php .php

7. Distill, rebuild Apache and then restart it. 
/usr/local/cpanel/bin/apache_conf_distiller --update
/scripts/rebuildhttpdconf
/etc/init.d/httpd restart

Make sure the above values in php.conf files are not deleted with the update.

You can now test using a phpinfo page and make sure the 'Loaded Configuration' is correctly shown as /home/user/public_html/cgi-bin/php.ini

Symlink Attack

Script to find out symlinks
===================

ls /var/cpanel/users | grep -v "\`\|\.\|cpanel\|root\|mysql\|nobody" | while read CPUSER; do find /home/$CPUSER -type l -not \( -lname "/home/$CPUSER/*" -o -lname "*rvsitebuilder*" -o -lname "[^/]*" -o -lname "/usr/local/apache/domlogs/*" -o -lname "/usr/local/urchin/*" \) ; done

Security measures.
=============
(1)Change the binary permission
#chmod 760 /bin/ln

(2)WHM Tweak
WHM Main >> Service Configuration >> Apache Configuration >> Global Configuration you will find the settings for Directory “/” Options

(3) Reset all cPanel/FTP passwords