cPanel :: Berkeley DB error: PANIC: fatal region error detected; run recovery

Exim logs /var/log/exim_mainlog shows Berkeley DB error.

Berkeley DB error: PANIC: fatal region error detected; run recovery
Berkeley DB error: PANIC: fatal region error detected; run recovery
Berkeley DB error: PANIC: fatal region error detected; run recovery

Exim stores certain databases using BerkeleyDB (e.g. aliases file). These are due to corrupted Berkeley DB.

In cPanel server you can remove / move the DB and restart exim to fix.

mv /var/spool/exim/db /var/spool/exim/db.bak

/scripts/restartsrv_exim

Now confirm the errors are gone.

tail -f /var/log/exim_mainlog

Uninstall APF

Sometimes we may require to remove APF from the server. Here is a guide which shows how to remove APF completely from the server.

Stop the firewall first
service apf stop
/bin/rm -rfv /etc/apf
Remove the cron for APF
/bin/rm -fv /etc/cron.daily/fw
/bin/rm -fv /etc/init.d/apf
lastly disable at startup
chkconfig apf off

This should remove APF completely from the server as we removed the APF daemon, cron and files.

cPanel User Shell Access : fork: Resource temporarily unavailable

The cPanel user shell access gives error all of a sudden :

root@server [~]# su - user
-bash: fork: Resource temporarily unavailable

The culprit seems to be cPanel and its “Shell Fork Bomb Protection”. Logging into WHM >> Security >> Security Center >> “Shell Fork Bomb Protection” and clicking “Disable Protection” resolves the issue.

Shell Fork bomb Protection will prevent users with terminal access (ssh/telnet) from using up the server’s resources and possibly crashing the server.

cPanel : Horde login error !

Horde login error

Horde Login shows below error :

Warning: Unknown: write failed: Disk quota exceeded (122) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of
session.save_path is correct (/var/cpanel/userhomes/cpanelhorde/sessions) in Unknown on line 0

Then try this cPanel script :

/scripts/autorepair phpapps_owner_fix

The above cPanel script will reset all the quotas for the cPanel users.

What is APF (Advanced Policy Firewall)? APF Firewall

APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux. APF is developed and maintained by R-fx Networks: http://www.rfxnetworks.com/apf.php

This guide will show you how to install and configure APF firewall, one of the better known Linux firewalls available.10

Requirements:
– Root SSH access to your server

Lets begin!
Login to your server through SSH and su to the root user.

cd /root/downloads or another temporary folder where you store your files.

2. wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

3. tar -xvzf apf-current.tar.gz

4. cd  apf-9.6-5/ or whatever the latest version is.

5. Run the install file: ./install.sh
You will receive a message saying it has been installed

Installing APF 9.6-5: Completed.
Installation Details:
Install path:         /etc/apf/
Config path:          /etc/apf/conf.apf
Executable path:      /usr/local/sbin/apf
Other Details
Listening TCP ports: 53,2086,2087,3306
Listening UDP ports: 53,39437

Note: These ports are not auto-configured; they are simply presented for information purposes. You must manually configure all port options.

6. Lets configure the firewall: nano -w /etc/apf/conf.apf
We will go over the general configuration to get your firewall running. This isn’t a complete detailed guide of every feature the firewall has. Look through the README and the configuration for an explanation of each feature.

We like to use DShield.org’s “block” list of top networks that have exhibited
suspicious activity.
FIND: USE_DS="0"
CHANGE TO: USE_DS="1"

7. Configuring Firewall Ports:

Cpanel Servers
We like to use the following on our Cpanel Servers

Common ingress (inbound) ports
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2082,2083, 2086,2087, 2095, 2096,3000_3500"
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53"

Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="1"

# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43,2089"
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"

Ensim Servers
We have found the following can be used on Ensim Servers – although we have not tried these ourselves as I don’t run Ensim boxes.

Common ingress (inbound) ports
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,19638"
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53"

Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="1"

# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43"
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"

Save the changes: Ctrl+X then Y

8. Starting the firewall
/usr/local/sbin/apf -s

Other commands:
usage ./apf [OPTION]
-s|--start ......................... load firewall policies
-r|--restart ....................... flush & load firewall
-f|--flush|--stop .................. flush firewall
-l|--list .......................... list chain rules
-st|--status ....................... firewall status
-a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and
immediately load new rule into firewall
-d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and
immediately load new rule into firewall

9. After everything is fine, change the DEV option
Stop the firewall from automatically clearing itself every 5 minutes from cron.
We recommend changing this back to “0” after you’ve had a chance to ensure everything is working well and tested the server out.

nano -w /etc/apf/conf.apf

FIND: DEVM="1"
CHANGE TO: DEVM="0"

10. Checking the APF Log

Will show any changes to allow and deny hosts among other things.
tail -f /var/log/apf_log


cPanel/WHM cannot be accessed using IP/whm and IP/cpanel

The reason for this issue due to missing some lines in httpd.conf.

Fix
====

1) Open the apache configuration file(httpd.conf) in your favorite editor.

2) Add the following lines in the httpd.conf.

===================================================================

ErrorDocument 400 /400.shtml
ErrorDocument 401 /401.shtml
ErrorDocument 403 /403.shtml
ErrorDocument 404 /404.shtml
ErrorDocument 500 /500.shtml
ScriptAlias /cgi-sys/ /usr/local/cpanel/cgi-sys/ Alias /sys_cpanel/ /usr/local/cpanel/sys_cpanel/ Alias /java-sys/ /usr/local/cpanel/java-sys/ Alias /img-sys/ /usr/local/cpanel/img-sys/ Alias /akopia/ /usr/local/cpanel/3rdparty/interchange/share/akopia/

Alias /neo-images/ /usr/local/cpanel/base/neomail/neo-images/
ScriptAliasMatch ^/cpanel/(.*) /usr/local/cpanel/cgi-sys/redirect.cgi
ScriptAlias /cpanel /usr/local/cpanel/cgi-sys/redirect.cgi
ScriptAlias /whm /usr/local/cpanel/cgi-sys/whmredirect.cgi
ScriptAlias /securewhm /usr/local/cpanel/cgi-sys/swhmredirect.cgi
ScriptAlias /webmail /usr/local/cpanel/cgi-sys/wredirect.cgi
ScriptAliasMatch ^/webmail/(.*) /usr/local/cpanel/cgi-sys/wredirect.cgi
ScriptAliasMatch ^/kpanel/(.*) /usr/local/cpanel/cgi-sys/redirect.cgi
ScriptAlias /controlpanel /usr/local/cpanel/cgi-sys/redirect.cgi
ScriptAlias /securecontrolpanel /usr/local/cpanel/cgi-sys/sredirect.cgi
Alias /mailman/archives/ /usr/local/cpanel/3rdparty/mailman/archives/public/
ScriptAlias /mailman/ /usr/local/cpanel/3rdparty/mailman/cgi-bin/
Alias /pipermail/ /usr/local/cpanel/3rdparty/mailman/archives/public/
Alias /interchange/ /usr/local/cpanel/3rdparty/interchange/share/interchange/
Alias /interchange-5/ /usr/local/cpanel/3rdparty/interchange/share/interchange-5/

===================================================================

3) Now restart the httpd service in the server.

cPanel email inconsistent quota !

If a cPanel email user quota does not match what is being reported by the system or a mail client run the following to determine how much space has been used for real:

du -hs /home/username/mail/userdomain.com/user/

then compare it with what cPanel reports for the disk usage, if they are different delete:

/home/username/mail/domain.com/user/maildirsize

finally re-login to cPanel and it should be resolved.

PhpMyAdmin :: SQLite failed to open/create session database

This is usually a bug in the PhpMyAdmin configuration, whenever you receive the following error when accessing PhpMyAdmin either from WHM or cPanel, follow the steps given below for a fix

Warning: session_write_close() [function.session-write-close]: open(/var/cpanel/userhomes/cpanelphpmyadmin/sessions/sess_uPSQAGVEZx2uuePd7SpsgTHJ6X7, O_RDWR) failed: No such file or directory (2) in /usr/local/cpanel/base/3rdparty/phpMyAdmin/navigation.php on line 85

Manually edit /usr/local/cpanel/3rdparty/etc/phpmyadmin/php.ini file as follow:

1)Login to shell of the server using root login details and open the file “/usr/local/cpanel/3rdparty/etc/phpmyadmin/php.ini” using vi or any other editor.

2) Search for the [Session] variable & underneath it, change the following

Replace:
——————————-
session.save_handler = sqlite
session.save_path =/var/cpanel/userhomes/cpanelphpmyadmin/sessions/phpsess.sdb
——————————-
To:
——————————-
session.save_handler = files
session.save_path = /tmp
——————————-

By default, PhpMyAdmin uses sqlite as as the file handler, but it needs to be changed to files & the location of the session files to be stored needs to be changed to /tmp which is the standard/default place to store temporary files

Named rndc.key error when starting

When trying to restart named process after making modifications may end up in a corrupt rndc.key key and the error will show like this:

Sep 12 03:30:54 server named[23683]: /etc/rndc.key:1: configuring key ‘rndc-key’: bad base64 encoding
Sep 12 03:30:54 server named[23683]: loading configuration: bad base64 encoding
Sep 12 03:30:54 server named[23683]: exiting (due to fatal error)

A simple explanation to this is that the key got modified somehow might me some bug.
What to do about this? Well it is simple just check the /etc/rndc.conf file and copy the key from there(you will see the key in the first lines of the file) and replace the key that it is in /etc/rndc.key file and restart named process.


# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]

Catch PHP nobody Spammers

PHP and Apache has a history of not being able to track which users are sending out mail through the PHP mail function from the nobody user causing leaks in formmail scripts and malicious users to spam from your server without you knowing who or where. Watching your exim_mainlog doesn’t exactly help, you see th email going out but you can’t track from which user or script is sending it. This is a quick and dirty way to get around the nobody spam problem on your Linux server.

If you check out your PHP.ini file you’ll notice that your mail program is set to: /usr/sbin/sendmail and 99.99% of PHP scripts will just use the built in mail(); function for PHP – so everything will go through /usr/sbin/sendmail =)

Requirements:
We assume you’re using Apache 1.3x, PHP 4.3x and Exim. This may work on other systems but we’re only tested it on a Cpanel/WHM Red Hat Enterprise system.



Step 1)
Login to your server and su – to root.


Step 2)
Turn off exim while we do this so it doesn’t freak out.
/etc/init.d/exim stop

Article provided by WebHostGear.com


Step 3)
Backup your original /usr/sbin/sendmail file. On systems using Exim MTA, the sendmail file is just basically a pointer to Exim itself.
mv /usr/sbin/sendmail /usr/sbin/sendmail.hidden

Step 4)
Create the spam monitoring script for the new sendmail.
pico /usr/sbin/sendmail

Paste in the following:

#!/usr/local/bin/perl

# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, “>>/var/log/spam_log”) || die “Failed to open file ::$!”;
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO “$date – $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n”;
}
else {

print INFO “$date – $PWD –  @infon”;

}
my $mailprog = ‘/usr/sbin/sendmail.hidden’;
foreach  (@ARGV) {
$arg=”$arg” . ” $_”;
}

open (MAIL,”|$mailprog $arg”) || die “cannot open $mailprog: $!n”;
while (<STDIN> ) {
print MAIL;
}
close (INFO);
close (MAIL);

Step 5)
Change the new sendmail permissions
chmod +x /usr/sbin/sendmail

Step 6)
Create a new log file to keep a history of all mail going out of the server using web scripts
touch /var/log/spam_log

chmod 0777 /var/log/spam_log

Step 7)
Start Exim up again.
/etc/init.d/exim start

Step 8)
Monitor your spam_log file for spam, try using any formmail or script that uses a mail function – a message board, a contact script.
tail – f /var/log/spam_log

Sample Log Output

Mon Apr 11 07:12:21 EDT 2005 – /home/username/public_html/directory/subdirectory –  nobody x 99 99   Nobody / /sbin/nologin

Log Rotation Details
Your spam_log file isn’t set to be rotated so it might get to be very large quickly. Keep an eye on it and consider adding it to your logrotation.

pico /etc/logrotate.conf

FIND:
# no packages own wtmp — we’ll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}

ADD BELOW:

# SPAM LOG rotation
/var/log/spam_log {
monthly
create 0777 root root
rotate 1
}

Notes:
You may also want to chattr + i /usr/sbin/sendmail so it doesn’t get overwritten.