You can add a range of IPs in Cpanel/WHM .This can be easily done using the WHM interface:
Go to IP Functions/Add a New IP Address. Here you can choose the “Ip(s) to add” and the Subnet Mask.
To add the IP range 192.168.0.100-192.168.0.105 you will just have to enter:
Ip(s) to add: 192.168.0.100-105
Subnet Mask: 255.255.255.0
and click on “Do it“.
This will add all the IPs in the range to the system.
In the background CPanel will add for each IP a line in the file /etc/ips:
#vi /etc/ips
192.168.0.100:255.255.255.0:192.168.0.255
192.168.0.101:255.255.255.0:192.168.0.255
...etc
The IPs are then configured using the CPanel startup script called ipaliases (/etc/init.d/ipaliases).
#service ipalias restart
Monday, March 23, 2009
Make clone site
=============================================================
HOW TO COPY WEBSITE FROM http://abc.com to abc1.com with database
==============================================================
Open two shells ( one with abc.com and other abc1.com )
then copy public_html of abc.com to abc1.com
go to public_html folder of abc.com and hit the command
[root@server public_html of abc.com]# cp -R * /home/abc1/public_html
Change the ownership of the files copied under public_html of abc1.com
Then take backup of mysql datatbase of abc.com
mysqldump abc_databasename > abc_databasename.sql ( of abc.com)
Create a new database and username under abc1.com ( add user to database, make a note of db name, user & password)
then go to shell and enter the following command:-
mysql -u abc1_user -ppassword abc1_databasename < abc_databasename.sql
Then go to the configuration file and do the changes accordingly.
YOUR SITE HAS BEEN COPIED WITH DATABASE TO NEW SITE.
==========================================================
HOW TO COPY WEBSITE FROM http://abc.com to abc1.com with database
==============================================================
Open two shells ( one with abc.com and other abc1.com )
then copy public_html of abc.com to abc1.com
go to public_html folder of abc.com and hit the command
[root@server public_html of abc.com]# cp -R * /home/abc1/public_html
Change the ownership of the files copied under public_html of abc1.com
Then take backup of mysql datatbase of abc.com
mysqldump abc_databasename > abc_databasename.sql ( of abc.com)
Create a new database and username under abc1.com ( add user to database, make a note of db name, user & password)
then go to shell and enter the following command:-
mysql -u abc1_user -ppassword abc1_databasename < abc_databasename.sql
Then go to the configuration file and do the changes accordingly.
YOUR SITE HAS BEEN COPIED WITH DATABASE TO NEW SITE.
==========================================================
APF
What is APF (Advanced Policy Firewall)? APF Firewall
APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux. APF is developed and maintained by R-fx Networks: R-fx Networks - Internet Security Solutions - Projects » APF
This guide will show you how to install and configure APF firewall, one of the better known Linux firewalls available.10
Requirements:
- Root SSH access to your server
Lets begin!
Login to your server through SSH and su to the root user.
1. cd /root/downloads or another temporary folder where you store your files.
2. wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
3. tar -xvzf apf-current.tar.gz
4. cd apf-0.9.5-1/ or whatever the latest version is.
5. Run the install file: ./install.sh
You will receive a message saying it has been installed
Installing APF 0.9.5-1: Completed.
Installation Details:
Install path: /etc/apf/
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf
AntiDos install path: /etc/apf/ad/
AntiDos config path: /etc/apf/ad/conf.antidos
DShield Client Parser: /etc/apf/extras/dshield/
Other Details:
Listening TCP ports: 1,21,22,25,53,80,110,111,143,443,465,993,995,2082, 2083,2086,2087,2095,2096,3306
Listening UDP ports: 53,55880
Note: These ports are not auto-configured; they are simply presented for information purposes. You must manually configure all port options.
6. Lets configure the firewall: pico /etc/apf/conf.apf
We will go over the general configuration to get your firewall running. This isn't a complete detailed guide of every feature the firewall has. Look through the README and the configuration for an explanation of each feature.We like to use DShield.org's "block" list of top networks that have exhibited
suspicious activity.
FIND: USE_DS="0"
CHANGE TO: USE_DS="1"
7. Configuring Firewall Ports:
Cpanel Servers
We like to use the following on our Cpanel Servers
Common ingress (inbound) ports
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2082,208 3, 2086,2087, 2095, 2096,3000_3500"
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53"
Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="1"
# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43,2089"
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"
Ensim Servers
We have found the following can be used on Ensim Servers - although we have not tried these ourselves as I don't run Ensim boxes.
Common ingress (inbound) ports
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,19638"
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53"
Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="1"
# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43"
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"
Save the changes: Ctrl+X then Y
8. Starting the firewall
/usr/local/sbin/apf -s
Other commands:
usage ./apf [OPTION]
-s|--start ......................... load firewall policies
-r|--restart ....................... flush & load firewall
-f|--flush|--stop .................. flush firewall
-l|--list .......................... list chain rules
-st|--status ....................... firewall status
-a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and
immediately load new rule into firewall
-d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and
immediately load new rule into firewall
9. After everything is fine, change the DEV option
Stop the firewall from automatically clearing itself every 5 minutes from cron.
We recommend changing this back to "0" after you've had a chance to ensure everything is working well and tested the server out.
pico /etc/apf/conf.apf
FIND: DEVM="1"
CHANGE TO: DEVM="0"
10. Configure AntiDOS for APF
Relatively new to APF is the new AntiDOS feature which can be found in: /etc/apf/ad
The log file will be located at /var/log/apfados_log so you might want to make note of it and watch it!
pico /etc/apf/ad/conf.antidos
There are various things you might want to fiddle with but I'll get the ones that will alert you by email.
# [E-Mail Alerts]
Under this heading we have the following:
# Organization name to display on outgoing alert emails
CONAME="Your Company"
Enter your company information name or server name..
# Send out user defined attack alerts [0=off,1=on]
USR_ALERT="0"
Change this to 1 to get email alerts
# User for alerts to be mailed to
USR="your@email.com"
Enter your email address to receive the alerts
Save your changes! Ctrl+X then press Y
Restart the firewall: /usr/local/sbin/apf -r
11. Checking the APF Log
Will show any changes to allow and deny hosts among other things.
tail -f /var/log/apf_log
Example output:
Aug 23 01:25:55 ocean apf(31448): (insert) deny all to/from 185.14.157.123
Aug 23 01:39:43 ocean apf(32172): (insert) allow all to/from 185.14.157.123
12. New - Make APF Start automatically at boot time
To autostart apf on reboot, run this:
chkconfig --level 2345 apf on
To remove it from autostart, run this:
chkconfig --del apf
13. Denying IPs with APF Firewall (Blocking)
Now that you have your shiny new firewall you probably want to block a host right, of course you do! With this new version APF now supports comments as well. There are a few ways you can block an IP, I'll show you 2 of the easier methods.
A) /etc/apf/apf -d IPHERE COMMENTHERENOSPACES
> The -d flag means DENY the IP address
> IPHERE is the IP address you wish to block
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being blocked
These rules are loaded right away into the firewall, so they're instantly active.
Example:
./apf -d 185.14.157.123 TESTING
pico /etc/apf/deny_hosts.rules
Shows the following:
# added 185.14.157.123 on 08/23/05 01:25:55
# TESTING
185.14.157.123
B) pico /etc/apf/deny_hosts.rules
You can then just add a new line and enter the IP you wish to block. Before this becomes active though you'll need to reload the APF ruleset.
/etc/apf/apf -r
14. Allowing IPs with APF Firewall (Unblocking)
I know I know, you added an IP now you need it removed right away! You need to manually remove IPs that are blocked from deny_hosts.rules.
A)
pico /etc/apf/deny_hosts.rules
Find where the IP is listed and remove the line that has the IP.
After this is done save the file and reload apf to make the new changes active.
/etc/apf/apf -r
B) If the IP isn't already listed in deny_hosts.rules and you wish to allow it, this method adds the entry to allow_hosts.rules
/etc/apf/apf -a IPHERE COMMENTHERENOSPACES
> The -a flag means ALLOW the IP address
> IPHERE is the IP address you wish to allow
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being removed These rules are loaded right away into the firewall, so they're instantly active.
Example:
./apf -a 185.14.157.123 UNBLOCKING
pico /etc/apf/allow_hosts.rules
# added 185.14.157.123 on 08/23/05 01:39:43
# UNBLOCKING
185.14.157.123
=============================
APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux. APF is developed and maintained by R-fx Networks: R-fx Networks - Internet Security Solutions - Projects » APF
This guide will show you how to install and configure APF firewall, one of the better known Linux firewalls available.10
Requirements:
- Root SSH access to your server
Lets begin!
Login to your server through SSH and su to the root user.
1. cd /root/downloads or another temporary folder where you store your files.
2. wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
3. tar -xvzf apf-current.tar.gz
4. cd apf-0.9.5-1/ or whatever the latest version is.
5. Run the install file: ./install.sh
You will receive a message saying it has been installed
Installing APF 0.9.5-1: Completed.
Installation Details:
Install path: /etc/apf/
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf
AntiDos install path: /etc/apf/ad/
AntiDos config path: /etc/apf/ad/conf.antidos
DShield Client Parser: /etc/apf/extras/dshield/
Other Details:
Listening TCP ports: 1,21,22,25,53,80,110,111,143,443,465,993,995,2082, 2083,2086,2087,2095,2096,3306
Listening UDP ports: 53,55880
Note: These ports are not auto-configured; they are simply presented for information purposes. You must manually configure all port options.
6. Lets configure the firewall: pico /etc/apf/conf.apf
We will go over the general configuration to get your firewall running. This isn't a complete detailed guide of every feature the firewall has. Look through the README and the configuration for an explanation of each feature.We like to use DShield.org's "block" list of top networks that have exhibited
suspicious activity.
FIND: USE_DS="0"
CHANGE TO: USE_DS="1"
7. Configuring Firewall Ports:
Cpanel Servers
We like to use the following on our Cpanel Servers
Common ingress (inbound) ports
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2082,208 3, 2086,2087, 2095, 2096,3000_3500"
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53"
Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="1"
# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43,2089"
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"
Ensim Servers
We have found the following can be used on Ensim Servers - although we have not tried these ourselves as I don't run Ensim boxes.
Common ingress (inbound) ports
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,19638"
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53"
Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="1"
# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43"
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"
Save the changes: Ctrl+X then Y
8. Starting the firewall
/usr/local/sbin/apf -s
Other commands:
usage ./apf [OPTION]
-s|--start ......................... load firewall policies
-r|--restart ....................... flush & load firewall
-f|--flush|--stop .................. flush firewall
-l|--list .......................... list chain rules
-st|--status ....................... firewall status
-a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and
immediately load new rule into firewall
-d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and
immediately load new rule into firewall
9. After everything is fine, change the DEV option
Stop the firewall from automatically clearing itself every 5 minutes from cron.
We recommend changing this back to "0" after you've had a chance to ensure everything is working well and tested the server out.
pico /etc/apf/conf.apf
FIND: DEVM="1"
CHANGE TO: DEVM="0"
10. Configure AntiDOS for APF
Relatively new to APF is the new AntiDOS feature which can be found in: /etc/apf/ad
The log file will be located at /var/log/apfados_log so you might want to make note of it and watch it!
pico /etc/apf/ad/conf.antidos
There are various things you might want to fiddle with but I'll get the ones that will alert you by email.
# [E-Mail Alerts]
Under this heading we have the following:
# Organization name to display on outgoing alert emails
CONAME="Your Company"
Enter your company information name or server name..
# Send out user defined attack alerts [0=off,1=on]
USR_ALERT="0"
Change this to 1 to get email alerts
# User for alerts to be mailed to
USR="your@email.com"
Enter your email address to receive the alerts
Save your changes! Ctrl+X then press Y
Restart the firewall: /usr/local/sbin/apf -r
11. Checking the APF Log
Will show any changes to allow and deny hosts among other things.
tail -f /var/log/apf_log
Example output:
Aug 23 01:25:55 ocean apf(31448): (insert) deny all to/from 185.14.157.123
Aug 23 01:39:43 ocean apf(32172): (insert) allow all to/from 185.14.157.123
12. New - Make APF Start automatically at boot time
To autostart apf on reboot, run this:
chkconfig --level 2345 apf on
To remove it from autostart, run this:
chkconfig --del apf
13. Denying IPs with APF Firewall (Blocking)
Now that you have your shiny new firewall you probably want to block a host right, of course you do! With this new version APF now supports comments as well. There are a few ways you can block an IP, I'll show you 2 of the easier methods.
A) /etc/apf/apf -d IPHERE COMMENTHERENOSPACES
> The -d flag means DENY the IP address
> IPHERE is the IP address you wish to block
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being blocked
These rules are loaded right away into the firewall, so they're instantly active.
Example:
./apf -d 185.14.157.123 TESTING
pico /etc/apf/deny_hosts.rules
Shows the following:
# added 185.14.157.123 on 08/23/05 01:25:55
# TESTING
185.14.157.123
B) pico /etc/apf/deny_hosts.rules
You can then just add a new line and enter the IP you wish to block. Before this becomes active though you'll need to reload the APF ruleset.
/etc/apf/apf -r
14. Allowing IPs with APF Firewall (Unblocking)
I know I know, you added an IP now you need it removed right away! You need to manually remove IPs that are blocked from deny_hosts.rules.
A)
pico /etc/apf/deny_hosts.rules
Find where the IP is listed and remove the line that has the IP.
After this is done save the file and reload apf to make the new changes active.
/etc/apf/apf -r
B) If the IP isn't already listed in deny_hosts.rules and you wish to allow it, this method adds the entry to allow_hosts.rules
/etc/apf/apf -a IPHERE COMMENTHERENOSPACES
> The -a flag means ALLOW the IP address
> IPHERE is the IP address you wish to allow
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being removed These rules are loaded right away into the firewall, so they're instantly active.
Example:
./apf -a 185.14.157.123 UNBLOCKING
pico /etc/apf/allow_hosts.rules
# added 185.14.157.123 on 08/23/05 01:39:43
# UNBLOCKING
185.14.157.123
=============================
change the ssh port
It is advisable to change your ssh port from defaul 22 to something higher to lower your chances of brute force attacks
Below are the steps to change the ssh port.
1. Update /etc/ssh/sshd_config file, line 13 (it might be different in your file):
old line:
Port 22
Change it to:
Port 18675 # any port number you wish
2. You need to update your /etc/services file to tell that your ssh service will now use a different port. Jump to line number 45 (may be differnt in your file) and change port number:
old line:
ssh 22/tcp # SSH Remote Login Protocol
change it to:
ssh 54545/tcp # SSH Remote Login Protocol
save and exit from the file.
3. Restart your sshd service,
# /etc/init.d/sshd restart
It should go smooth. You have to specify port number every time you use ssh or scp or any other service which use ssh in any way.
If your server or machine is behind a firewall, you must open the newly assigned port in your firewall.
4. Open a port in firewall
#cd /etc/sysconfig
#vi iptables
add the following line(just change port number in place of 1867)
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 1867 -j ACCEPT
save and restart iptables service.
=====================================================
How to open a port in APF
Open port 2346 using APF
Login as the root
Open config file /etc/apf/conf.apf
# vi /etc/apf/conf.apf
Find line that read as follows:
IG_TCP_CPORTS
Add port 2346 (keep all other ports):
IG_TCP_CPORTS="2346,22,25,53,80,443,993,904,...."
Close and save the file. Restart firewall:
# /etc/init.d/apf restart
Below are the steps to change the ssh port.
1. Update /etc/ssh/sshd_config file, line 13 (it might be different in your file):
old line:
Port 22
Change it to:
Port 18675 # any port number you wish
2. You need to update your /etc/services file to tell that your ssh service will now use a different port. Jump to line number 45 (may be differnt in your file) and change port number:
old line:
ssh 22/tcp # SSH Remote Login Protocol
change it to:
ssh 54545/tcp # SSH Remote Login Protocol
save and exit from the file.
3. Restart your sshd service,
# /etc/init.d/sshd restart
It should go smooth. You have to specify port number every time you use ssh or scp or any other service which use ssh in any way.
If your server or machine is behind a firewall, you must open the newly assigned port in your firewall.
4. Open a port in firewall
#cd /etc/sysconfig
#vi iptables
add the following line(just change port number in place of 1867)
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 1867 -j ACCEPT
save and restart iptables service.
=====================================================
How to open a port in APF
Open port 2346 using APF
Login as the root
Open config file /etc/apf/conf.apf
# vi /etc/apf/conf.apf
Find line that read as follows:
IG_TCP_CPORTS
Add port 2346 (keep all other ports):
IG_TCP_CPORTS="2346,22,25,53,80,443,993,904,...."
Close and save the file. Restart firewall:
# /etc/init.d/apf restart
Friday, March 20, 2009
How to Empty Logfiles
=====================================
Run Following Commands to empty exim and apache logs
====================================
echo > /var/log/exim_mainlog
echo > /var/log/exim_rejectlog
echo > /var/log/maillog
echo > /var/log/messages
echo > /var/log/messages.1
echo > /var/log/messages.2
echo > /var/log/messages.3
echo > /var/log/messages.4
echo > /var/log/lastlog
echo > /var/log/maillog
echo > /var/log/maillog.1
echo > /var/log/maillog.2
echo > /var/log/maillog.3
echo> /var/log/secure
echo> /var/log/secure.1
echo> /var/log/secure.2
echo> /var/log/secure.3
echo> /var/log/secure.4
echo > /usr/local/apache/logs/access_log
echo > /usr/local/apache/logs/suexec_log
echo > /usr/local/apache/logs/error_log
echo > /usr/local/cpanel/logs/access_log
echo > /usr/local/cpanel/logs/error_log
echo > /var/log/exim_mainlog.1
echo > /usr/local/cpanel/3rdparty/mailman/logs/locks
echo > /var/log/cron.2
echo > /var/log/chkservd.log
echo > /var/log/cron.4
echo > /var/log/exim_paniclog.1
echo > /var/log/exim_rejectlog.1
echo > /var/log/exim_paniclog
=================================================
How to delete unwanted things from /usr partion.
=================================================
1) Login to client machine via ssh.
2) type : df -h
3) then go to : cd /usr/local/apache/logs
4) type: ls -ihS
5) type: echo > error_log
6) type: echo > suexec_log
7) go to : cd ../domlogs/
8) type: ls -lhS | head -n 20
9) type: echo > anyone from the list.
===================================================
Run Following Commands to empty exim and apache logs
====================================
echo > /var/log/exim_mainlog
echo > /var/log/exim_rejectlog
echo > /var/log/maillog
echo > /var/log/messages
echo > /var/log/messages.1
echo > /var/log/messages.2
echo > /var/log/messages.3
echo > /var/log/messages.4
echo > /var/log/lastlog
echo > /var/log/maillog
echo > /var/log/maillog.1
echo > /var/log/maillog.2
echo > /var/log/maillog.3
echo> /var/log/secure
echo> /var/log/secure.1
echo> /var/log/secure.2
echo> /var/log/secure.3
echo> /var/log/secure.4
echo > /usr/local/apache/logs/access_log
echo > /usr/local/apache/logs/suexec_log
echo > /usr/local/apache/logs/error_log
echo > /usr/local/cpanel/logs/access_log
echo > /usr/local/cpanel/logs/error_log
echo > /var/log/exim_mainlog.1
echo > /usr/local/cpanel/3rdparty/mailman/logs/locks
echo > /var/log/cron.2
echo > /var/log/chkservd.log
echo > /var/log/cron.4
echo > /var/log/exim_paniclog.1
echo > /var/log/exim_rejectlog.1
echo > /var/log/exim_paniclog
=================================================
How to delete unwanted things from /usr partion.
=================================================
1) Login to client machine via ssh.
2) type : df -h
3) then go to : cd /usr/local/apache/logs
4) type: ls -ihS
5) type: echo > error_log
6) type: echo > suexec_log
7) go to : cd ../domlogs/
8) type: ls -lhS | head -n 20
9) type: echo > anyone from the list.
===================================================
Thursday, March 19, 2009
Scan viruses and Trojans
---------------------------------------------
Scan viruses and Trojans on cpanel server
---------------------------------------------
Search For Trojans in /dev
/scripts/finddev
Locate Trojan Horses
/scripts/findtrojans
Suggest Usage
/scripts/findtrojans > /var/log/trojans
/scripts/fixtrojans /var/log/trojans
---------------------------------------------
Install ClamAV in Centos with Cpanel
--------------------------------------------
Installing antivirus is most important if you run a VPS or dedicated server, because of so many worms and trojans get in to your server often without notice and could compromise the server.
Cpanel WHM Installation
The easiest way to install clam antivirus in cpanel is through install plugin option in Cpanel WHM .
Go > WHM > Cpanel Install Plugin > Enable Clamav Connector
-----------------------------------------
Manual Installation
You can install clamav by compiling RPM packages.
1. Compiling source: download from clamav site.
2. Installing RPM package. Download
I tried to download and compile source package, but i got zlib error complaining the version not updated. so tried RPM and just able to install for myself.
By default clamav doesnt come with centos or perhaps with yum. You have to find rpm repository and install it.
Here is how you install clam antivirus (freely available) in centos running with cpanel.
----------------------------------
yum install clamd
[OR]
yum install clamav
----------------
If it doesnt work use this
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el4.rf.i386.rpm
follow this instructions here based on centos version (Locate B2 in that page)
after installing that you can issue
yum install clamd
[OR]
yum install clamav
either of those should work.
Once you have installed clamav in your centos…here are some of the basic commands using the software..
1. To update the antivirus database
> freshclam
2. To run antivirus
clamav -r /home
3. Running as Cron Daily Job
To run antivirus as a cron job (automatically scan daily) just run crontab -e from your command line. Then add the following line and save the file.
02 1 * * * root clamscan -R /var/www
This will run the cron job daily @ 1.02 AM by scanning the public html. You can change the folder to whatever you want for mail etc.
-------------------
Scan viruses and Trojans on cpanel server
---------------------------------------------
Search For Trojans in /dev
/scripts/finddev
Locate Trojan Horses
/scripts/findtrojans
Suggest Usage
/scripts/findtrojans > /var/log/trojans
/scripts/fixtrojans /var/log/trojans
---------------------------------------------
Install ClamAV in Centos with Cpanel
--------------------------------------------
Installing antivirus is most important if you run a VPS or dedicated server, because of so many worms and trojans get in to your server often without notice and could compromise the server.
Cpanel WHM Installation
The easiest way to install clam antivirus in cpanel is through install plugin option in Cpanel WHM .
Go > WHM > Cpanel Install Plugin > Enable Clamav Connector
-----------------------------------------
Manual Installation
You can install clamav by compiling RPM packages.
1. Compiling source: download from clamav site.
2. Installing RPM package. Download
I tried to download and compile source package, but i got zlib error complaining the version not updated. so tried RPM and just able to install for myself.
By default clamav doesnt come with centos or perhaps with yum. You have to find rpm repository and install it.
Here is how you install clam antivirus (freely available) in centos running with cpanel.
----------------------------------
yum install clamd
[OR]
yum install clamav
----------------
If it doesnt work use this
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el4.rf.i386.rpm
follow this instructions here based on centos version (Locate B2 in that page)
after installing that you can issue
yum install clamd
[OR]
yum install clamav
either of those should work.
Once you have installed clamav in your centos…here are some of the basic commands using the software..
1. To update the antivirus database
> freshclam
2. To run antivirus
clamav -r /home
3. Running as Cron Daily Job
To run antivirus as a cron job (automatically scan daily) just run crontab -e from your command line. Then add the following line and save the file.
02 1 * * * root clamscan -R /var/www
This will run the cron job daily @ 1.02 AM by scanning the public html. You can change the folder to whatever you want for mail etc.
-------------------
yum installed or not?
You can check yum is installed or not on server
-----------------
rpm -q yum
rpm -ql yum
echo $PATH
------------------
-----------------
rpm -q yum
rpm -ql yum
echo $PATH
------------------
Wednesday, March 11, 2009
Installing PostgreSQL On Cpanel
Installing PostgreSQL
Install PostgreSQL using cPanel
To install PostgreSQL on the server that is running a cPanel server, complete the following:
1. Login as root
2. Type:
cd /scripts/
./installpostgres
3. cPanel will automatically install PostgreSQL using yum and initialize the database for you.
Install PostgreSQL using yum
Yum can be used to install PostgreSQL on a RedHat or CentOS platform. Run the following commands to get PostgreSQL installed with yum.
yum install postgresql postgresql-server postgresql-libs postgresql-devel
/etc/rc.d/init.d/postgresql start
-OR-
yum install postgresql postgresql-server postgresql-libs postgresql-devel
/etc/rc.d/init.d/postgresql initdb
/etc/rc.d/init.d/postgresql start
++++++++++++++++++++++++++++++++++++++
Install PostgreSQL using cPanel
To install PostgreSQL on the server that is running a cPanel server, complete the following:
1. Login as root
2. Type:
cd /scripts/
./installpostgres
3. cPanel will automatically install PostgreSQL using yum and initialize the database for you.
Install PostgreSQL using yum
Yum can be used to install PostgreSQL on a RedHat or CentOS platform. Run the following commands to get PostgreSQL installed with yum.
yum install postgresql postgresql-server postgresql-libs postgresql-devel
/etc/rc.d/init.d/postgresql start
-OR-
yum install postgresql postgresql-server postgresql-libs postgresql-devel
/etc/rc.d/init.d/postgresql initdb
/etc/rc.d/init.d/postgresql start
++++++++++++++++++++++++++++++++++++++
Sunday, March 8, 2009
Rvsite builder Installation and troubleshooting
How To Install RvSiteBuilder
Note: you need to get a license from RVSiteBuilder website.
Installing RVSiteBuilder:
# cd /usr/local/cpanel/whostmgr/docroot/cgi/
# rm -f rvsitebuilderinstaller.tar
# wget http://download.rvglobalsoft.com/rvsitebuilderinstaller.tar
# tar -xvf rvsitebuilderinstaller.tar
# chmod 755 addon_rvsitebuilder.cgi
Now open WHM, ->> Add-ons section ->> RVSiteBuilder Installer menu. Click RVSiteBuilder Installer to begin the installation process.
++++++++++++++++++-----------------------+++++++++++++++++++++++++
Troubleshooting:
1) Not Found Error on rvsitebuilder
If you get the next problem on rvsitebuilder running on a cpanel server:
Not Found
The server was not able to find the document
(./3rdparty/rvsitebuilder/index.php/sitebuilder/sitebuilderhome) you
requested.
Please check the url and try again. You might also want to report this
error to your webhost.
It should fix the problem to you:
Log in as root on your cpanel server and run these commands:
# rm -f /var/cpanel/rvglobalsoft/rvsitebuilder/var/INSTALL_COMPLETE.php
# rm -f /var/cpanel/rvglobalsoft/rvsitebuilder/rvsitebuilderversion.txt
# perl /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/autoinstaller.cgi
Open your WHM on a web browser, https://serverip:2087
And go to root WHM -> Plugins -> RVSiteBuilder
It will automatically rebuild the database for you and should fix the problem.
++++++++++++++++++++++++++-------------------------------++++++++++++++++++++
Note: you need to get a license from RVSiteBuilder website.
Installing RVSiteBuilder:
# cd /usr/local/cpanel/whostmgr/docroot/cgi/
# rm -f rvsitebuilderinstaller.tar
# wget http://download.rvglobalsoft.com/rvsitebuilderinstaller.tar
# tar -xvf rvsitebuilderinstaller.tar
# chmod 755 addon_rvsitebuilder.cgi
Now open WHM, ->> Add-ons section ->> RVSiteBuilder Installer menu. Click RVSiteBuilder Installer to begin the installation process.
++++++++++++++++++-----------------------+++++++++++++++++++++++++
Troubleshooting:
1) Not Found Error on rvsitebuilder
If you get the next problem on rvsitebuilder running on a cpanel server:
Not Found
The server was not able to find the document
(./3rdparty/rvsitebuilder/index.php/sitebuilder/sitebuilderhome) you
requested.
Please check the url and try again. You might also want to report this
error to your webhost.
It should fix the problem to you:
Log in as root on your cpanel server and run these commands:
# rm -f /var/cpanel/rvglobalsoft/rvsitebuilder/var/INSTALL_COMPLETE.php
# rm -f /var/cpanel/rvglobalsoft/rvsitebuilder/rvsitebuilderversion.txt
# perl /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/autoinstaller.cgi
Open your WHM on a web browser, https://serverip:2087
And go to root WHM -> Plugins -> RVSiteBuilder
It will automatically rebuild the database for you and should fix the problem.
++++++++++++++++++++++++++-------------------------------++++++++++++++++++++
Directadmin: Nameservers setup
Setup Your Nameservers on Directadmin
To setup your nameservers, simply do the following:
- Login to your DirectAdmin panel as "admin"
- Go to your IP Management section, and add two new IP addresses
- Once they are added, click the check boxes next to the two IPs that you've just submitted. Assign these IPs to "admin"
- Now go to your Reseller panel, and navigate to your Nameserver section
- On this page, create your two nameservers, generally ns1. and ns2.
- Finally, go back to your Admin panel and go to your Administrator Settings page. Set your nameservers to the ones you have just created and save your changes.
To setup your nameservers, simply do the following:
- Login to your DirectAdmin panel as "admin"
- Go to your IP Management section, and add two new IP addresses
- Once they are added, click the check boxes next to the two IPs that you've just submitted. Assign these IPs to "admin"
- Now go to your Reseller panel, and navigate to your Nameserver section
- On this page, create your two nameservers, generally ns1. and ns2.
- Finally, go back to your Admin panel and go to your Administrator Settings page. Set your nameservers to the ones you have just created and save your changes.
Monday, March 2, 2009
Load monitoring
Load monitoring and controlling
#top
#ps -aufx | grep nobody
#ps -aufx | grep pkgacct
#ps -aufx | grep mysql
====================
YOU CAN KILL NOBODY PROCESSESS
#kill -9 pid
#kill -9 $(pgrep -u nobody)
#kill -9 `ps -u nobody -o "pid="`
#/etc/init.d/restart httpd
======================
EXIM
to delete frozen mails
exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm
=====================
MYSQL:
To kill mysql process found in mysqladmin processlist
mysqladmin kill process id
====================
How to Monitor the services that is using up most of the cpu and memory on a server.
ps auxfw|sort -nr|grep -v 0.0
#top
#ps -aufx | grep nobody
#ps -aufx | grep pkgacct
#ps -aufx | grep mysql
====================
YOU CAN KILL NOBODY PROCESSESS
#kill -9 pid
#kill -9 $(pgrep -u nobody)
#kill -9 `ps -u nobody -o "pid="`
#/etc/init.d/restart httpd
======================
EXIM
to delete frozen mails
exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm
=====================
MYSQL:
To kill mysql process found in mysqladmin processlist
mysqladmin kill process id
====================
How to Monitor the services that is using up most of the cpu and memory on a server.
ps auxfw|sort -nr|grep -v 0.0
Plesk: mailqueue
How do I check the mail queue
sendmail -bp
It will print a list of emails
Command of check the number of messages waiting to be sent on the server is:
/var/qmail/bin/qmail-qstat
How to force qmail to process all messages in queue immediately?
If you send ALRM signal to the qmail-send process, Qmail will try to process all messages in queue again immediately.
# ps ax | grep qmail-send
# kill -ALRM
sendmail -bp
It will print a list of emails
Command of check the number of messages waiting to be sent on the server is:
/var/qmail/bin/qmail-qstat
How to force qmail to process all messages in queue immediately?
If you send ALRM signal to the qmail-send process, Qmail will try to process all messages in queue again immediately.
# ps ax | grep qmail-send
# kill -ALRM
Wget Error
for wget http://where.the.rpm it returns:
Code:
# wget http://------.rpm
bash: wget: command not found
**Fixed my wget problem with:
#yum install wget
Code:
# wget http://------.rpm
bash: wget: command not found
**Fixed my wget problem with:
#yum install wget
Subscribe to:
Comments (Atom)