dino – Page 20 – LinuxBabu ………..

iptables string match to drop malicious urls

September 2, 2008June 2, 2008 by dino

iptables string match to drop malicious urls

==================================

Usually modsecurity rules can help filter many malicious url attack patterns combined with apache on apache port (http|https). But what if a malicious attack using a vulnerable url pattern, that exposes or tries to break into your system is coming onto another port?

This is where iptables string match comes in handy.

/usr/local/sbin/iptables -I INPUT -p tcp -s 0.0.0.0/0 -m string –string “download?file=%2e%2e” –algo bm -j DROP

[root@server ~]# iptables -L -v | grep STR
73 49908 DROP tcp – any any anywhere anywhere STRING match “download?file=%2e%2e” ALGO name bm TO 65535

[root@server ~]#

The above iptable rule will block any url that has the string “download?file=%2e%2e” on any port on your server.

Note: your iptables binary path may be /sbin/iptables

Say http://yourserverIP:9132/blah/download?file=%2e%2e

Performance tuning tools: ps, top, sar, iostat, and vmstat

September 2, 2008June 2, 2008 by dino

Performance tuning tools :by Matt Frye

As a system administrator, part of your daily duties is to monitor systems for performance and to tune systems where necessary. While there are expensive software products and benchmarking tools that can hone a machine to optimum efficiency, there exist several basic tools within Linux® that permit the knowledgeable system administrator to gather information and use the valuable information to make decisions about where and when to tune a system.

P.S.—I want to see my processes

One of the most basic tools we can use is the utility ps. ps provides a snapshot of current processes. This snapshot can range from myself as a single user (such as what active processes I have running) to all the processes on the system. The simple example of course is to run the ps command with no options, which produces output similar to:

PID TTY          TIME CMD
 2873 pts/1    00:00:00 bash
 3002 pts/1    00:00:00 ps

Example 1. Basic output of ps

We see in Example 1, “Basic output of ps” that we get some minimal information about the processes we are running, including ps itself. ps displays the process ID (PID), the terminal associated with the process (TTY), the cumulated CPU time in [dd-]hh:mm:ss format (TIME), and the executable name (CMD). Spectacular, right? Well, ps does this and a whole lot more. I should mention at this point that the version of ps that I am using for this article is something special compared to the ps of yester-year and of your classic UNIX®. This ps, procps version 3.2.5, accepts several kinds of options: UNIX options, which may be grouped and must be preceded by a dash, BSD options, which may be grouped and must not be used with a dash, and GNU long options, which are preceded by two dashes. For the uninitiated, those who are new to Linux, or refugees from some older BSD or System V variant, this is good news. A system administrator can track down a process via several sets of options.

root      2784  2774  0 22:45 pts/2    00:00:00 su - mfrye
mfrye     2785  2784  0 22:45 pts/2    00:00:00 -bash
root      2895  1870  0 23:04 ?        00:00:00 sshd: mfrye [priv]
mfrye     2897  2895  0 23:04 ?        00:00:00 sshd: mfrye@pts/3
mfrye     2898  2897  0 23:04 pts/3    00:00:00 -bash
mfrye     3274  2785  0 23:34 pts/2    00:00:00 ps -ef
mfrye     3275  2785  0 23:34 pts/2    00:00:00 grep mfrye

Example 2. Output of ps -ef | grep mfrye

root      2784  0.0  0.0  71368  1288 pts/2    S    22:45   0:00 su - mfrye
mfrye     2785  0.0  0.0  55124  1536 pts/2    S    22:45   0:00 -bash
root      2895  0.0  0.1  38228  2660 ?        Ss   23:04   0:00 sshd: mfrye [priv]
mfrye     2897  0.0  0.1  38228  2748 ?        S    23:04   0:00 sshd: mfrye@pts/3
mfrye     2898  0.0  0.0  55124  1528 pts/3    Ss   23:04   0:00 -bash
mfrye     3272  0.0  0.0  52948   872 pts/2    R+   23:34   0:00 ps aux
mfrye     3273  0.0  0.0  51192   636 pts/2    S+   23:34   0:00 grep mfrye

Example 3. Output of ps -aux | grep mfrye

In Example 2, “Output of ps -ef | grep mfrye” and Example 3, “Output of ps -aux | grep mfrye”, we see the output of ps with different arguments. We can use this output to track a particular set of processes (owned by mfrye) via either of two sets of options (UNIX & BSD, respectively). So what’s the big deal, you’re thinking? OK, so bash is a pretty tame example. In cases where another process, perhaps one that consumes more memory, or some other resource, than you want, ps can be a very quick, easy, and effective way to track that process down. So now we’ve tracked down a particular process, but we don’t know much more than some basic information about the process’s CPU usage in terms of accumulated CPU time, which as you may appreciate, is not ideal. Luckily, there’s more.

Being on top

To track a process in relation to the system usage, another basic performance monitoring tool is top. To start top, simply run top from the command line. A typical glimpse of top output without any formatting can be seen in Example 4, “Basic output of top”.

top - 23:50:16 up  3:25,  1 user,  load average: 0.00, 0.00, 0.00
Tasks:  88 total,   1 running,  87 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.0% us,  0.0% sy,  0.0% ni, 100.0% id,  0.0% wa,  0.0% hi,  0.0% si
Mem:   2055112k total,   227684k used,  1827428k free,    53556k buffers
Swap:  2096472k total,        0k used,  2096472k free,   100884k cached

PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
    1 root      16   0  4876  596  500 S  0.0  0.0   0:00.78 init
    2 root      RT   0     0    0    0 S  0.0  0.0   0:00.00 migration/0
    3 root      34  19     0    0    0 S  0.0  0.0   0:00.00 ksoftirqd/0
    4 root      RT   0     0    0    0 S  0.0  0.0   0:00.00 migration/1
    5 root      34  19     0    0    0 S  0.0  0.0   0:00.00 ksoftirqd/1
    6 root      RT   0     0    0    0 S  0.0  0.0   0:00.00 migration/2
    7 root      34  19     0    0    0 S  0.0  0.0   0:00.00 ksoftirqd/2
    8 root      RT   0     0    0    0 S  0.0  0.0   0:00.00 migration/3
    9 root      34  19     0    0    0 S  0.0  0.0   0:00.00 ksoftirqd/3
   10 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 events/0
   11 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 events/1
   12 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 events/2
   13 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 events/3
   14 root      19  -5     0    0    0 S  0.0  0.0   0:00.00 khelper
   15 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 kthread
   22 root      20  -5     0    0    0 S  0.0  0.0   0:00.00 kacpid
  106 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 kblockd/0
  107 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 kblockd/1
  108 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 kblockd/2
  109 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 kblockd/3
  112 root      15   0     0    0    0 S  0.0  0.0   0:00.00 khubd
  162 root      20   0     0    0    0 S  0.0  0.0   0:00.00 pdflush
  163 root      15   0     0    0    0 S  0.0  0.0   0:00.01 pdflush
  166 root      13  -5     0    0    0 S  0.0  0.0   0:00.00 aio/0
  167 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 aio/1
  168 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 aio/2
  169 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 aio/3

Example 4. Basic output of top

Top is an interactive tool that allows a system administrator to view the process table in order of CPU or memory usage, by user, and at varying refresh rates. For example, a system administrator who wants to monitor the process running under the user apache (option u, apache), sorted by memory usage (option M), updated every half second (option S, .5) would get that output. See Example 5, “Example of top output sorted by user apache”.

top - 23:58:42 up  3:33,  1 user,  load average: 0.00, 0.00, 0.00
Tasks:  88 total,   1 running,  87 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.0% us,  0.0% sy,  0.0% ni, 100.0% id,  0.0% wa,  0.0% hi,  0.0% si
Mem:   2055112k total,   227436k used,  1827676k free,    53740k buffers
Swap:  2096472k total,        0k used,  2096472k free,   101220k cached

PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
 1911 apache    16   0  113m  13m 7984 S  0.0  0.7   0:00.00 httpd
 1912 apache    15   0  113m  13m 7980 S  0.0  0.7   0:00.00 httpd
 1913 apache    16   0  113m  12m 7912 S  0.0  0.6   0:00.00 httpd
 1914 apache    20   0  113m  12m 7912 S  0.0  0.6   0:00.00 httpd
 1915 apache    20   0  113m  12m 7912 S  0.0  0.6   0:00.00 httpd
 1916 apache    20   0  113m  12m 7912 S  0.0  0.6   0:00.00 httpd
 1917 apache    20   0  113m  12m 7912 S  0.0  0.6   0:00.00 httpd
 1918 apache    25   0  113m  12m 7912 S  0.0  0.6   0:00.00 httpd

Example 5. Example of top output sorted by user apache

Top is useful for viewing real-time process behavior within the context of system resources. The use of a faster refresh rate will provide enhanced precision for measuring system loads. For example, if you have a system running an Oracle® Database, and your startup time for the database is unacceptably slow, you will be able to see what processes consume a greater part of memory while the system is pegged. While top is a good interactive tool, you may not have the time or inclination to sit and watch processes for more than a few minutes. Luckily, there’s more.

Sar, yes, sar!

Sar is one of those utilities that conjures up images of UNIX nerds that took Latin in high school (when Latin was still offered in high schools). Because of sar‘s relative oddness, it is often lumped into the same category as sendmail for ease of configuration. To be fair, there is wonderful documentation for most such utilities. However, looking beyond sar‘s reputation for obscurity in output as well as syntax reveals a powerful system monitoring tool.

You can install sar by installing the sysstat package with the command yum install sysstat. You also need to initialize sar the first time by running /usr/lib/sa/sa1 1 1 and /usr/lib/sa/sa2 -A, or by letting cron run these commands. The sysstat package will place these in /etc/cron.d/systat/, and you won’t be able to run sar with no arguments and get meaningful output without having done this first.

Running sar with no arguments will give you some pretty obvious output as to what’s going on in your system. In Example 6, “Basic output of sar”, we see the day’s cumulative averages so far for every ten minutes on all CPUs. You will notice that these are the same pieces of information that we saw in top, except that in this case, sar gives us a time breakdown of when loads occurred.

Linux 2.6.12-1.1398_FC4smp (knuth)     08/28/2005

12:00:01 AM       CPU     %user     %nice   %system   %iowait     %idle
12:10:01 AM       all      0.01      0.00      0.01      0.00     99.98
12:20:01 AM       all      0.01      0.00      0.01      0.00     99.98
12:30:01 AM       all      0.01      0.00      0.01      0.01     99.98
12:40:01 AM       all      0.00      0.00      0.00      0.00    100.00
12:50:01 AM       all      0.00      0.00      0.00      0.01     99.99
01:00:01 AM       all      0.00      0.00      0.00      0.00    100.00
01:10:01 AM       all      0.00      0.00      0.00      0.00    100.00
01:20:01 AM       all      0.00      0.00      0.00      0.00    100.00
01:30:01 AM       all      0.00      0.00      0.00      0.00    100.00
01:40:01 AM       all      0.00      0.00      0.00      0.00    100.00
01:50:01 AM       all      0.00      0.00      0.00      0.00    100.00
Average:          all      0.00      0.00      0.00      0.00     99.99

Example 6. Basic output of sar

Incidentally, these values are stored by running sar in cron. Fedora™ Core 4 has the following entries in /etc/cron.d/sysstat, by default:

# run system activity accounting tool every 10 minutes */10 * * * * root
/usr/lib/sa/sa1 1 1 # generate a daily summary of process accounting at 23:53
53 23 * * * root /usr/lib/sa/sa2 -A

The sa1 script collects and stores binary data in the system activity daily data file, and sa2 writes a daily report in the /var/log/sa/ directory. Sar can also be invoked to provide real-time statistics on the fly. In Example 7, “Example output of sar 1 10”, I have invoked sar with the options for a one second interval over 10 iterations. This is a very effective way to evaluate where a bottleneck might lie. If you’re having problems with I/O wait when certain reads take place, you’ll be able to see it here. Running sar in this fashion offers you the dynamic output of top with the specificity of sar. See Example 7, “Example output of sar 1 10”.

Linux 2.6.12-1.1398_FC4smp (knuth)     08/28/2005

02:13:43 AM       CPU     %user     %nice   %system   %iowait     %idle
02:13:44 AM       all      0.00      0.00      0.00      0.00    100.00
02:13:45 AM       all      0.00      0.00      0.00      0.00    100.00
02:13:46 AM       all      0.00      0.00      0.00      0.00    100.00
02:13:47 AM       all      0.00      0.00      0.00      0.00    100.00
02:13:48 AM       all      0.00      0.00      0.00      0.00    100.00
02:13:49 AM       all      0.00      0.00      0.00      0.00    100.00
02:13:50 AM       all      0.00      0.00      0.00      0.00    100.00
02:13:51 AM       all      0.00      0.00      0.00      0.00    100.00
02:13:52 AM       all      0.00      0.00      0.00      0.00    100.00
02:13:53 AM       all      0.00      0.00      0.00      0.00    100.00
Average:          all      0.00      0.00      0.00      0.00    100.00

Example 7. Example output of sar 1 10

Sar also allows you to view the same output but restricts your reporting to a particular processor. Example 8, “sar -P 1 1 5 output” shows 5 one second iterations for CPU 1, and Example 9, “sar -P 2 1 5 output” shows 5 one second iterations for CPU 2.

Linux 2.6.12-1.1398_FC4smp (knuth)     08/28/2005

02:28:24 AM       CPU     %user     %nice   %system   %iowait     %idle
02:28:25 AM         1      0.00      0.00      0.00      0.00    100.00

02:28:25 AM       CPU     %user     %nice   %system   %iowait     %idle
02:28:26 AM         1      0.00      0.00      0.00      0.00    100.00

02:28:26 AM       CPU     %user     %nice   %system   %iowait     %idle
02:28:27 AM         1      0.00      0.00      0.00      0.00    100.00

02:28:27 AM       CPU     %user     %nice   %system   %iowait     %idle
02:28:28 AM         1      0.00      0.00      0.00      0.00    100.00

02:28:28 AM       CPU     %user     %nice   %system   %iowait     %idle
02:28:29 AM         1      0.00      0.00      0.00      0.00    100.00

Average:          CPU     %user     %nice   %system   %iowait     %idle
Average:            1      0.00      0.00      0.00      0.00    100.00

Example 8. sar -P 1 1 5 output

Linux 2.6.12-1.1398_FC4smp (knuth)     08/28/2005

02:28:33 AM       CPU     %user     %nice   %system   %iowait     %idle
02:28:34 AM         2      0.00      0.00      0.00      0.00    100.00

02:28:34 AM       CPU     %user     %nice   %system   %iowait     %idle
02:28:35 AM         2      0.00      0.00      0.00      0.00    100.00

02:28:35 AM       CPU     %user     %nice   %system   %iowait     %idle
02:28:36 AM         2      0.00      0.00      0.00      0.00    100.00

02:28:36 AM       CPU     %user     %nice   %system   %iowait     %idle
02:28:37 AM         2      0.00      0.00      0.00      0.00    100.00

02:28:37 AM       CPU     %user     %nice   %system   %iowait     %idle
02:28:38 AM         2      0.00      0.00      0.00      0.00    100.00

Average:          CPU     %user     %nice   %system   %iowait     %idle
Average:            2      0.00      0.00      0.00      0.00    100.00

Example 9. sar -P 2 1 5 output

Check your system, STAT!

There are a number of *stat commands that appear in any given system, and I would like to mention two which I think are most useful. The first of these is iostat. Iostat reports CPU statistics and input/output statistics for devices and partitions. While it seems that CPU statistics are available in every utility mentioned here so far, it’s the I/O part of iostat that makes it useful. Iostat run without any parameters gives you a single history since boot report for all CPU and devices. This is useful for a quick look at device utilization and, in this case, looking at CPU usage makes a lot of sense. In Example 10, “Basic output of iostat”, iostat shows blocks read and written per second and overall.

Linux 2.6.12-1.1398_FC4smp (knuth)     08/28/2005

avg-cpu:  %user   %nice    %sys %iowait   %idle
           0.01    0.00    0.01    0.04   99.93

Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
sda               0.92        12.27         8.27     289810     195288

Example 10. Basic output of iostat

In Example 11, “Output of iostat -p sda 1 3”, iostat displays three reports at one second intervals for device sda and all its partitions. It’s easy to see how iostat can deliver real-time statistics on the partitions’ reads and writes.

Linux 2.6.12-1.1398_FC4smp (knuth)     08/28/2005

avg-cpu:  %user   %nice    %sys %iowait   %idle
           0.01    0.00    0.01    0.04   99.93

Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
sda               0.92        12.08         8.36     289810     200592
sda3              0.01         0.02         0.00        386          0
sda2              1.68        12.01         8.36     288138     200544
sda1              0.02         0.04         0.00       1024         48

avg-cpu:  %user   %nice    %sys %iowait   %idle
           0.00    0.00    0.00    0.00  100.00

Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
sda               0.00         0.00         0.00          0          0
sda3              0.00         0.00         0.00          0          0
sda2              0.00         0.00         0.00          0          0
sda1              0.00         0.00         0.00          0          0

avg-cpu:  %user   %nice    %sys %iowait   %idle
           0.00    0.00    0.00    0.00  100.00

Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
sda               0.00         0.00         0.00          0          0
sda3              0.00         0.00         0.00          0          0
sda2              0.00         0.00         0.00          0          0
sda1              0.00         0.00         0.00          0          0

Example 11. Output of iostat -p sda 1 3

The last utility I would like to mention is vmstat. Vmstat reports statistics on virtual memory and can be useful when trying to identify system bottlenecks. Vmstat does not count itself as a running process, and it can be used in a number of modes. Run with no parameters, vmstat will display active and inactive memory. Like iostat, vmstat can be run in iterations, at a particular interval. In Example 12, “Output of vmstat 1 5”, vmstat is run at one second intervals for five iterations.

procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu----
 r  b   swpd   free   buff  cache   si   so    bi    bo   in    cs us sy id wa
 0  0      0 1826368  57028 102352    0    0     1     1  251     6  0  0 100  0
 0  0      0 1826368  57028 102352    0    0     0     0 1008    13  0  0 100  0
 0  0      0 1826368  57028 102352    0    0     0     0 1004    13  0  0 100  0
 0  0      0 1826368  57036 102344    0    0     0    60 1007    25  0  0 100  0
 0  0      0 1826368  57036 102344    0    0     0     0 1004    13  0  0 100  0

Example 12. Output of vmstat 1 5

Vmstat can also provide a quick list of memory-related statistics from the vmstat -s command:

2055112  total memory
       229240  used memory
        84480  active memory
        91816  inactive memory
      1825872  free memory
        57224  buffer memory
       102156  swap cache
      2096472  total swap
            0  used swap
      2096472  free swap
         1130 non-nice user cpu ticks
          247 nice user cpu ticks
         1110 system cpu ticks
      9995941 idle cpu ticks
         3860 IO-wait cpu ticks
           35 IRQ cpu ticks
           56 softirq cpu ticks
       144945 pages paged in
       108540 pages paged out
            0 pages swapped in
            0 pages swapped out
     25092942 interrupts
       575618 CPU context switches
   1126139091 boot time
         4447 forks

as well as partition information from the vmstat -p sda2:

sda2          reads   read sectors  writes    requested writes
               15200     288218      27285     218280

Many of the functions of the utilities discussed in this article overlap. This is the result of having several authors who have attempted to provide you with as elegant and powerful a utility as possible. This has the potential, however, of causing some confusion or apathy in using these tools because they seem redundant or are perceived to be “bloated.” However, the system administrator, who recognizes each tool for its strengths and inherent ability to report cleanly the characteristics of a running system, will find that their system comes with a rather complete tool set for not only reacting to but predicting performance issues via proactive monitoring.

About the author

Matt Frye is a UNIX/Linux system administrator living in North Carolina. He is Chairman of the North Carolina System Administrators and is an active member of the Triangle Linux User Group. In his spare time, he enjoys fly fishing and mental Kung Foo.

Hotlink protection: How-To prevent people from stealing your files

July 25, 2008May 25, 2008 by dino

Create an .htaccess file in your public_html directory with the following code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?domain.com.*$ [NC]
RewriteRule .(gif|jpg)$ – [F]

Where domain.com is your domain.

WHM : Spamassassin / spamd not working

May 22, 2008 by dino

Spamassassin / spamd not working — solution

1. When restarting exim it will show

[root@server ~]# /scripts/restartsrv_exim
Starting exim: [ OK ]
Starting exim-smtps: [ OK ]
Starting antirelayd: [ OK ]
Starting spamd: Can’t locate Cpanel/SpamAssassinSandBox.pm in @INC (@INC contains: /usr/lib/perl5/5.8.8/i686-linux /usr/lib/perl5/5.8.8 /usr/lib/perl5/site_perl/5.8.8/i686-linux /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl/5.6.2 /usr/lib/perl5/site_perl) at /usr/bin/spamd line 27.
BEGIN failed–compilation aborted at /usr/bin/spamd line 27.
[FAILED]
Starting antirelayd: [ OK ]

Fix :

/scripts/perlinstaller –force Mail::SpamAssassin
/etc/rc.d/init.d/exim restart

2. When restarting exim it will show

Shutting down spamd: [FAILED] and when starting it will NOT show Starting spamd:

You may have disabled spamd whm > service manager .

so whm will create a file /etc/spamdisable

when you re-eanable spamd through whm > service manager this file may not be deleted.

so delete /etc/spamdisable and restart exim , spamd will function again.

[root@server ~]# service exim restart
Shutting down exim: [ OK ]
Shutting down antirelayd: [ OK ]
Shutting down spamd: [FAILED]
Starting exim: [ OK ]
Starting exim-smtps: [ OK ]
Starting antirelayd: [ OK ]
Starting spamd: [ OK ]
[root@server ~]#

3. Given below is the error when restarting exim.

” Starting spamd: [9128] error: spamd: spamd script is v3.001000, but using modules v3.001001 “

When cpanel update updates spamassassin the updates (executables) will be installed at

/usr/share/scripts/ NOT AT working directory /usr/bin and /etc/rc.d/init.d/ .

solution:

Remove these files from /usr/bin/ and /etc/rc.d/init.d/

rm -f /usr/bin/spamc
rm -f /usr/bin/sa-learn
rm -f /usr/bin/spamassassin
rm -f /usr/bin/spamd
rm -f /usr/bin/sa-update
rm -f /etc/rc.d/init.d/spamassassin

Now copy the updated files from /usr/share/scripts/

cp /usr/share/scripts/spamc /usr/bin/
cp /usr/share/scripts/sa-learn /usr/bin/
cp /usr/share/scripts/spamassassin /usr/bin/
cp /usr/share/scripts/spamd /usr/bin/
cp /usr/share/scripts/sa-update /usr/bin/
cp /usr/share/scripts/spamassassin /etc/rc.d/init.d/

Now restart exim. Done

==========================================================================
OR
================

WRT spamd, have you tried:

/etc/init.d/chkservd restart

If that doesn’t work, try:

/scripts/fixspamassassinfailedupdate

__________________

======================================================

cPanel : sshd has failed, please contact the sysadmin

May 22, 2009May 22, 2008 by dino

If you have changed the shell default Port 22 on a cPanel powered server , restarting sshd from the WHM will fail. You have to ssh to the server and issue the following command to restart sshd…

/sbin/service sshd restart

To, temporarily, reset your shell port back to 22, run the following command from the Address field in browser:

SERVER_MAIN_IP:2087/scripts2/doautofixer?autofix=safesshrestart

Now, you should be able to access shell, and you need to restart sshd at the prompt using the command mentioned above

WHM :: Access Denied

July 21, 2008May 21, 2008 by dino

When you login to the WHM, you get the following error:

Access Denied

When XSRF attacks is enabled in the WHM, the cPanel will validate the referrer for every page. If the referrer matches one of the domains, the server ‘s hostname , or any of the server’s IPs, then the request is allowed through. If the referrer does not match, then the user is shown the “Access Denied” page with the request information and given the option to proceed.

To get rid of that page:

1. Login to the WHM >> Server Configuration >> Tweak Settings
Scroll down the page (about half way down) and find “Security”, un-check the checkbox to deactivate “XSRF attacks”
Click on the button Save at the bottom of the page.
DONE

WHM / cPanel : Munin MySQL Graphs blank

May 31, 2008May 14, 2008 by dino

Make sure that the password in /root/.my.cnf is valid, first.

In /etc/munin/plugin-conf.d , you will see a file called cpanel.conf . Modify it completely to look like so:

[mysql*]
user root group wheel
env.mysqladmin /usr/bin/mysqladmin
env.mysqlopts -u [MySQL_usr] -p[MySQL_usrpassword]
### [MySQL_usr] is a valid MySQL user and [MySQL_usrpassword] is it’s password ### you can use mysql root too.
[exim_mailqueue] group mail
[exim_mailstats]
group mail
[mailman]
user mailman

then restart munin

/etc/init.d/munin-node restart

This tells munin to pull the mysql environment from the file necessary
Of course , in this case you will need munin to run as ROOT. To do this:
su to your munin user

su munin

remove the munin crontab

crontab -e

remove the line, or just add an # to the beginning of it

then exit out of the shell, and add the SAME crontab (that was in the munin user) to root, adding –force-root to the end of the statement, so it’d be something like:

*/5 * * * * /usr/bin/munin-cron --force-root

WHM / cPanel : Munin graphs are Blank

May 14, 2008 by dino

WHM / cPanel Provides Munin for the Server Monitoring. It shows graphs for Disk, Exim, Mysql, Network, and Other Processes. I faced a issue on clients server where installation goes fine and Munin graphs are blank. I have made a short guide to trace the issue.

Restart Munin node and Watch for the logs for munin using :

/etc/init.d/munin-node restart
tail -f /var/log/munin/munin-node.log

Munin Errors :

2008/05/13-23:32:46 Server closing!
Process Backgrounded
2008/05/13-23:32:46 MyPackage (type Net::Server::Fork) starting! pid(25631)
Binding to TCP port 4949 on host *
Setting gid to “10 10”
Use of uninitialized value in eval {block} exit at /usr/sbin/munin-node line 452, line 8.

Munin uses port 4949, check the firewall and if possible disable the firewall during the troubleshooting.

munin 4949/tcp # Munin Graphing Framework
munin 4949/udp # Munin Graphing Framework

#telnet localhost 4949
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
# munin node at [your server name]

Solution :

The above errors are when expected node hostname does not match the actual hostname of the server.

Ensure that the hostname entry is at the top and is correct in the /etc/hosts file.

Restart the munin node and use command to execute the munin.

/usr/bin/munin-cron –force-root

The munin should work fine now.

Invalid command ‘SSLEngine’

May 13, 2008 by dino

CentOS release 4.5 (Final)

Server version: Apache/1.3.37 (Unix)

You can get this error for lots of reasons (including the mod_ssl.c module not being loaded) but my problem to day was the above error spat out by:

apachectl configtest

The reason is that apachectl DOES NOT define SSL (i.e. when it’s checking the config file). Therefore the httpd.conf will ALWAYS look broken if mod_ssl.c specific directives are in it. That is unless they are bracketed with:

in which case what’s the point of using “apachectl configtest” to test the config file?

httpd -S

gives the same error unless you also pass -DSSL like this:

httpd -S -DSSL

Be safe: use the actual boot scripts to stop and start the server if you’re using SSL:

/etc/init.d/httpd stop

/etc/init.d/httpd startssl

WHM / cPanel :

You may get errors for SSLEngine while installing SSL from WHM :

Syntax error on line 29945 of /usr/local/apache/conf/httpd.conf.installssl.1210663778.980885407.445848-domain.com:
Invalid command ‘SSLEngine’, perhaps mis-spelled or defined by a module not included in the server configuration

root@devel [/usr/share/ssl/private]# service httpd startssl
[Tue Jul 18 15:51:15 2006] [warn] module bytes_log_module is already loaded, skipping
Syntax error on line 1211 of /usr/local/apache/conf/httpd.conf:
Invalid command ‘SSLEngine‘, perhaps mis-spelled or defined by a module not included in the server configuration
/etc/init.d/httpd startssl: httpd could not be started

Fix:

Rebuild Apache using easyapache or from WHM which will fix the issue with SSL.

root@devel [/usr/share/ssl/private]# service httpd restart
/etc/init.d/httpd restart: httpd not running, trying to start
/etc/init.d/httpd restart: httpd started

Formatting and Mounting a new drive in Linux

July 5, 2008May 12, 2008 by dino

I have installed a new slave hard drive. How do I format it and mount it?

Solution:

1. Login as root: and type the following command:

[root@34 root]# fdisk /dev/hdc

2. This screen will appear:

The number of cylinders for this disk is set to 10011.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)

3. Press p for print, this will show you the current partitons on the drive:

Command (m for help): p

Disk /dev/hdc: 82.3 GB, 82348277760 bytes
255 heads, 63 sectors/track, 10011 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System

4. There are no current partitions, if there were, press d to delete them. Then press n to create a new partition and follow the rest of the commands:

Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-10011, default 1): Enter
Using default value 1: Enter
Last cylinder or +size or +sizeM or +sizeK (1-10011, default 10011): Enter
Using default value 10011

5: Write your new partiton to the drive:

Command (m for help): w
The partition table has been altered!

—————————————

6. Now to make the file system.

[root@34 root]# mkfs.ext3 /dev/hdc1
mke2fs 1.32 (09-Nov-2002)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
10059776 inodes, 20103331 blocks
1005166 blocks (5.00%) reserved for the super user
First data block=0
614 block groups
32768 blocks per group, 32768 fragments per group
16384 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424

—————————————–

7. Now to make a directory to mount the new drive to.

[root@34 root]# mkdir /backups
[root@34 root]# mount /dev/hdc1 /backups
[root@34 root]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda3 75G 1.3G 70G 2% /
/dev/hda1 99M 14M 81M 15% /boot
none 243M 0 243M 0% /dev/shm
/dev/hdc1 76G 33M 72G 1% /backups

You will see that the new drive is labled /dev/hdc1 and is mounted to /backups.
——————————————-

8. Now edit the /etc/fstab so that the mount is there after a reboot.

Current fstab is shown below:

LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/hda2 swap swap defaults 0 0

9. Now we are going to add one line at the end:

[root@34 root]# vi /etc/fstab
LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/hda2 swap swap defaults 0 0
/dev/hdc1 /backups ext3 defaults 0 0

Save and quit vi.