MySQL Cheat Sheet

SSH repair and optimize all MySQL databases:

# /usr/bin/mysqlcheck –repair –all-databases –password=xxxxxx

# /usr/bin/mysqlcheck –optimize –all-databases –password=xxxxxx

Upgrade/Downgrade to MySQL 4.x:

backup database:

# cd /root

# /usr/bin/mysqldump –create-options –compatible=mysql40 –all-databases –force –user=root –password=xxxx > backup.sql

MySQL Optimization (my.cnf)

# vi /etc/my.cnf
#opteron 852 4GB RAM
[mysqld]
safe-show-database
max_connections = 500
key_buffer = 150M
myisam_sort_buffer_size = 64M
join_buffer_size = 1M
read_buffer_size = 1M
sort_buffer_size = 1M
table_cache = 1024
thread_cache_size = 100
wait_timeout = 300
connect_timeout = 10
max_allowed_packet = 16M
max_connect_errors = 10
query_cache_limit = 1M
query_cache_size = 32M
query_cache_type = 1
skip-innodb
thread_concurrency=4

[mysqld_safe]
open_files_limit = 8192

[mysqldump]
quick
max_allowed_packet = 16M

[myisamchk]
key_buffer = 64M
sort_buffer = 64M
read_buffer = 16M
write_buffer = 16M[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
skip-locking
#skip-networking
safe-show-database
query_cache_limit=1M
query_cache_size=128M ## 32MB for every 1GB of RAM
query_cache_type=1
max_user_connections=200
max_connections=500
interactive_timeout=10
wait_timeout=20
connect_timeout=20
thread_cache_size=128
key_buffer=256M ## 64MB for every 1GB of RAM
join_buffer=1M
max_connect_errors=20
max_allowed_packet=16M
table_cache=1024
record_buffer=1M
sort_buffer_size=4M ## 1MB for every 1GB of RAM
read_buffer_size=4M ## 1MB for every 1GB of RAM
read_rnd_buffer_size=4M  ## 1MB for every 1GB of RAM
thread_concurrency=4 ## Number of CPUs x 2
myisam_sort_buffer_size=64M
server-id=1
log_slow_queries=/var/log/mysql-slow-queries.log
long_query_time=2
collation-server=latin1_general_ci
old-passwords

[mysql.server]
user=mysql
basedir=/var/lib

[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/var/lib/mysql/mysql.pid
open_files_limit=8192

[mysqldump]
quick
max_allowed_packet=16M

[mysql]
no-auto-rehash
#safe-updates

[isamchk]
key_buffer=32M
sort_buffer=32M
read_buffer=16M
write_buffer=16M

[myisamchk]
key_buffer=32M
sort_buffer=32M
read_buffer=16M
write_buffer=16M

[mysqlhotcopy]
interactive-timeout

Optimize sysctl.conf

# vi /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Disables packet forwarding
net.ipv4.ip_forward=0

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Disables the magic-sysrq key
kernel.sysrq = 0

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800

# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack
net.ipv4.tcp_sack = 0

# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0

# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1

# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536



For changes to take affect right away

# /sbin/sysctl -p

Install vsftpd

login into the server as root. Go to the /usr/local/src/ folder and download the latest version of vsftpd…….

# cd /usr/local/src/

# wget ftp://vsftpd.beasts.org/users/cevans…d-2.0.5.tar.gz

untar the tar.gz file.

# tar -zxvf vsftpd-2.0.5.tar.gz

Go to the directory and run the make file.

# cd vsftpd-2.0.5
# make

Once it has finished compile and execute it

# make install
# cp vsftpd.conf /etc

Now edit the config file

vi /etc/vsftpd.conf

Disable anonymous logins and enable local, at the very bottom of the file add
listen=YES

Save the file and Just start the vsftpd service and enable it in startup.

# /usr/local/sbin/vsftpd
# chkconfig vsftpd on

cPanel commands run from root.

Common cPanel commands that are used in root.

Restart chkservd:

/etc/init.d/chkservd restart

Tail Apache log:

tail -f /usr/local/apache/logs/error_log

Updates the cpanel server software:

/scripts/upcp

Reinstalls exim:

/scripts/exim4

View traffic or if you think a site is being DDoS:

cd /usr/local/apache/domlogs
tail -f targetsite.com

Correct bandwidth issues

/scripts/cleanbw

To fix problem in webalizer that stop updating stats

/scripts/fixwebalizer

Fix everything

/scripts/fixcommonproblems
/scripts/fixeverything

Fixing Mail List MailMan

/usr/local/cpanel/bin/convertmailman2

Reinstall MailMan

/scripts/reinstallmailman

/scripts/fixhome

pico /etc/my.cnf

Edit php.ini (may be in a differant place if you have Zend installed)

pico /usr/local/lib/php.ini

Edit Apache Conf

pico /etc/httpd/conf/httpd.conf

Checking Real Time Top Processes Login to SSH and run

top

Run cpanel backup

/scripts/cpbackup

To try and fix domain controller

/scripts/fixndc

Quotas

/scripts/initquotas – takes a while to run
/scripts/resetquotas
/scripts/fixquotas – takes a while to run

Add a Dns Entry

/scripts/adddns

Install Frontpage Mail Exts

/scripts/addfpmail

Add JavaServlets to an account (jsp plugin required)

/scripts/addservlets

Add a User

/scripts/adduser

Run WHM Lite

/scripts/admin

Add Rlimits (cpu and mem limits) to apache

/scripts/apachelimits

Resync with a master DNS Server

/scripts/dnstransfer

Edit A User’s Quota

/scripts/editquota

Search For Trojans in /dev

/scripts/finddev

Locate Trojan Horses

/scripts/findtrojans

Suggest Usage

/scripts/findtrojans > /var/log/trojans

/scripts/fixtrojans /var/log/trojans

Make Interchange work with suexec

/scripts/fixcartwithsuexec

Fix Most Problems with Interchange

/scripts/fixinterchange

Run on a trojans horse file created by findtrojans to remove them

/scripts/fixtrojans

Run this if a user’s stats stop working

/scripts/fixwebalizer

Fix a broken valias file

/scripts/fixvaliases

Turn on DMA and 32bit IDE hard drive access (once per boot)

/scripts/hdparamify

Re-scan quotas. Usually fixes Disk space display problems

/scripts/initquotas

Turn on SUEXEC (probably a bad idea)

/scripts/initsuexec

Display Ipusage Report

/scripts/ipusage

Terminate an Account

/scripts/killacct

Delete “Security Problem Infested RPMS”

/scripts/killbadrpms

Fix Various Mail Permission Problems

/scripts/mailperm

Attempt to Troubleshoot a Mail Problem

/scripts/mailtroubleshoot

Change a Mysql Password

/scripts/mysqlpasswd

Kill Potential Security Problem Services

/scripts/quicksecure

Rebuild Ip Address Pool

/scripts/rebuildippool

Delete Nasty SSL entry in apache default httpd.conf

/scripts/remdefssl

Restart a Service (valid services: httpd,proftpd,exim,sshd,cppop,bind,mysql)

/scripts/restartsrv?? (example: /scripts/restartsrv httpd)

Syncup Security Updates from RedHat/Mandrake

/scripts/rpmup

Force a webalizer/analog update

/scripts/runlogsnow

Remove non-important suid binaries

/scripts/secureit

Install Frontpage 4+ on an account

/scripts/setupfp4

Return a Simple process list. Useful for finding where cgi scripts are running from

/scripts/simpleps

Suspend an account

/scripts/suspendacct

Syncup Cpanel RPM Updates

/scripts/sysup

Unblock an IP

/scripts/unblockip

UnSuspend an account

/scripts/unsuspendacct

Update Cpanel

/scripts/upcp

Update /scripts

/scripts/updatenow

Create a New Account

/scripts/wwwacct

Awstats to run manually

/scripts/runweblogs account_username

License Not working

rdate -s rdate.darkorb.net

Sometimes such behavior of apache/httpd (taking more and more memory until it dies or crashes the server) can be caused by corrupted MySQL database. Try to do the following:
1) Kill the mysql server
/etc/rc.d/init.d/mysql stop

2) Repair all SQL databases:
myisamchk -r /var/lib/mysql/*/*.MYI

3) Start mysql again:
/etc/rc.d/init.d/mysql start

——————————————————————————-

Restarting cpanel

/etc/rc.d/init.d/cpanel restart

To run your clients stats now

/scripts/runlogsnow

Restart the background proccess that runs the stats for your clients

/usr/local/cpanel/startup

To run your clients stats now

/scripts/runstatsonce

To run one clients stats:

/scripts/runweblogsnow username

Shut down http

httpd stop

Start http with SSL

httpd startssl

Start http

httpd start

/scripts/runweblogs

How to import and export a mysql database as root

MySQL Backup

mysqldump -u root -p DBNAME > BKPNAME.sql

———–

MySQL Restore

mysql -u root -p DBNAME < BKPNAME.sql

You pay leave out the “-p” and it won’t ask you for the root password –

-p, –password[=name]
Password to use when connecting to server. If password is
not given it’s asked from the tty.

Installing Subversion

It’s best to upgrade to Apache 2.2 with the DAV module enabled, but you may be able to get away with Apache 1.3 with DAV.

cd /usr/src
wget http://www.webdav.org/neon/neon-0.25.5.tar.gz
tar -xvzf neon-0.25.5.tar.gz
cd neon-0.25.5
./configure && make && make install
cd ../
mv neon-0.25.5 neon

After the installation, download the subversion sources from here:

http://subversion.tigris.org/servlets/ProjectDocumentList?folderID=260&expandFolder=74
Untar the archive into a temp directory like /usr/src and enter into the resulting folder. The run these commands to configure and install:

./configure --with-apxs=/usr/local/apache/bin/apxs \
 --with-apr=/usr/local/apache \
 --with-apr-util=/usr/local/apache \
 --with-ssl --enable-dso
make && make install

Verify that the installation was successfully by running svn –version

Installing DomainKeys

DomainKeys, similar to SPF records, authenticate that an email was sent from an authorized sender.  Several mail services such as Hotmail and Yahoo have started requiring these…luckily they are easy to set up in your cPanel.

System requirements

1. cPanel/WHM v11.x with the latest build

2. Your Mail server must be using Maildir format and NOT Mbox.

To install for a single user:

/usr/local/cpanel/bin/domain_keys_installer USERNAME

If you get an error such as: “Domain keys are not installed on this machine.” your server didn’t meet system requirement mentioned above.

To install DomainKeys for all accounts on a server:

for i in `ls /var/cpanel/users` ;do /usr/local/cpanel/bin/domain_keys_installer $i; done

Do NOT interrupt or stop the process until completed.

cPanel FAQ for VPS

From: http://www.cpanel.net/docs/whm/FAQ.htm

Q: I’m having server problems but the problem is not listed below. What should I do?

A: There are two options:

  1. You can search the Knowledgebase in WebHost Manager. The is explained in the support part of this manual.
  2. You can search the CPanel forums – http://support.cpanel.net/

Q: How do I login to Cpanel from a non-GUI?

A: Do the following:

  1. /usr/local/cpanel startup
  2. /etc/rc.d/init.d/cpanel3 restart – This will restart CPanel.

Q: I just got another server, what do I do?

A: If you would like to make your two servers work together, you will need to establish a trust relationship with your primary nameserver – refer to Establishing a trust relationship for more information. You can also transfer your old server’s files to your new server – refer to Transfers for more information.

Q: Proftp will not start it says, ‘unable to determine the ip address of mydomainhere.com’. What do I do?

A: You need to change your hostname to a FQDN (Fully Qualified Domain Name ). A FQDN has a host name, and a domain name which includes a top-level domain, e.g. www.sub.domain.com.

  1. #pico /etc/sysconfig/network
  2. Type hostname www.sub.domain.com
  3. Save changes and quit pico.
  4. Now, add a DNS Zone for yourdomain.com in WebHost Manager.
  5. Add an entry to /etc/hosts for your hostname.

Q: I have a CPanel license but when I login it says ‘Invalid Lisc File’. What’s wrong?

A: There are a couple of possibilities. The date on your server could be improperly synced, your main IP could have changed, or your files could have been corrupted.

  1. First, try to resync your server’s date:

    #rdate -s rdate.darkorb.net

  2. If that does not work, try to update your CPanel license file:

    #/usr/local/cpanel/cpkeyclt

  3. If these do not work contact your distributor so they can update your license

Q: My install keeps saying “waiting for updated to finish”. What should I do?

A: Do the following:

  1. Open another Terminal window and run as root:

    #rsync -av rsync://ftp.cpanel.net/scripts /scripts

  2. /etc/rc.d/init.d/cpanel3 restart – This will restart CPanel.

Q: What types of traffic does the Bandwidth monitor show?

A: The bandwidth monitor watches http, ftp, and pop traffic.

Q: I’ve added accounts in WebHost Manager that aren’t showing up. What’s wrong?

A: Your domain database has not been updated, you need to run:

#/scripts/updateuserdomains

Q: What does Initial Nameserver Setup do?

A: This starts the name and adds it to the list of daemons to be checked.

Q: What should I do about partitioning my drive? What sizes do I need?

A: Refer to Installation for more information.

Q: How do I upgrade using buildapache.sea?

A: Do the following:

  1. SSH into your server.
  2. SU and log in as root.
  3. #wget http://layer1.cpanel.net/buildapache.sea
  4. #chmod 755 buildapache.sea
  5. #./buildapache.sea
  6. Wait for the installer to complete.
  7. Cleanup after the install with:

    #rm -Rf buildapache/

    #rm buildapache.sea

Q: How can I use Cpanel in a non-graphical environment?

A: Do the following:

  1. #/sbin/chkconfig –add xfs
  2. #/sbin/service xfs start

Q: Neomail keeps returning no MD5.so in @INC. What do I do?

A: #/scripts/cleanmd5

Q: How can I fix problems with mail that result from incorrect permissions?

A: #/scripts/mailperm

Q: I’m trying to add FrontPage extensions, or a new account, and I get sd(8,10) write failure, user limit block reached. What do I do?

A: #/scripts/fixquotas

Q: What can fix many common problems?

A: #/scripts/fixcommonproblems

Q: I keep getting a 500 error when trying to use Mailman. What is wrong?

A: Your hostname is not being sent with your e-mail. Do the following:

  1. #/scripts/fixoldlistswithsuexec
  2. If that doesn’t work, try:

    #/scripts/fixmailmanwithsuexec

    #pico /usr/local/apache/conf/httpd.conf – move the last vhost to the first vhost in the file.

Q: What do I do when Mailman wants UID 99 but is getting -1?

A: #/scripts/upcp

Q: My subdomain logs are not being processed. What do I do?

A: Do the following:

  1. #rm -f ~username/tmp/lastrun
  2. #killall -9 cpanellogd
  3. #/usr/local/cpanel/cpanellogd

Q: How do I enable FrontPage on port 443 with ssl?

A: Do the following:

  1. /usr/local/frontpage/version5.0/bin/owsadm.exe -o install -p 443 -m
  2. $domain -t apache-fp -xuser $user -xgroup $group -servconf
  3. “/etc/httpd/conf/httpd.conf”

Q: Neomail complains of no MD5.so in @INC – what do I do?

A: Do the following:

  1. Rebuild Perl using installer from http://cpanel.net/
  2. Just running /scripst/cleanmd5 should do it.

Q: When adding FrontPage, I get sd(8,10) write failure, user limit block reached. What do I do?

A: Run /scripts/fixquotas

Q: How do I fix general mail problems related to permissions?

A: /scripts/mailperm

Q: How do I fix the most common problems?

A: /scripts/fixcommonproblems

Q: How do I fix cgi scripts that are returning a 500 error because of permissions?

A: Do the following:

  1. /scripts/fixsuexeccgiscripts
  2. Read /usr/local/apache/logs/suexec_log for Mailman 500 Error.
  3. /scripts/fixmailmanwithsuexec
  4. Edit /usr/local/apache/conf/htpd.conf and move the vhost it creates (almost always the last one in the file) to be the first vhost.
  5. Restart Apache: /etc/rc.d/init.d/httpd restart
  6. Run /scripts/fixoldlistswithsuexec

Q: What do I do when Mailman wants UID 99 when getting -1?

A: Do the following:

  1. Edit httpd.conf
  2. Make sure Group is set to nobody.
  3. Run /scripts/upcp – that should rebuild mailman with the correct UID/GID.

/scripts/upcp should now detect this and fix it for you automatically.

  1. Turn on SYN Cookies if built into the kernel.
  2. echo 1 >/proc/sys/net/ipv4/tcp_syncookies – at boot time after the /proc file system has been mounted.

Q: How do I troubleshoot Perl scripts?

A: Do the following:

  1. Edit Perl / cgi script – at top of file #!/usr/bin/perl
  2. Use CGI::Carp qw(fatalsToBrowser); – errors should be redirected to browser rather then getting a 500 error.
  3. Also, check if the script runs on the command line – perl -w ./scriptname.cgi – and see if it gives you errors.

Q: What do I do if subdomain logs are not getting processed?

A: Do the following:

  1. rm -f ~username/tmp/lastrun
  2. killall -9 cpanellogd
  3. /usr/local/cpanel/cpanellogd

Q: How do I stop a crontab?

A: Add – >/dev/null 2>&1 – after the entry in the crontab.

Q: What do I do when MySQL gives error of access denied for root@localhost?

A: Make sure root pass is in /root/.my.cnf, this is usually the first root password the box was given when CPanel was installed.

Q: How do I set the /etc/my.cnf file for sites with vbb forums that don’t close connections, thus spawning 500 mysqld’s and hogging all the RAM?

A: Do the following to mysqld:

  • set-variable = max_connections=1500
  • set-variable = max_user_connections=200
  • set-variable = wait_timeout=200
  • set-variable = interactive_timeout=800

Q: What do I do if SpamAssassin is taking up a lot of memory and CPU?

A: The chances are the dbm database has gotten corrupted. Try this:

  1. Find out what user it’s running as with ‘top’.
  2. cd /home/user/
  3. rm -rf .spamassasin
  4. Then mail them a couple of times to see if it fixes the problem.

Q: What do I do if buildapache.sea bombs out with a lot of nasty looking errors?

A: Do the following:

  1. Find out the version (cat /etc/redhat-release).
  2. Find a server running the same version that works.
  3. tar xzvf bits.tgz /usr/include/bits
  4. Copy that to the broken server.
  5. Backup /usr/include/bits somewhere.
  6. tar xzvf bits.tgz from /

Q: What do I do when a Guestbook is not showing anything, I get a blank page when trying to view, and no errors when submitting?

A: Do the following:

chown nobody /home/username/.guestbook

Make sure ‘nobody’ can write to it.

Q: What do I do when all the Perl/CGI scripts that are not running as root (including Interchange) get the error “getgrgid: invalid groupid XXXXX”? From Apache’s error_log …

[Tue Mar 26 09:13:16 2002] [error] [client x.x.x.x] (2)No such file or directory: getgrgid: invalid groupid 32015

[Tue Mar 26 09:13:16 2002] [error] (2)No such file or directory: exec of /home/username/public_html/utility.cgi failed

[Tue Mar 26 09:13:16 2002] [error] [client x.x.x.x] Premature end of script headers: /home/username/public_html/script.cgi

A: Do the following:

chmod 644 /etc/group

If that doesn’t fix it, check permissions on the passwd file and shadow file as well just for good measure.

Q: What are the default locations for Mailman, exim config, exim log, or the exim reject log?

A: The locations are:

  • Mailman lists = /usr/local/cpanel/3rdparty/mailman/lists/
  • Exim Config = /etc/exim.conf
  • Exim Log = /var/log/exim_mainlog
  • Exim Reject Log = /var/log/exim_rejectlog

Q: What do I do when setting up a trust relationship and I get errors about possible security threats and stuff about SSH/known_hosts?

A: Most likely the master server has changed it’s ssl info. The easiest way to remedy this is:

  1. cd /etc/
  2. rm -rf .ssh

Then try setting up the trust relationship again.