WHM :: Access Denied

When you login to the WHM, you get the following error:

    Access Denied
    Functions in cPanel / WHM are available only directly through the cPanel and WHM interfaces or through our XML API. It appears that this request is coming from a referring site and might be malicious.

When XSRF attacks is enabled in the WHM, the cPanel will validate the referrer for every page. If the referrer matches one of the domains, the server ‘s hostname , or any of the server’s IPs, then the request is allowed through. If the referrer does not match, then the user is shown the “Access Denied” page with the request information and given the option to proceed.

To get rid of that page:

  1. 1. Login to the WHM >> Server Configuration >> Tweak Settings
  2. Scroll down the page (about half way down) and find “Security”, un-check the checkbox to deactivate “XSRF attacks”
  3. Click on the button Save at the bottom of the page.
    DONE

WHM / cPanel : Munin MySQL Graphs blank

Make sure that the password in /root/.my.cnf is valid, first.

In /etc/munin/plugin-conf.d , you will see a file called cpanel.conf . Modify it completely to look like so:

[mysql*]

user root
group wheel

env.mysqladmin /usr/bin/mysqladmin

env.mysqlopts -u [MySQL_usr] -p[MySQL_usrpassword]

### [MySQL_usr] is a valid MySQL user and [MySQL_usrpassword] is it’s password
### you can use mysql root too.


[exim_mailqueue]
group mail

[exim_mailstats]
group mail

[mailman]
user mailman

then restart munin

/etc/init.d/munin-node restart

This tells munin to pull the mysql environment from the file necessary
Of course , in this case you will need munin to run as ROOT. To do this:
su to your munin user

su munin

remove the munin crontab

crontab -e

remove the line, or just add an # to the beginning of it

then exit out of the shell, and add the SAME crontab (that was in the munin user) to root, adding –force-root to the end of the statement, so it’d be something like:


*/5 * * * * /usr/bin/munin-cron --force-root

WHM / cPanel : Munin graphs are Blank

WHM / cPanel Provides Munin for the Server Monitoring. It shows graphs for Disk, Exim, Mysql, Network, and Other Processes. I faced a issue on clients server where installation goes fine and Munin graphs are blank. I have made a short guide to trace the issue.

Restart Munin node and Watch for the logs for munin using :

/etc/init.d/munin-node restart

tail -f /var/log/munin/munin-node.log

Munin Errors :

2008/05/13-23:32:46 Server closing!
Process Backgrounded
2008/05/13-23:32:46 MyPackage (type Net::Server::Fork) starting! pid(25631)
Binding to TCP port 4949 on host *
Setting gid to “10 10”
Use of uninitialized value in eval {block} exit at /usr/sbin/munin-node line 452, line 8.

Munin uses port 4949, check the firewall and if possible disable the firewall during the troubleshooting.

munin 4949/tcp # Munin Graphing Framework
munin 4949/udp # Munin Graphing Framework

#telnet localhost 4949
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
# munin node at [your server name]

Solution :

The above errors are when expected node hostname does not match the actual hostname of the server.

Ensure that the hostname entry is at the top and is correct in the /etc/hosts file.

Restart the munin node and use command to execute the munin.

/usr/bin/munin-cron –force-root

The munin should work fine now.

Invalid command ‘SSLEngine’

CentOS release 4.5 (Final)

Server version: Apache/1.3.37 (Unix)

You can get this error for lots of reasons (including the mod_ssl.c module not being loaded) but my problem to day was the above error spat out by:

apachectl configtest

The reason is that apachectl DOES NOT define SSL (i.e. when it’s checking the config file). Therefore the httpd.conf will ALWAYS look broken if mod_ssl.c specific directives are in it. That is unless they are bracketed with:

<IfDefine SSL> or <IfModule mod_ssl.c>

in which case what’s the point of using “apachectl configtest” to test the config file?

httpd -S

gives the same error unless you also pass -DSSL like this:

httpd -S -DSSL

Be safe: use the actual boot scripts to stop and start the server if you’re using SSL:

/etc/init.d/httpd stop

/etc/init.d/httpd startssl

WHM / cPanel :

You may get errors for SSLEngine while installing SSL from WHM :

Syntax error on line 29945 of /usr/local/apache/conf/httpd.conf.installssl.1210663778.980885407.445848-domain.com:
Invalid command ‘SSLEngine’, perhaps mis-spelled or defined by a module not included in the server configuration

root@devel [/usr/share/ssl/private]# service httpd startssl
[Tue Jul 18 15:51:15 2006] [warn] module bytes_log_module is already loaded, skipping
Syntax error on line 1211 of /usr/local/apache/conf/httpd.conf:
Invalid commandSSLEngine‘, perhaps mis-spelled or defined by a module not included in the server configuration
/etc/init.d/httpd startssl: httpd could not be started

Fix:

Rebuild Apache using easyapache or from WHM which will fix the issue with SSL.

root@devel [/usr/share/ssl/private]# service httpd restart
/etc/init.d/httpd restart: httpd not running, trying to start
/etc/init.d/httpd restart: httpd started

Upgrade WHM / cPanel Linux server to EDGE Virtuozzo Optimized release

Q. How do I upgrade my CentOS Linux 5.0 dedicated server to WHM / cPanel edge release?

A. You can upgrade to EDGE release from WHM manager. Please 
note that Edge is the bleeding edge tree. While it has the newest features; It has undergone the
least amount of testing (if any). You generally shouldn't run this build unless you need a bug fix
or feature in it. Once an equivalent CURRENT or RELEASE build has been released, you should switch away from this.
 

Configure EDGE upgrade

a] Just login to WHM b] Look for Server Configuration c] Click on Update Config d] Set cPanel/WHM Updates option to Manual Updates Only (bleeding EDGE tree) Upgrade WHM / cPanel Linux server to EDGE release e] Click on Save.  

To start upgrade procedure

Look for cPanel Click on Upgrade to Latest Version Click on Click Upgrade button

Edge upgrade from a shell or command prompt

Login as the root via ssh. Edit /etc/cpupdate.conf file: # vi /etc/cpupdate.conf Find line CPANEL=stable Replace with: CPANEL=manual-edge Save and close the file. Now update to edge: # /scripts/upcp -- force

 

semget: No space left on device

This relates to semaphores on your system (you’ve run out). Run the following to clear them out:

ipcs | grep apache | awk ‘{print $2}’ > sem.txt
for i in `cat sem.txt`; do { ipcrm -s $i; }; done;

For cPanel servers :

ipcs | grep nobody | awk ‘{print $2}’ > sem.txt
for i in `cat sem.txt`; do { ipcrm -s $i; }; done;

 

Finally restart Apache :

/etc/init.d/httpd restart

Or 
service httpd restart

 

 

Setting Private name servers in Cpanel / WHM

If you want your own name server such as ns1.linuxbabu.net, ns2.linuxbabu.net

Please follow the below steps to setup your own nameservers.

Step 1. Log into your domain manager account, via your domain registrar’s web site
(i.e. www.godaddy.com , www.enom.com , …)

Step 2: You will need to name your DNS server and insert a valid ip that is bound to your server. This will cause your server to get “mapped” on the Internet as being an operational DNS server.

For this example, my domain name is ‘linuxbabu.net’ and the IP’s bound to my server are “75.126.196.138” (Primary IP) and “75.126.196.152” (Secondary IP). I will be using the hostname ‘ns1.linuxbabu.net’ bound to the “75.126.196.138” IP, and ‘ns2.linuxbabu.net’ bound to the “75.126.196.152” IP.

Note : The hostname ‘ns1.linuxbabu.net’ and ‘ns2.linuxbabu.net’ are not mandatory. You can use any name along with your domain name. The name ‘ns1’ is simply easy to remember for both the sys admin, and the customer.

Step 3: The last step is to basically say which DNS server is authorized to resolve the domain ‘linuxbabu.net’ to an IP. We will have to input the hostnames that we specified in step 2, which are: ‘ns1.linuxbabu.net’ and ‘ns2.linuxbabu.net’.

Note: If you wish to use your DNS server to resolve other domains besides ‘linuxbabu.net’ you should repeat only step 3, which is basically telling your domain registrar who is the authoritative DNS server for the domain.

Part 2: cPanel DNS Configuration

Now that we’ve established our DNS Internet Awareness through our domain registrar, we will have to configure cPanel to finalize our settings

Step 1. Login to your whm https://75.126.196.138:2087/ and then Main >> DNS Functions >> Add a DNS Zone

ns1.linuxbabu.net 75.126.196.138
ns2.linuxbabu.net 75.126.196.152

=============

Main >> Server Configuration >> Basic cPanel/WHM Setup

Primary Nameserver & Secondary Nameserver

Click on “Assign Ip Address”

If it does not assign the right ip address then login to the server through ssh

edit
/etc/nameserversip

===================================

nano /etc/nameserverips

192.168.1.1=0
192.168.1.2=0
192.168.1.3=0

Change to

192.168.1.1=ns1.linuxbabu.net
192.168.1.2=ns2.linuxbabu.net

====================================

once the correct Ip are assigned to name servers

Click on “add A entery for this name server”

This will the A entry for nameservers.

================================

Check the nameservers IP

Main >> Networking Setup >> Nameserver IPs

It should showup the correct nameservers and their IPs

============
Ip Nameserver
192.168.1.1 ns1.linuxbabu.net
192.168.1.2 ns2.linuxbabu.net
============

Known Issue : When I try to edit my nameserver IPs, two nameservers keep showing up even though I keep manually deleting them from /etc/nameserverips and restarting named. ns1.linuxbabu.net and ns2.linuxbabu.net always keep taking up my first two IP addresses, and I have never added these domains.

Fix :
From WHM Main >> Server Configuration >> Tweak Settings select the option “Disable whois lookups for the nameserver IP manager.” and reconfigure the NS and you are done.

How do I view what exim is doing?

Exim comes with a utility called ‘exiwhat’ which will display what each instance of exim is currently involved with. The output will look similar to this:

root@server [~]# exiwhat
2118 daemon: -q1h, listening for SMTP on port 25 (IPv4)
2130 daemon: no queue runs, listening for SMTPS on port 465 (IPv4)
31640 handling incoming connection from [1.2.3.4]

Also, to monitor the exim log in realtime, you may use the tail command thusly:

tail -f /var/log/exim_mainlg

How to re-install RVSkin ?

How to uninstall RVSkin?
Run this command:

perl /root/rvadmin/uninstall.pl

Terminate rvadmin account from WHM

Reinstall rvadmin

mkdir /root/rvadmin; cd /root/rvadmin; wget http://download.rvglobalsoft.com/download.php/download/rvskin-auto/saveto/rvauto.tar.bz2; bunzip2 -d rvauto.tar.bz2; tar -xvf rvauto.tar; perl /root/rvadmin/auto_rvskin.pl

Ports that must be open to run cPanel behind a firewall IPTables

Ports that must be open to run cPanel behind a firewall / IPTables

port service protocol direction

20 ftp tcp inbound/outbound

21 ftp tcp,udp inbound/outbound

22 ssh tcp inbound

25 smtp tcp inbound/outbound

26 smtp tcp inbound/outbound

37 rdate tcp outbound

43 whois tcp outbound

53 DNS tcp/udp inbound/outbound

(inbound is only needed if you run your own public DNS server you)

80 http tcp inbound/outbound

110 pop3 tcp inbound

113 ident tcp outbound

143 imap4 tcp inbound

443 https tcp inbound

465 smtp tls/ssl tcp/udp inbound/outbound

873 rsync tcp/udp outbound

993 imap4 ssl tcp inbound

995 pop3 ssl tcp inbound

2082 cpanel tcp inbound

2083 cpanel ssl tcp inbound

2086 whm tcp inbound

2087 whm ssl tcp inbound

2089 cp licence tcp outbound

2095 Webmail tcp inbound

2096 Webmail SSL tcp inbound

3306 mysql tcp (only if you need to connect remotely)

6666 chat tcp inbound