Difference between revisions of "Main Page"
(→For APF) |
(→restart the services) |
||
| Line 155: | Line 155: | ||
As well as APF or CSF | As well as APF or CSF | ||
| + | |||
| + | =unformated BS= | ||
| + | to fix later | ||
| + | |||
| + | cPanel | ||
| + | Version | ||
| + | /usr/local/cpanel/cpanel -V | ||
| + | |||
| + | |||
| + | or check the top right of WHM Restart | ||
| + | /etc/init.d/cpanel restart | ||
| + | |||
| + | |||
| + | force update | ||
| + | /scripts/upcp --force | ||
| + | |||
| + | |||
| + | add spf and dkim server wide | ||
| + | for user in $(\ls -A /var/cpanel/users) ; do /usr/local/cpanel/bin/dkim_keys_install $user; /usr/local/cpanel/bin/spf_installer $user ; done | ||
| + | |||
| + | |||
| + | bypass cpanel security questions: | ||
| + | echo "$(last |grep "still logged in" |awk '{print $3}')" >> /var/cpanel/userhomes/cpanel/.cpanel/securitypolicy/iplist/root echo "10.20.4.233" >> /var/cpanel/userhomes/cpanel/.cpanel/securitypolicy/iplist/root | ||
| + | |||
| + | |||
| + | Chksrvd log | ||
| + | chekservd fails: | ||
| + | echo -e "\nchekservd fails\n" && egrep '\[\[check command:-\]' /var/log/chkservd.log | egrep -o '(20[0-9]{2}(-[0-9]{2}){2}\ [0-9]{2}(:[0-9]{2}){2}|[a-z]* \[\[check command:-\])'| sed 's/\[\[check command:-\]//'g how far back does the log go: egrep -o '20[0-9]{2}(-[0-9]{2}){2}\ [0-9]{2}(:[0-9]{2}){2}' /var/log/chkservd.log |head -n1 | ||
| + | |||
| + | |||
| + | Apache | ||
| + | Restart | ||
| + | /etc/init.d/httpd restart | ||
| + | |||
| + | |||
| + | Tail the Error lo | ||
| + | tail -f /usr/local/apache/logs/error_log | ||
| + | |||
| + | |||
| + | Config file on cPanel boxes | ||
| + | vim /usr/local/apache/conf/httpd.conf | ||
| + | |||
| + | |||
| + | Apache's status | ||
| + | service httpd status httpd fullstatus | ||
| + | |||
| + | |||
| + | Check for Max Clients | ||
| + | grep MaxClients /usr/local/apache/logs/error_log ps aux | grep httpd -c; egrep 'MaxClients|ServerLimit' /usr/local/apache/conf/httpd.conf | ||
| + | |||
| + | |||
| + | connections made per ip | ||
| + | netstat -tn 2>/dev/null | grep ':80[[:space:]]' | awk '{print $5}' | cut -f1 -d: | sort | uniq -c | sort -rn | head | ||
| + | |||
| + | |||
| + | Plesk? | ||
| + | tail /var/www/vhosts/<domain.com>/statistics/logs/error_log | ||
| + | |||
| + | |||
| + | MySQL | ||
| + | handy infos | ||
| + | config file | ||
| + | vim /etc/my.cnf | ||
| + | |||
| + | |||
| + | Error log | ||
| + | tail -f /var/lib/mysql/`hostname`.err | ||
| + | |||
| + | |||
| + | Restart | ||
| + | /etc/init.d/mysql restart | ||
| + | |||
| + | |||
| + | watch -n1 mysqladmin proc stat | ||
| + | |||
| + | |||
| + | Jhayhoe's list frag tables | ||
| + | wget -O /scripts/fragmented.sh http://layer3.liquidweb.com/scripts/jhayhoe/fragmented.sh chmod +x /scripts/fragmented.sh /scripts/fragmented.sh | ||
| + | |||
| + | |||
| + | mysqlcheck | ||
| + | The mysqlcheck client performs table maintenance: It checks, repairs, optimizes, or analyzes tables | ||
| + | --all-databases, -A Check all tables in all databases. This is the same as using the --databases option and naming all the databases on the command line. | ||
| + | --optimize, -o Optimize the tables. | ||
| + | --repair, -r Perform a repair that can fix almost anything except unique keys that are not unique. | ||
| + | --auto-repairIf a checked table is corrupted, automatically fix it. Any necessary repairs are done after all tables have been checked. | ||
| + | |||
| + | |||
| + | mysqlcheck -Aor | ||
| + | |||
| + | |||
| + | mysqlcheck --auto-repair --optimize --all-databases | ||
| + | |||
| + | |||
| + | other stuff | ||
| + | Shut it down and check tables | ||
| + | killall -9 tailwatchd | ||
| + | killall -9 crond | ||
| + | service mysql stop | ||
| + | find /var/lib/mysql -iname "*.MYI" -exec myisamchk -fUr {} \; service mysql restart | ||
| + | service crond restart | ||
| + | /scripts/restartsrv_tailwatchd | ||
| + | |||
| + | |||
| + | Optimize each table in a For loop, | ||
| + | for i in $(mysql -e "show databases;" | sed 's/Database//') ; do for each in $(mysql -e "use $i; show tables;" | sed 's/Tables.*//' ;) ; do mysql -e "use $i ; optimize table $each" ; done ; done | ||
| + | |||
| + | |||
| + | MyTop, it's like top for mysql (If it is installed on the server) http://jeremy.zawodny.com/mysql/mytop/mytop-1.6.tar.gz mytop | ||
| + | innodb | ||
| + | what tables are using innodb | ||
| + | mysql -e "SELECT table_schema, table_name FROM INFORMATION_SCHEMA.TABLES WHERE engine = 'innodb';" | ||
| + | |||
| + | |||
| + | conf | ||
| + | located in | ||
| + | /etc/my.cnf | ||
| + | |||
| + | |||
| + | script for the only settings that should ever need to be adjusted (according to lw wiki): | ||
| + | "Good starting points are 64M, then double this value as RAM doubles. 1GB RAM = 64M, 2GB = 128M, 4GB = 256M" | ||
| + | |||
| + | |||
| + | echo "what they are:";mysql -e "show variables" |egrep 'innodb_buffer_pool_size|key_buffer_size' |awk '{print $1,$2/1024/1024"M"}'; echo "what they should be:"; cat /proc/meminfo |grep MemTotal | awk '{print $2/1024/1024*64"M"}' | ||
| + | |||
| + | |||
| + | Plesk? | ||
| + | restart (notice the d) | ||
| + | /etc/init.d/mysqld restart | ||
| + | |||
| + | |||
| + | This will give you the admin password to Plesk | ||
| + | cat /etc/psa/.psa.shadow; echo -e "\n"; | ||
| + | |||
| + | |||
| + | Use this password with: | ||
| + | mysql -u admin -p watch "mysqladmin proc stat -u admin -p`cat /etc/psa/.psa.shadow`" | ||
| + | |||
| + | |||
| + | Screen | ||
| + | ctrl+a +d is keyboard shortcut to detach | ||
| + | |||
| + | |||
| + | Error? | ||
| + | Directory '/var/run/screen' must have mode 777. | ||
| + | no prob: | ||
| + | chmod g+s /usr/bin/screen | ||
| + | |||
| + | |||
| + | all set | ||
| + | List current screens | ||
| + | screen -ls | ||
| + | |||
| + | |||
| + | Create new screen | ||
| + | screen -S [name] | ||
| + | |||
| + | |||
| + | Attach | ||
| + | screen -r [screen name] | ||
| + | |||
| + | |||
| + | Detach | ||
| + | screen -d [screen name] | ||
| + | |||
| + | |||
| + | Join already attached or unattached... | ||
| + | screen -x [screen name] | ||
| + | |||
| + | |||
| + | screen -x by itself, will join the screen if there is only one to join | ||
| + | EasyApache | ||
| + | Do before: | ||
| + | USR=lw.$(date +%s); FILE=/root/preEA.$USR;cp /usr/local/apache/conf/httpd.conf{,.bak.$USR}; cp /usr/local/lib/php.ini{,.bak.$USR}; touch $FILE; cat > $FILE <(echo -e "\n--Current Handler--\n" ; /usr/local/cpanel/bin/rebuild_phpconf --current ; if [ -x /usr/bin/php4 ] ;then echo -e "\n--PHP 4 Version--\n" ; php4 -v 2>&1; echo -e "\n--PHP 4 Modules--\n"; php4 -m 2>&1 ;fi;if [ -x /usr/bin/php5 ] ;then echo -e "\n--PHP 5 Version--\n"; php5 -v ; echo -e "\n--PHP 5 Modules--\n"; php5 -m;fi ;echo -e "\n--Apache Version--\n" ;/usr/local/apache/bin/httpd -V; echo -e "\n--Apache Modules--\n";/usr/local/apache/bin/httpd -l ; echo -e "\n\n--Date Created: $(date +%c)--";echo -e "\n--Configuration files--\n" ; echo "httpd.conf: /usr/local/apache/conf/httpd.conf.bak.$USR"; echo "php.ini: /usr/local/lib/php.ini.bak.$USR";) ; echo -e "\nPreEA configuration stored in \n$FILE" | ||
| + | |||
| + | |||
| + | do it in a screen! | ||
| + | screen -S EA /scripts/easyapache | ||
| + | |||
| + | |||
| + | suPHPfix + suPHP | ||
| + | Save-state | ||
| + | saves the file permissions of (all|cPuser) in their current state | ||
| + | However, | ||
| + | This will overwrite the previous save state if done a second time! | ||
| + | Save state is a JSON file located in: /var/cache/suphpfix backup the appropriate file in this directory if you are going to run this a second time | ||
| + | something like | ||
| + | cp -rfa /var/cache/suphpfix /var/cache/$(date +"%m%d%Y").suphpfix.bak Check the ticket to see if it was run previously ! suphpfix --save-state (all|cPuser) | ||
| + | |||
| + | |||
| + | Prep all | ||
| + | makes the changes to the permissions suphpfix --prep (all|cPuser) | ||
| + | Restore-state | ||
| + | restores from the current save state in | ||
| + | /var/cache/suphpfix | ||
| + | suphpfix --restore-state (all|cPuser) switch to suPHP /usr/local/cpanel/bin/rebuild_phpconf 5 none suphp enabled | ||
| + | |||
| + | |||
| + | SpamAssassin | ||
| + | Disable forwarding for DNSBL queries for SpamAssassin | ||
| + | Needs more testing! | ||
| + | sed -i.preSAfix.bak -e '1iinclude "/etc/named.disable.DNSBL.fwding.conf"; \' /etc/named.conf | ||
| + | touch /etc/named.disable.DNSBL.fwding.conf && chown named: /etc/named.disable.DNSBL.fwding.conf | ||
| + | cat <<EOF >> /etc/named.disable.DNSBL.fwding.conf | ||
| + | view "DNSBL zones" { | ||
| + | //Disable forwarding for DNSBL queries for SpamAssassin | ||
| + | // | ||
| + | //http://wiki.apache.org/spamassassin/CachingNameserver | ||
| + | // | ||
| + | //If you have a large ISP or are using large public DNS provider(s) | ||
| + | //it is recommended you not forward mail-related DNS traffic through | ||
| + | //their DNS servers (though non-mail DNS traffic from your site shouldn't | ||
| + | //have problems.) With bind, this means not having any "forwarders" listed. | ||
| + | //Or, at a minimum, you could create exemptions by | ||
| + | //defining empty forwarders for DNSBL zones, like this: | ||
| + | zone "multi.uribl.com" { | ||
| + | type forward; | ||
| + | forward first; | ||
| + | forwarders {}; | ||
| + | }; | ||
| + | zone "dnsbl.sorbs.net" { | ||
| + | type forward; | ||
| + | forward first; | ||
| + | forwarders {}; | ||
| + | }; | ||
| + | zone "combined.njabl.org" { | ||
| + | type forward; | ||
| + | forward first; | ||
| + | forwarders {}; | ||
| + | }; | ||
| + | zone "activationcode.r.mail-abuse.com" { | ||
| + | type forward; | ||
| + | forward first; | ||
| + | forwarders {}; | ||
| + | }; | ||
| + | zone "nonconfirm.mail-abuse.com" { | ||
| + | type forward; | ||
| + | forward first; | ||
| + | forwarders {}; | ||
| + | }; | ||
| + | zone "iadb.isipp.com" { | ||
| + | type forward; | ||
| + | forward first; | ||
| + | forwarders {}; | ||
| + | }; | ||
| + | zone "bl.spamcop.net" { | ||
| + | type forward; | ||
| + | forward first; | ||
| + | forwarders {}; | ||
| + | }; | ||
| + | zone "fulldom.rfc-ignorant.org" { | ||
| + | type forward; | ||
| + | forward first; | ||
| + | forwarders {}; | ||
| + | }; | ||
| + | zone "list.dnswl.org" { | ||
| + | type forward; | ||
| + | forward first; | ||
| + | forwarders {}; | ||
| + | }; | ||
| + | zone "blackholes.mail-abuse.org" { | ||
| + | type forward; | ||
| + | forward first; | ||
| + | forwarders {}; | ||
| + | }; | ||
| + | zone "bl.score.senderscore.com" { | ||
| + | type forward; | ||
| + | forward first; | ||
| + | forwarders {}; | ||
| + | }; | ||
| + | zone "zen.spamhaus.org" { | ||
| + | type forward; | ||
| + | forward first; | ||
| + | forwarders {}; | ||
| + | }; | ||
| + | }; | ||
| + | EOF | ||
| + | service named restart | ||
| + | |||
| + | |||
| + | SA-learn script | ||
| + | stolen modified from jpurkis | ||
| + | enable Bayes in the user_conf | ||
| + | use_bayes 1 | ||
| + | bayes_auto_learn 1 | ||
| + | bayes_min_ham_num 50 | ||
| + | bayes_min_spam_num 50 | ||
| + | |||
| + | |||
| + | su to the cPanel user in question and add a cronjob to run the following script, (placed where the cPanel user can access it). | ||
| + | #!/bin/bash | ||
| + | #Find and learn spam | ||
| + | find /home/$user/mail/ -type d -name ".Junk" -exec /usr/local/cpanel/3rdparty/bin/sa-learn --no-sync --spam {}/{cur,new}/ \; | ||
| + | #Find and learn ham | ||
| + | find /home/$user/mail/ -type d -name ".non-spam" -exec /usr/local/cpanel/3rdparty/bin/sa-learn --no-sync --ham {}/{cur,new}/ \; | ||
| + | #sync /usr/local/cpanel/3rdparty/bin/sa-learn --sync | ||
| + | #clean out learned spam for i in $(find /home/$user/mail/ -type d -name ".Junk" ); do rm -f $i/{cur,new}/* ; done | ||
| + | #remove week old spam | ||
| + | for i in $(find /home/$user/mail/ -type d -name ".spam") ; do find $i/{cur,new}/ -type f -mtime +7 -exec rm -f \; ; done | ||
| + | |||
| + | |||
| + | exim | ||
| + | Mail queue cleanup | ||
| + | who is 'authing' the mail. This needs to be addressed first. Stop the outgoing mail then clean it up. | ||
| + | find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id' | ||
| + | |||
| + | |||
| + | Subject lines | ||
| + | find /var/spool/exim/input/ -name '*-H' | xargs egrep ' Subject:' | ||
| + | |||
| + | |||
| + | refine the results | ||
| + | is all the spam authed by the same user? | ||
| + | find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id someuser@domain' | ||
| + | |||
| + | |||
| + | or | ||
| + | find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id somecpuser' | ||
| + | |||
| + | |||
| + | or are the subject lines all the same? | ||
| + | find /var/spool/exim/input/ -name '*-H' | xargs egrep ' Subject: Discount spam, free' | ||
| + | |||
| + | |||
| + | then pipe that to: | ||
| + | Regex for pulling out the mail ID | ||
| + | | egrep '([0-9a-zA-Z]{6}\-){2}[0-9a-zA-Z]{2}' -o | ||
| + | |||
| + | |||
| + | then pipe that to the exim command to remove mail by mail id to remove previously determined the mail | ||
| + | Removing the mail by mail ID | ||
| + | | xargs exim -Mrm | ||
| + | |||
| + | |||
| + | clear out bounces ect | ||
| + | find /var/spool/exim/input/ -name '*-H' | xargs egrep 'Subject: (Undelivered Mail|Mail delivery|Mail failure|Delivery Status|Returned mail|Undeliverable|failure notice|Warning: message)'| egrep [0-9a-zA-Z]{6}\-[0-9a-zA-Z]{6}\-[0-9a-zA-Z]{2} -o | xargs exim -Mrm | ||
| + | |||
| + | |||
| + | Babysitting cleanup of a large queue? | ||
| + | Make you notes look nice: | ||
| + | echo -e "#queue $(exim -bpc) @$(date) on $(hostname)" | ||
| + | |||
| + | |||
| + | periodically run that, to get nice output, eg: | ||
| + | #queue 96910 @Fri Feb 27 08:28:48 EST 2015 on host.server.com | ||
| + | #queue 96710 @Fri Feb 27 08:28:58 EST 2015 on host.server.com | ||
| + | #queue 96595 @Fri Feb 27 08:29:08 EST 2015 on host.server.com | ||
| + | |||
| + | |||
| + | general | ||
| + | restart /etc/init.d/exim restart what is going on exiwhat number of messages in queue exim -bpc start the queue exim -q -v | ||
| + | |||
| + | |||
| + | clean out default mail inbox | ||
| + | find /home/$(cpuser)/mail/{cur,new}/ -type f -exec rm -f \; | ||
| + | |||
| + | |||
| + | where $(cpuser) is the user alternatively add | ||
| + | -mtime +7 | ||
| + | |||
| + | |||
| + | to leave stuff newer than one week if the user wants to review. | ||
| + | make cpanel interface report the correct value | ||
| + | /scripts/generate_maildirsize --confirm --allaccounts --verbose $(cpuser) | ||
| + | |||
| + | |||
| + | log location | ||
| + | /var/log/exim_mainlog | ||
| + | |||
| + | |||
| + | cant ping liquidweb.com? check | ||
| + | vim /etc/resolv.conf | ||
| + | |||
| + | |||
| + | try google's resolvers 8.8.8.8 | ||
| + | diskspace clean up | ||
| + | /var yum clean all | ||
| + | |||
| + | |||
| + | checking usage | ||
| + | df -h du -h --max-depth=1 | ||
| + | |||
| + | |||
| + | df and du discrepancy | ||
| + | If df and du do not agree, there is one or more processes keeping a deleted file open. | ||
| + | df is reading it and du is not | ||
| + | find them and kill them! | ||
| + | Find it, make sure these can be killed, note, ect. | ||
| + | lsof | grep "deleted" | ||
| + | |||
| + | |||
| + | nice output if the sizer is >0 i.e. | ||
| + | COMMAND PID SIZE NAME | ||
| + | |||
| + | |||
| + | lsof | grep deleted |awk '{if ($7>0) print $1,$2"\t"$7/1024/1024"M\t" $9}' | ||
| + | |||
| + | |||
| + | Kill them: | ||
| + | kill -15 <PID> | ||
| + | |||
| + | |||
| + | inodes | ||
| + | Plenty of open space but but the disk is still full? | ||
| + | Check the number of inodes used | ||
| + | no inodes = no new files | ||
| + | du -i | ||
| + | |||
| + | |||
| + | purge_dead_comet_files: | ||
| + | /usr/local/cpanel/bin/purge_dead_comet_files | ||
| + | |||
| + | |||
| + | don't use | ||
| + | Delete ALL the files! Bad idea to use unless you know what you are doing | ||
| + | don't use this. | ||
| + | find . -type f | xargs rm -f | ||
| + | |||
| + | |||
| + | delete files from a list | ||
| + | Make sure you are rm'ing the right stuff | ||
| + | echo it first! | ||
| + | for i in `cat /filepath/to/listtodelete.txt`; do echo "/dir/where/files/live/$i"; done | ||
| + | |||
| + | |||
| + | once you are sure, make sure again, then delete with: | ||
| + | for i in `cat /filepath/to/listtodelete.txt`; do rm -Rf /dir/where/files/live/$i; done | ||
| + | |||
| + | |||
| + | Mod sec | ||
| + | install LW rules | ||
| + | yum install lp-modsec2-rules.noarch | ||
| + | |||
| + | |||
| + | copy old modsec whitelist to new one | ||
| + | cat /usr/local/apache/conf/modsec/00_asl_whitelist.conf > /usr/local/apache/conf/modsec2/whitelist.conf | ||
| + | |||
| + | |||
| + | Modsec finder (in progress) | ||
| + | clear; echo "ModSec tripping"; read -p "enter IP here " IP; DATE=$(date '+%b %d'); echo -e "\n\nModSec rules triped on $DATE\nand what to whitelist:\n\n "; grep "$DATE" /usr/local/apache/logs/error_log |grep modsec |grep $IP |egrep '\[id \"[0-9]*\"\]' | egrep -o '\[id \"[0-9]*\"\]|\[uri "[^"]+"\]' |egrep -o '[0-9]{4,9}|\"((\/[A-Za-z0-9\-]*)*)\.[a-zA-Z]{3,4}\/?\"' |tr '\n' ' '| sed 's/\/\"/&\n/g' |sed 's/[a-z]\"/&\n/g'|egrep -v '^ $' |sort |uniq -c | sort -rn |awk '{print $1" instance(s) of \n\n<LocationMatch "$3">\n SecRuleRemoveById "$2 "\n</LocationMatch> \n\n"}' Search for modsec errors grep -i modsec /usr/local/apache/logs/error_log | grep (enter domain here) | sed "s/$/\n/" grep for cust's ip or domain or whatever then append: |grep ModSec |grep "\[id "| grep -oP '\[\w{3} \w{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}]|\[id "\d+"\]|\[uri "[^"]+"\]' | tr '\n' ' ' |sed 's/alpha:\"\]/&\n/g' |sed 's/\[id \"/\n[id "/g' | ||
| + | |||
| + | |||
| + | Only list them once and count multiples | ||
| + | grep modsec /usr/local/apache/logs/error_log |grep (enter domain here) |awk -F] '{$1=$(NF-1)="";print}'| uniq -c | sed "s/$/\n/" | ||
| + | |||
| + | |||
| + | get uri and id | ||
| + | uri is with quotes, | ||
| + | ruleid is just the number Without quotes! | ||
| + | add | ||
| + | <LocationMatch "/URI/From/Error"> | ||
| + | SecRuleRemoveById $ruleid | ||
| + | </LocationMatch> | ||
| + | |||
| + | |||
| + | to (in most cases) | ||
| + | vim /usr/local/apache/conf/modsec2/whitelist.conf | ||
| + | |||
| + | |||
| + | restart apache | ||
| + | /etc/init.d/httpd restart | ||
| + | |||
| + | |||
| + | Plesk? | ||
| + | grep ModSec /var/www/vhosts/domain.com/statistics/logs/error_log | ||
| + | |||
| + | |||
| + | add | ||
| + | <LocationMatch "/URI/From/Error"> | ||
| + | SecRuleRemoveById $ruleid | ||
| + | </LocationMatch> | ||
| + | |||
| + | |||
| + | to | ||
| + | vim /var/www/vhosts/<domain.com>/conf/vhost.conf | ||
| + | |||
| + | |||
| + | or if a subdomain | ||
| + | vim /var/www/vhosts/<domain.com>/subdomains/<NameOfSubdomain>/conf/vhost.conf | ||
| + | |||
| + | |||
| + | rebuild plesk | ||
| + | /usr/local/psa/admin/bin/httpdmng --reconfigure-domain then <domain.com> or <sub.domain.com> | ||
| + | |||
| + | |||
| + | like: | ||
| + | /usr/local/psa/admin/bin/httpdmng --reconfigure-domain <sub.domain.com> | ||
| + | |||
| + | |||
| + | restart apache | ||
| + | /etc/init.d/httpd restart | ||
| + | |||
| + | |||
| + | test again: | ||
| + | tail -f /var/www/vhosts/domain.com/statistics/logs/error_log |grep ModSec | ||
| + | |||
| + | |||
| + | Making a new rule | ||
| + | in here define it and assign it a $ruleid vim /usr/local/apache/conf/modsec2.user.conf then you can add $ruleid to <LocationMatch "/URI/From/Error"> SecRuleRemoveById $ruleid </LocationMatch> like normal | ||
| + | |||
| + | |||
| + | PHP | ||
| + | php.ini | ||
| + | To see where the file is loading from use: | ||
| + | php -i |grep -i loaded | ||
| + | |||
| + | |||
| + | you will get: | ||
| + | Loaded Configuration File => /path/to/php.ini | ||
| + | |||
| + | |||
| + | in general, on cPanel it is: | ||
| + | vim /usr/local/lib/php.ini | ||
| + | |||
| + | |||
| + | common values to change | ||
| + | *memory_limit = <>M | ||
| + | *upload_max_filesize = <>M | ||
| + | *post_max_size = <>M | ||
| + | *upload_max_filesize < post_max_size | ||
| + | |||
| + | |||
| + | Restart apache to have changes take effect | ||
| + | /etc/init.d/httpd restart | ||
| + | |||
| + | |||
| + | php.conf | ||
| + | Another php configuration file. It is used with the fastCGI php handler | ||
| + | /usr/local/apache/conf/php.conf | ||
| + | |||
| + | |||
| + | so far I've only run into "mod_fcgid: HTTP request length" value errors here. add or increase the value of | ||
| + | MaxRequestLen | ||
| + | Restart apache to have changes take effect | ||
| + | /etc/init.d/httpd restart | ||
| + | |||
| + | |||
| + | Plesk? | ||
| + | In Plesk, php.ini lives in the same spot it does on any non-cPanel environment: /etc/php.ini | ||
| + | vim /etc/php.ini | ||
| + | |||
| + | |||
| + | Restart apache to have changes take effect | ||
| + | /etc/init.d/httpd restart | ||
| + | |||
| + | |||
| + | Custom php.ini | ||
| + | cgi and fcgi | ||
| + | Double check which is the current php handler | ||
| + | /usr/local/cpanel/bin/rebuild_phpconf --current | ||
| + | |||
| + | |||
| + | |||
| + | Also Remember to check if the account has CGI Privileges | ||
| + | Via WHM In modify an account under Privileges | ||
| + | If it is unchecked, this will not work and the error messages are not helpful. | ||
| + | CGI | ||
| + | First copy the php.ini over | ||
| + | cd /home/(username)/public_html/cgi-bin | ||
| + | cp /usr/local/lib/php.ini php.ini | ||
| + | chown (username). php.ini | ||
| + | |||
| + | |||
| + | In the .htaccess in the public_html, | ||
| + | vim /home/(username)/public_html/.htaccess | ||
| + | |||
| + | |||
| + | add the following at the very top of the file before everything: | ||
| + | AddHandler php-cgi .php Action php-cgi /cgi-bin/phpini.cgi | ||
| + | |||
| + | |||
| + | make the phpini.cgi file | ||
| + | vim /home/(username)/public_html/cgi-bin/phpini.cgi | ||
| + | |||
| + | |||
| + | with the following contents: | ||
| + | |||
| + | #!/bin/sh | ||
| + | export PHPRC=/home/(username)/public_html/cgi-bin/php.ini | ||
| + | exec /usr/local/cpanel/cgi-sys/php5 -c /home/(username)/public_html/ | ||
| + | |||
| + | |||
| + | |||
| + | Also make sure that you correct the permissions on the phpini.cgi. | ||
| + | chmod +x /home/(username)/public_html/cgi-bin/phpini.cgi | ||
| + | chown (username). /home/(username)/public_html/cgi-bin/phpini.cgi | ||
| + | |||
| + | |||
| + | then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded: | ||
| + | Loaded Configuration File = /home/(username)/public_html/cgi-bin/php.ini | ||
| + | |||
| + | |||
| + | and not the main php.ini: | ||
| + | Loaded Configuration File = /usr/local/lib/php.ini | ||
| + | |||
| + | |||
| + | FCGI | ||
| + | First copy the php.ini over | ||
| + | cd /home/(username)/public_html/cgi-bin | ||
| + | cp /usr/local/lib/php.ini php.ini | ||
| + | chown (username). php.ini | ||
| + | |||
| + | |||
| + | In the .htaccess in the public_html, | ||
| + | vim /home/(username)/public_html/.htaccess | ||
| + | |||
| + | |||
| + | add the following at the very top of the file before everything: | ||
| + | AddHandler php5-fastcgi .php Action php5-fastcgi /cgi-bin/php.fcgi | ||
| + | |||
| + | |||
| + | Make the php.fcgi file | ||
| + | vim /home/(username)/public_html/cgi-bin/php.fcgi | ||
| + | |||
| + | |||
| + | with the following contents: | ||
| + | #!/bin/sh | ||
| + | export PHP_FCGI_CHILDREN=1 | ||
| + | export PHP_FCGI_MAX_REQUESTS=10 | ||
| + | exec /usr/local/cpanel/cgi-sys/php5 | ||
| + | |||
| + | |||
| + | |||
| + | Also make sure that you correct the permissions on the phpini.cgi. | ||
| + | chmod +x /home/(username)/public_html/cgi-bin/php.fcgi | ||
| + | chown (username). /home/(username)/public_html/cgi-bin/php.fcgi | ||
| + | |||
| + | |||
| + | then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded: | ||
| + | Loaded Configuration File = /home/(username)/public_html/cgi-bin/php.ini | ||
| + | |||
| + | |||
| + | and not the main php.ini: | ||
| + | Loaded Configuration File = /usr/local/lib/php.ini | ||
| + | |||
| + | |||
| + | suPHP | ||
| + | copy the global php.ini over as the base for the custom | ||
| + | cd /home/(username)/public_html/ cp /usr/local/lib/php.ini php.ini | ||
| + | chown (username). php.ini | ||
| + | |||
| + | |||
| + | In the .htaccess in the public_html, | ||
| + | vim /home/(username)/public_html/.htaccess | ||
| + | |||
| + | |||
| + | add the following at the very top of the file before everything: | ||
| + | suPHP_ConfigPath /home/user/public_html | ||
| + | <Files php.ini> | ||
| + | order allow,deny deny from all | ||
| + | </Files> | ||
| + | |||
| + | |||
| + | then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded: | ||
| + | Loaded Configuration File = /home/(username)/public_html/php.ini | ||
| + | |||
| + | |||
| + | and not the main php.ini: | ||
| + | Loaded Configuration File = /usr/local/lib/php.ini | ||
| + | |||
| + | |||
| + | phpinfo.php | ||
| + | move to the directory that you want to place the phpinfo.php page then make the it: | ||
| + | echo "<?php phpinfo(); ?>" > ./phpinfo.php && chown $(pwd | cut -d/ -f3). ./phpinfo.php | ||
| + | |||
| + | |||
| + | linzardry | ||
| + | OS version | ||
| + | cat /etc/redhat-release | ||
| + | |||
| + | |||
| + | Linux kernel bit | ||
| + | getconf LONG_BIT | ||
| + | |||
| + | |||
| + | load script | ||
| + | wget -O /root/load_chugger.sh http://trippinglizard.com/load_chugger.sh; bash /root/load_chugger.sh | ||
| + | |||
| + | |||
| + | memory | ||
| + | free -m | ||
| + | |||
| + | |||
| + | Nice output of %total Free Physical Memory + cached memory | ||
| + | cat /proc/meminfo | perl -e 'while(<>){ if(m/^(MemTotal|MemFree|Cached)/){ m/(\d+)/; push(@foo, $1); } } printf("%.2f%% Free Physical Memory\n", ( ( $foo[1] + $foo[2]) / $foo[0] ) * 100 ) ;' | ||
| + | |||
| + | |||
| + | grep | ||
| + | grep for != <variable> | ||
| + | grep -v <variable> | ||
| + | |||
| + | |||
| + | copy | ||
| + | keep perms and owners | ||
| + | cp -rfa | ||
| + | |||
| + | |||
| + | Handy bash wizardry for cp | ||
| + | add: | ||
| + | {,<nameofbakfile>} like: {,.bak} | ||
| + | |||
| + | |||
| + | or | ||
| + | {,.lwbak} | ||
| + | |||
| + | |||
| + | to the end of the filepath. i.e. | ||
| + | cp /path/to/file{,<nameofbakfile>} | ||
| + | |||
| + | |||
| + | would create the file: | ||
| + | /path/to/file<nameofbakfile> | ||
| + | |||
| + | |||
| + | example: | ||
| + | cp /usr/local/lib/php.ini{,.lwbak} | ||
| + | |||
| + | |||
| + | creates the file: | ||
| + | /usr/local/lib/php.ini.lwbak | ||
| + | |||
| + | |||
| + | Works with move (mv) also! | ||
| + | Dated backups | ||
| + | cp /path/to/stuff{,.$(date +"%m-%d-%Y").bak} | ||
| + | |||
| + | |||
| + | awk | ||
| + | It is not the size of the awk command, it is how you use it | ||
| + | awk is verry help for for manipulating output into handy "Kraft Cop-i-past-a-bles™" awk '{print <variables> }' | ||
| + | |||
| + | |||
| + | variables | ||
| + | *$column_number *commas <,> denote spaces *echo "strings" *numbers *math operators *"\n" is a new line *"\t" is a tab | ||
| + | |||
| + | |||
| + | NF, The Last field | ||
| + | $NF is the last field Try mathing the "NF" variable! | ||
| + | $(NF-n) "n" fields over from the last field *$(NF-0) the last field. | ||
| + | $(NF-1) second to last field etcetera! | ||
| + | Example: lets grep out the time and the 1min, 5min, and 15min load averages from every loadwatch log that has triggered today: | ||
| + | cat /root/loadwatch/loadwatch.$(date +"%Y-%m-%d")* |grep "top - " |awk '{print $3"\t"$(NF-2)"\t"$(NF-1)"\t"$NF}' | ||
| + | |||
| + | |||
| + | would give you output similar to: | ||
| + | 04:05:04 21.40, 10.52, 4.21 | ||
| + | 11:52:19 83.74, 50.38, 21.74 | ||
| + | 11:56:11 109.98, 79.96, 39.31 | ||
| + | 12:20:14 124.66, 66.60, 28.87 | ||
| + | 12:23:42 130.51, 103.27, 51.41 | ||
| + | 12:24:01 93.53, 96.59, 50.32 | ||
| + | 12:17:42 59.66, 31.55, 13.19 | ||
| + | |||
| + | |||
| + | Substring | ||
| + | Sometimes you want to further refine just one column | ||
| + | substr($column_number,Starting_Character,Number_of_Characters_After_the_Starting_Character) | ||
| + | substr($3,1,5) | ||
| + | in the previous example, | ||
| + | lets say you just wanted the time without the seconds. i.e | ||
| + | 04:05 | ||
| + | 11:52 | ||
| + | 11:56 | ||
| + | 12:20 | ||
| + | |||
| + | |||
| + | not | ||
| + | 04:05:04 | ||
| + | 11:52:19 | ||
| + | 11:56:11 | ||
| + | 12:20:14 | ||
| + | |||
| + | |||
| + | replace $3 with substr($3,1,5) | ||
| + | still grab the third column '($3), | ||
| + | but just grab five (5) characters, | ||
| + | starting at the first (1). | ||
| + | If statements | ||
| + | try using them in front of print! | ||
| + | awk '{if ($5 > 5) print $5,$1,$2}' | ||
| + | |||
| + | |||
| + | if column 5 is greater than 5 print columns 5,1,and 2. | ||
| + | Example: using sar, show anytime the one minute load was above 10 then print that load and what time it happened (also then removing the header with grep). | ||
| + | sar -q | awk '{if ($5 > 10) print $5"\t"$1,$2}' |grep -v ld | ||
| + | |||
| + | |||
| + | will result in nice output like: | ||
| + | 13.35 09:30:04 AM | ||
| + | 16.07 11:10:17 AM | ||
| + | 10.92 11:20:02 AM | ||
| + | |||
| + | |||
| + | Field Delimiters | ||
| + | Also you can add the -F<character> flag to specify the are the field delimiters (what separates the columns) i.e. | ||
| + | awk -F@ '{ print $NF }' | ||
| + | |||
| + | |||
| + | this would be, print everything after the last "@" | ||
| + | Sum of every line | ||
| + | Adds each line... you know what sum means. | ||
| + | awk '{a+=$0}END{print a}' | ||
| + | |||
| + | |||
| + | add just column 7 | ||
| + | awk '{a+=$7}END{print a}' | ||
| + | |||
| + | |||
| + | First and Last line | ||
| + | This is helpful in finding a time frame. | ||
| + | Pipe the output of a search though | ||
| + | awk 'NR==1;END{print}' | ||
| + | |||
| + | |||
| + | You can also use the sed equivalent as it is shorter: | ||
| + | sed -n '1p;$p' | ||
| + | |||
| + | |||
| + | but lets say you want to just print column 4 (the time stamp) from a domlog | ||
| + | awk 'NR==1{print$4};END{print$4}' | ||
| + | |||
| + | |||
| + | combine the results with the output of wc of the same data and you have helpful information. | ||
| + | cut | ||
| + | cut works similar to awk with the -F flag | ||
| + | cut -d '<character>' -f<column-number> | ||
| + | |||
| + | |||
| + | i.e. | ||
| + | cut -d ':' -f2 | ||
| + | |||
| + | |||
| + | Would be the same as | ||
| + | awk -F: '{print $2}' | ||
| + | |||
| + | |||
| + | cut vs awk | ||
| + | Cut is much quicker than awk. | ||
| + | But awk is more powerful and has more options. | ||
| + | It is an awkward thing to say, but sometime, cut just doesn't cut it. | ||
| + | Puns removed for your safety | ||
| + | create/delete user | ||
| + | $user = the username you want | ||
| + | useradd $user | ||
| + | userdel -r $user | ||
| + | |||
| + | |||
| + | give that user a password | ||
| + | passwd $user | ||
| + | |||
| + | |||
| + | add user to the sudoer file | ||
| + | run | ||
| + | visudo | ||
| + | |||
| + | |||
| + | and add | ||
| + | $user ALL=(ALL) ALL | ||
| + | |||
| + | |||
| + | $user will be able to use sudo with their own password instead of root's | ||
| + | number of cores | ||
| + | grep -c proc /proc/cpuinfo nproc | ||
| + | |||
| + | |||
| + | find and change 777 perms | ||
| + | change all directories and files in every user's docroot from 777 to a more appropriate 755 for directories and 644 for files | ||
| + | find /home/*/public_html/ -type d -perm 777 -exec chmod 755 '{}' \; find /home/*/public_html/ -type f -perm 777 -exec chmod 644 '{}' \; | ||
| + | |||
| + | |||
| + | grep ps aux better | ||
| + | ps faux | egrep 'START|<program>' | grep -v grep | ||
| + | |||
| + | |||
| + | quick info dump | ||
| + | lynx -dump -width 500 localhost/whm-server-status > /home/temp/connections.txt | ||
| + | |||
| + | |||
| + | Server stats | ||
| + | This is a super long one liner that shows several bits of handy info. | ||
| + | exec 3<&1 && bash <&3 <(curl -sq http://layer3.liquidweb.com/serverstats) | ||
| + | |||
| + | |||
| + | try it on your vps! | ||
| + | rsync | ||
| + | From current server to remote server | ||
| + | rsync -avH /path/to/file user@(host.domain.com-or-IP):/path/on/remote/domain | ||
| + | |||
| + | |||
| + | within a server | ||
| + | rsync -avH /path/to/file/to/move /path/to/destination/ | ||
| + | |||
| + | |||
| + | test it out first! use the flag --dry-run for great success in avoiding tears | ||
| + | --dry-run | ||
| + | |||
| + | |||
| + | Tar .ect | ||
| + | Create a tar | ||
| + | tar -cvf file.tar.gz /path/to/file | ||
| + | |||
| + | |||
| + | Extract a .tar.gz | ||
| + | tar -zxvf filename.tar.gz | ||
| + | |||
| + | |||
| + | Extract a .tar | ||
| + | tar -xvf filename.tar | ||
| + | |||
| + | |||
| + | Extract a .gz | ||
| + | gunzip filename.gz | ||
| + | |||
| + | |||
| + | Preview the contents of a package so you can pick what to pull out | ||
| + | tar -tvzf filename.tar.gz | ||
| + | |||
| + | |||
| + | you can also pipe that to search for a certain folder | ||
| + | tar -tvzf filename.tar.gz | grep (folder or filename) | ||
| + | |||
| + | |||
| + | Extract a certain file from a backup or tar file | ||
| + | tar -xvzf filname.tar.gz /home/mike/public_html | ||
| + | |||
| + | |||
| + | use the exact line that the previous command gave you. | ||
| + | stolen shamelessly from Shooltz | ||
| + | Sar | ||
| + | sar memory % free | ||
| + | sar -r | egrep -v "ld|Ave|Linux" |awk -v v=$(cat /proc/meminfo |grep MemTot |awk '{print $2}') '{print $1,$2"\t"(($3+$7)/v)*100"%" }' | ||
| + | |||
| + | |||
| + | Sar shows the current day's resource usage of since the 12am server time, in ten minute(default) intervals. | ||
| + | CPU utilization report: | ||
| + | sar | ||
| + | %user = Percentage of CPU utilization that occurred while executing at the user level (application). | ||
| + | %nice = Percentage of CPU utilization that occurred while executing at the user level with nice priority. | ||
| + | %system = Percentage of CPU utilization that occurred while executing at the system level (kernel). | ||
| + | %iowait = Percentage of time that the CPU or CPUs were idle during which the system had an outstanding disk I/O request. | ||
| + | %idle = Percentage of time that the CPU or CPUs were idle and the system did not have an outstanding disk I/O request. | ||
| + | Memory usage: | ||
| + | sar -r | ||
| + | |||
| + | |||
| + | kbmemfree = Amount of free memory available in kilobytes. | ||
| + | kbmemused = Amount of used memory in kilobytes. This does not take into account memory used by the kernel itself. | ||
| + | %memused = Percentage of used memory. | ||
| + | kbbuffers = Amount of memory used as buffers by the kernel in kilobytes. | ||
| + | kbcached = Amount of memory used to cache data by the kernel in kilobytes. | ||
| + | kbswpfree = Amount of free swap space in kilobytes. | ||
| + | kbswpused = Amount of used swap space in kilobytes. | ||
| + | %swpused = Percentage of used swap space. | ||
| + | kbswpcad = Amount of cached swap memory in kilobytes. This is memory that once was swapped out, is swapped back in but still also is in the swap area (if memory is needed it doesn't need to be swapped out again because it is already in the swap area. This saves I/O). | ||
| + | Load: | ||
| + | sar -q | ||
| + | |||
| + | |||
| + | runq-sz = Run queue length (number of processes waiting for run time). | ||
| + | plist-sz = Number of processes in the process list. | ||
| + | ldavg-1 = System load average for the last minute. | ||
| + | ldavg-5 = System load average for the past 5 minutes. | ||
| + | ldavg-15 = System load average for the past 15 minutes. | ||
| + | Previous Days | ||
| + | To check previous days use the -f flag along with the file path to the data file where <XX> is the day of the month: | ||
| + | sar -f /var/log/sa/sa<XX> | ||
| + | |||
| + | |||
| + | Load averages for the fifth of the month: | ||
| + | sar -q -f /var/log/sa/sa05 | ||
| + | |||
| + | |||
| + | park wrapper errors | ||
| + | search for references of the domain. here are some of the places | ||
| + | grep -R <domain.com> /var/{cpanel/{users,bandwidth},named}/ /etc/httpd/conf/httpd.conf /etc/v{aliases,domainaliases,mail}/ /etc/{trueuser{domains,owners},named.conf,{local,user}domains}/ | ||
| + | |||
| + | |||
| + | Then remove references to the domain. After that, remember to: | ||
| + | /scripts/rebuilddnsconfig | ||
| + | |||
| + | |||
| + | retry creating the domain. | ||
| + | restoring scripts | ||
| + | Back up current account | ||
| + | /scripts/pkgacct $username | ||
| + | |||
| + | |||
| + | (puts it in /home/ and should be called cpmove-$) mv it out of the way. to cpmove-{USER}.tar.gz.bak | ||
| + | Restore account | ||
| + | backup most be in home move the backup you want to restore from | ||
| + | (must be named like one of these): | ||
| + | cpmove-{USER} | ||
| + | cpmove-{USER}.tar | ||
| + | cpmove-{USER}.tar.gz | ||
| + | USER.tar | ||
| + | USER.tar.gz | ||
| + | backup-{BACKUP-DATE_TIME}_{USER}.tar | ||
| + | backup-{BACKUP-DATE_TIME}_{USER}.tar.gz | ||
| + | |||
| + | |||
| + | to one of the places cPanel looks: | ||
| + | /home, /home2, /home3, /root, /usr, /usr/home, /web | ||
| + | |||
| + | |||
| + | restore | ||
| + | /scripts/restorepkg $username | ||
| + | |||
| + | |||
| + | Or | ||
| + | /scripts/restorepkg $username /Path/to/the/userbackup.tar.gz | ||
| + | |||
| + | |||
| + | may need to kill the account if it already exists Or just use the force: | ||
| + | /scripts/restorepkg --force $username | ||
| + | /scripts/restorepkg --force $username /Path/to/the/userbackup.tar.gz | ||
| + | |||
| + | |||
| + | Remove current account | ||
| + | /scripts/killacct $username | ||
| + | |||
| + | |||
| + | crontab | ||
| + | Crontab Commands | ||
| + | export EDITOR=vi | ||
| + | |||
| + | |||
| + | to specify a editor to open crontab file. Edit your crontab file, or create one if it doesn’t already exist. | ||
| + | crontab -e | ||
| + | |||
| + | |||
| + | Display your crontab file. | ||
| + | crontab -l | ||
| + | |||
| + | |||
| + | Remove your crontab file. | ||
| + | crontab -r | ||
| + | |||
| + | |||
| + | Display the last time you edited your crontab file. (This option is only available on a few systems.) | ||
| + | crontab -v | ||
| + | |||
| + | |||
| + | |||
| + | min |hour |day o month |month |day o week | ||
| + | |||
| + | |||
| + | 30 |0 |1 |1,6,12 |* – 00:30 Hrs on 1st of Jan, June & Dec. | ||
| + | 0 |20 |* |10 |1-5 – 8.00 PM every weekday (Mon-Fri) only in Oct. | ||
| + | 0 |0 |1,10,15 |* |* – midnight on 1st ,10th & 15th of month | ||
| + | 5,10 |0 |10 |* |1 – At 12.05,12.10 every Monday & on 10th of every month | ||
| + | |||
| + | |||
| + | LoadParse | ||
| + | mkdir -p /scripts | ||
| + | wget -O /scripts/loadparse http://layer3.liquidweb.com/scripts/loadparse.sh | ||
| + | chmod +x /scripts/loadparse | ||
| + | |||
| + | |||
| + | |||
| + | LoadParse One Liners | ||
| + | these need loadparse installed Top CPU users in loadwatch logs, logged today | ||
| + | cd /root/loadwatch | ||
| + | for i in `ll /root/loadwatch |grep $(date +"%Y-%m-%d") |awk '{print $NF}'`; do /scripts/loadparse $i | head ; done | ||
| + | |||
| + | |||
| + | Top mem users in loadwatch logs, logged today | ||
| + | cd /root/loadwatch | ||
| + | for i in `ll /root/loadwatch |grep $(date +"%Y-%m-%d") |awk '{print $NF}'`; do /scripts/loadparse $i | sed -n '14,20p'; done | ||
| + | |||
| + | |||
| + | reset password, username, and/or email | ||
| + | get cpuser | ||
| + | /scripts/whoown <domain> | ||
| + | |||
| + | |||
| + | get database name | ||
| + | grep DB_NAME /home/<cpuser>/public_html/wp-config.php | ||
| + | |||
| + | |||
| + | mysql oneliner to update all of them on user id 1 (the admin account) remove sections not needed replace everything in <>. | ||
| + | mysql -e "UPDATE <DB_NAME>.wp_users SET user_login = '<admin>', user_pass = MD5('<Password>'), user_email = '<their email address>' WHERE wp_users.ID = 1;" | ||
| + | |||
| + | |||
| + | Outlook and now more recently Thunderbird | ||
| + | Email clients are failing to connect servers using courier and SSL due to the key size being too small dovecot (the new default ) is fine, it is just cPanel never bothered to update courier. per nfuller techstaff email (modified) | ||
| + | echo "QUIT" | openssl s_client -connect `hostname`:995 2> /dev/null | grep 'Server Temp Key' | ||
| + | |||
| + | |||
| + | will result in something like: | ||
| + | Server Temp Key: DH, 768 bits | ||
| + | |||
| + | |||
| + | If the bits is lower than 1024, like above, outlook won't connect. Thankfully this is an easy fix. Run the following one liner: | ||
| + | cp -av /usr/lib/courier-imap/share/dhparams.pem{,.bak_768_bits} && openssl dhparam -out /usr/lib/courier-imap/share/dhparams.pem 2048 | ||
| + | |||
| + | |||
| + | That will backup the old key and create one at 2048 bits. Run the first one liner again to check your work: | ||
| + | echo "QUIT" | openssl s_client -connect `hostname`:995 2> /dev/null | grep 'Server Temp Key' | ||
| + | |||
| + | |||
| + | it should result in: | ||
| + | Server Temp Key: DH, 2048 bits | ||
| + | |||
| + | |||
| + | |||
| + | what kernels you can boot from | ||
| + | awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg | ||
Revision as of 19:04, 1 October 2017
MediaWiki has been installed.
Consult the User's Guide for information on using the wiki software.
Contents
Wiki
Firewalls/Blocked IPs
APF
Blacklist
vim /etc/apf/deny_hosts.rules
Whitelist
vim /etc/apf/allow_hosts.rules
Config file
vim /etc/apf/conf.apf
Restart
/etc/init.d/apf restart
Flush IP Tables
iptables -F
CSF
Use CSF to grep the current rules for an IP
csf -g ip.add.re.ss
CSF uses maxmind geoip free databass to add Geo info to the logs. You can also manually query what CSf has stored locally, from command line:
csf -i ip.add.re.ss
Blacklist
vim /etc/csf/csf.deny
Whitelist
vim /etc/csf/csf.allow
Restart (both CSF and LFD)
csf -ra
Configuration
vim /etc/csf/csf.conf
login failure log
/var/log/lfd.log
Fun output, IP address and the LFD trigger that got it blocked:
grep "*Blocked in csf*" /var/log/lfd.log | egrep -o '( (([0-9]{1,3}\.){3})[0-9]{1,3}|\[LF_.*)' | sed -e :a -e '$!N;s/\n\[/ \t==blocked for==\> \t\[/;ta' -e 'P;D'
looks like
118.98.66.56 ==blocked for==> [LF_SMTPAUTH] 92.38.233.191 ==blocked for==> [LF_SSHD] 104.167.104.147 ==blocked for==> [LF_SSHD] 73.179.232.255 ==blocked for==> [LF_CPANEL] 118.163.76.38 ==blocked for==> [LF_SMTPAUTH]
cPHulk
Brute Force Protection deny/allow list edited through WHM
Main >> Security Center >> cPHulk Brute Force Protection
command line
Is it running?
/usr/local/cpanel/scripts/restartsrv_cphulkd --status
stop and disable it
/usr/local/cpanel/etc/init/stopcphulkd /usr/local/cpanel/bin/cphulk_pam_ctl --disable
Host Access Control
GUI in WHM (along with syntax/instructions):
Main >> Security Center >> Host Access Control
or edit the file directly:
/etc/hosts.allow
keep in mind that there is
/etc/hosts.deny
which WHM does not not touch, but this is another place IPs can be manually blocked
FTP
Passive mode issues
Determine which ftp service is in use
PureFTPd or proFTPd Then enable the use of passive ports for the FTP service being used.
By default the FTP configs will show/suggest using 30000 to 50000 this is an unnecessarily large range of ports to use open. Determine whether APF or CSF is in use. Then make sure the ports are open in the firewall. Restart the services updated. Make sure that passive mode is open in the ftp config
For PureFTPd
backup the existing conf
cp -va /etc/pure-ftpd.conf{,.$(date +"%m-%d-%Y").bak}
vim /etc/pure-ftpd.conf
add or modify to look something like this
#Port range for passive connections replies. - for firewalling. PassivePortRange 30000 35000
xor
For proFTPd
backup the existing conf
cp -va /etc/proftpd.conf{,.$(date +"%m-%d-%Y").bak}
vim /etc/proftpd.conf
add or modify to look something like this:
PassivePorts 30000 35000
Open those ports in the firewall
For CSF
backup the existing conf
cp -va /etc/csf/csf.conf{,.$(date +"%m-%d-%Y").bak}
vim /etc/csf/csf.conf
add
30000:35000
(CSF's range syntax is a colon)
to the end of
# Allow incoming TCP ports TCP_IN = "ports,moreports,otherports,30000:35000"
xor
For APF
backup the existing conf
cp -va /etc/apf/conf.apf{,.$(date +"%m-%d-%Y").bak}
vim /etc/apf/conf.apf
add
30000_35000
(APF's range syntax is an underscore) to the end of
# Common inbound (ingress) TCP ports IG_TCP_CPORTS="ports,moreports,otherports,30000_35000"
check storm server firewall this might be blocking ports as well
restart the services
service pure-ftpd restart
service proftpd restart
As well as APF or CSF
unformated BS
to fix later
cPanel Version /usr/local/cpanel/cpanel -V
or check the top right of WHM Restart
/etc/init.d/cpanel restart
force update
/scripts/upcp --force
add spf and dkim server wide
for user in $(\ls -A /var/cpanel/users) ; do /usr/local/cpanel/bin/dkim_keys_install $user; /usr/local/cpanel/bin/spf_installer $user ; done
bypass cpanel security questions:
echo "$(last |grep "still logged in" |awk '{print $3}')" >> /var/cpanel/userhomes/cpanel/.cpanel/securitypolicy/iplist/root echo "10.20.4.233" >> /var/cpanel/userhomes/cpanel/.cpanel/securitypolicy/iplist/root
Chksrvd log
chekservd fails:
echo -e "\nchekservd fails\n" && egrep '\[\[check command:-\]' /var/log/chkservd.log | egrep -o '(20[0-9]{2}(-[0-9]{2}){2}\ [0-9]{2}(:[0-9]{2}){2}|[a-z]* \[\[check command:-\])'| sed 's/\[\[check command:-\]//'g how far back does the log go: egrep -o '20[0-9]{2}(-[0-9]{2}){2}\ [0-9]{2}(:[0-9]{2}){2}' /var/log/chkservd.log |head -n1
Apache
Restart
/etc/init.d/httpd restart
Tail the Error lo
tail -f /usr/local/apache/logs/error_log
Config file on cPanel boxes
vim /usr/local/apache/conf/httpd.conf
Apache's status
service httpd status httpd fullstatus
Check for Max Clients
grep MaxClients /usr/local/apache/logs/error_log ps aux | grep httpd -c; egrep 'MaxClients|ServerLimit' /usr/local/apache/conf/httpd.conf
connections made per ip
netstat -tn 2>/dev/null | grep ':80space:' | awk '{print $5}' | cut -f1 -d: | sort | uniq -c | sort -rn | head
Plesk?
tail /var/www/vhosts/<domain.com>/statistics/logs/error_log
MySQL
handy infos
config file
vim /etc/my.cnf
Error log
tail -f /var/lib/mysql/`hostname`.err
Restart
/etc/init.d/mysql restart
watch -n1 mysqladmin proc stat
Jhayhoe's list frag tables
wget -O /scripts/fragmented.sh http://layer3.liquidweb.com/scripts/jhayhoe/fragmented.sh chmod +x /scripts/fragmented.sh /scripts/fragmented.sh
mysqlcheck
The mysqlcheck client performs table maintenance: It checks, repairs, optimizes, or analyzes tables
--all-databases, -A Check all tables in all databases. This is the same as using the --databases option and naming all the databases on the command line.
--optimize, -o Optimize the tables.
--repair, -r Perform a repair that can fix almost anything except unique keys that are not unique.
--auto-repairIf a checked table is corrupted, automatically fix it. Any necessary repairs are done after all tables have been checked.
mysqlcheck -Aor
mysqlcheck --auto-repair --optimize --all-databases
other stuff
Shut it down and check tables
killall -9 tailwatchd
killall -9 crond
service mysql stop
find /var/lib/mysql -iname "*.MYI" -exec myisamchk -fUr {} \; service mysql restart
service crond restart
/scripts/restartsrv_tailwatchd
Optimize each table in a For loop,
for i in $(mysql -e "show databases;" | sed 's/Database//') ; do for each in $(mysql -e "use $i; show tables;" | sed 's/Tables.*//' ;) ; do mysql -e "use $i ; optimize table $each" ; done ; done
MyTop, it's like top for mysql (If it is installed on the server) http://jeremy.zawodny.com/mysql/mytop/mytop-1.6.tar.gz mytop
innodb
what tables are using innodb
mysql -e "SELECT table_schema, table_name FROM INFORMATION_SCHEMA.TABLES WHERE engine = 'innodb';"
conf
located in
/etc/my.cnf
script for the only settings that should ever need to be adjusted (according to lw wiki):
"Good starting points are 64M, then double this value as RAM doubles. 1GB RAM = 64M, 2GB = 128M, 4GB = 256M"
echo "what they are:";mysql -e "show variables" |egrep 'innodb_buffer_pool_size|key_buffer_size' |awk '{print $1,$2/1024/1024"M"}'; echo "what they should be:"; cat /proc/meminfo |grep MemTotal | awk '{print $2/1024/1024*64"M"}'
Plesk?
restart (notice the d)
/etc/init.d/mysqld restart
This will give you the admin password to Plesk
cat /etc/psa/.psa.shadow; echo -e "\n";
Use this password with:
mysql -u admin -p watch "mysqladmin proc stat -u admin -p`cat /etc/psa/.psa.shadow`"
Screen
ctrl+a +d is keyboard shortcut to detach
Error?
Directory '/var/run/screen' must have mode 777.
no prob:
chmod g+s /usr/bin/screen
all set
List current screens
screen -ls
Create new screen
screen -S [name]
Attach
screen -r [screen name]
Detach
screen -d [screen name]
Join already attached or unattached...
screen -x [screen name]
screen -x by itself, will join the screen if there is only one to join
EasyApache
Do before:
USR=lw.$(date +%s); FILE=/root/preEA.$USR;cp /usr/local/apache/conf/httpd.conf{,.bak.$USR}; cp /usr/local/lib/php.ini{,.bak.$USR}; touch $FILE; cat > $FILE <(echo -e "\n--Current Handler--\n" ; /usr/local/cpanel/bin/rebuild_phpconf --current ; if [ -x /usr/bin/php4 ] ;then echo -e "\n--PHP 4 Version--\n" ; php4 -v 2>&1; echo -e "\n--PHP 4 Modules--\n"; php4 -m 2>&1 ;fi;if [ -x /usr/bin/php5 ] ;then echo -e "\n--PHP 5 Version--\n"; php5 -v ; echo -e "\n--PHP 5 Modules--\n"; php5 -m;fi ;echo -e "\n--Apache Version--\n" ;/usr/local/apache/bin/httpd -V; echo -e "\n--Apache Modules--\n";/usr/local/apache/bin/httpd -l ; echo -e "\n\n--Date Created: $(date +%c)--";echo -e "\n--Configuration files--\n" ; echo "httpd.conf: /usr/local/apache/conf/httpd.conf.bak.$USR"; echo "php.ini: /usr/local/lib/php.ini.bak.$USR";) ; echo -e "\nPreEA configuration stored in \n$FILE"
do it in a screen!
screen -S EA /scripts/easyapache
suPHPfix + suPHP
Save-state
saves the file permissions of (all|cPuser) in their current state
However,
This will overwrite the previous save state if done a second time!
Save state is a JSON file located in: /var/cache/suphpfix backup the appropriate file in this directory if you are going to run this a second time
something like
cp -rfa /var/cache/suphpfix /var/cache/$(date +"%m%d%Y").suphpfix.bak Check the ticket to see if it was run previously ! suphpfix --save-state (all|cPuser)
Prep all
makes the changes to the permissions suphpfix --prep (all|cPuser)
Restore-state
restores from the current save state in
/var/cache/suphpfix
suphpfix --restore-state (all|cPuser) switch to suPHP /usr/local/cpanel/bin/rebuild_phpconf 5 none suphp enabled
SpamAssassin
Disable forwarding for DNSBL queries for SpamAssassin
Needs more testing!
sed -i.preSAfix.bak -e '1iinclude "/etc/named.disable.DNSBL.fwding.conf"; \' /etc/named.conf
touch /etc/named.disable.DNSBL.fwding.conf && chown named: /etc/named.disable.DNSBL.fwding.conf
cat <<EOF >> /etc/named.disable.DNSBL.fwding.conf
view "DNSBL zones" {
//Disable forwarding for DNSBL queries for SpamAssassin
//
//http://wiki.apache.org/spamassassin/CachingNameserver
//
//If you have a large ISP or are using large public DNS provider(s)
//it is recommended you not forward mail-related DNS traffic through
//their DNS servers (though non-mail DNS traffic from your site shouldn't
//have problems.) With bind, this means not having any "forwarders" listed.
//Or, at a minimum, you could create exemptions by
//defining empty forwarders for DNSBL zones, like this:
zone "multi.uribl.com" {
type forward;
forward first;
forwarders {};
};
zone "dnsbl.sorbs.net" {
type forward;
forward first;
forwarders {};
};
zone "combined.njabl.org" {
type forward;
forward first;
forwarders {};
};
zone "activationcode.r.mail-abuse.com" {
type forward;
forward first;
forwarders {};
};
zone "nonconfirm.mail-abuse.com" {
type forward;
forward first;
forwarders {};
};
zone "iadb.isipp.com" {
type forward;
forward first;
forwarders {};
};
zone "bl.spamcop.net" {
type forward;
forward first;
forwarders {};
};
zone "fulldom.rfc-ignorant.org" {
type forward;
forward first;
forwarders {};
};
zone "list.dnswl.org" {
type forward;
forward first;
forwarders {};
};
zone "blackholes.mail-abuse.org" {
type forward;
forward first;
forwarders {};
};
zone "bl.score.senderscore.com" {
type forward;
forward first;
forwarders {};
};
zone "zen.spamhaus.org" {
type forward;
forward first;
forwarders {};
};
}; EOF service named restart
SA-learn script
stolen modified from jpurkis
enable Bayes in the user_conf
use_bayes 1
bayes_auto_learn 1
bayes_min_ham_num 50
bayes_min_spam_num 50
su to the cPanel user in question and add a cronjob to run the following script, (placed where the cPanel user can access it).
- !/bin/bash
- Find and learn spam
find /home/$user/mail/ -type d -name ".Junk" -exec /usr/local/cpanel/3rdparty/bin/sa-learn --no-sync --spam {}/{cur,new}/ \;
- Find and learn ham
find /home/$user/mail/ -type d -name ".non-spam" -exec /usr/local/cpanel/3rdparty/bin/sa-learn --no-sync --ham {}/{cur,new}/ \;
- sync /usr/local/cpanel/3rdparty/bin/sa-learn --sync
- clean out learned spam for i in $(find /home/$user/mail/ -type d -name ".Junk" ); do rm -f $i/{cur,new}/* ; done
- remove week old spam
for i in $(find /home/$user/mail/ -type d -name ".spam") ; do find $i/{cur,new}/ -type f -mtime +7 -exec rm -f \; ; done
exim
Mail queue cleanup
who is 'authing' the mail. This needs to be addressed first. Stop the outgoing mail then clean it up.
find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id'
Subject lines
find /var/spool/exim/input/ -name '*-H' | xargs egrep ' Subject:'
refine the results
is all the spam authed by the same user?
find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id someuser@domain'
or
find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id somecpuser'
or are the subject lines all the same?
find /var/spool/exim/input/ -name '*-H' | xargs egrep ' Subject: Discount spam, free'
then pipe that to:
Regex for pulling out the mail ID
| egrep '([0-9a-zA-Z]{6}\-){2}[0-9a-zA-Z]{2}' -o
then pipe that to the exim command to remove mail by mail id to remove previously determined the mail
Removing the mail by mail ID
| xargs exim -Mrm
clear out bounces ect
find /var/spool/exim/input/ -name '*-H' | xargs egrep 'Subject: (Undelivered Mail|Mail delivery|Mail failure|Delivery Status|Returned mail|Undeliverable|failure notice|Warning: message)'| egrep [0-9a-zA-Z]{6}\-[0-9a-zA-Z]{6}\-[0-9a-zA-Z]{2} -o | xargs exim -Mrm
Babysitting cleanup of a large queue?
Make you notes look nice:
echo -e "#queue $(exim -bpc) @$(date) on $(hostname)"
periodically run that, to get nice output, eg:
- queue 96910 @Fri Feb 27 08:28:48 EST 2015 on host.server.com
- queue 96710 @Fri Feb 27 08:28:58 EST 2015 on host.server.com
- queue 96595 @Fri Feb 27 08:29:08 EST 2015 on host.server.com
general
restart /etc/init.d/exim restart what is going on exiwhat number of messages in queue exim -bpc start the queue exim -q -v
clean out default mail inbox
find /home/$(cpuser)/mail/{cur,new}/ -type f -exec rm -f \;
where $(cpuser) is the user alternatively add
-mtime +7
to leave stuff newer than one week if the user wants to review.
make cpanel interface report the correct value
/scripts/generate_maildirsize --confirm --allaccounts --verbose $(cpuser)
log location
/var/log/exim_mainlog
cant ping liquidweb.com? check
vim /etc/resolv.conf
try google's resolvers 8.8.8.8
diskspace clean up
/var yum clean all
checking usage
df -h du -h --max-depth=1
df and du discrepancy
If df and du do not agree, there is one or more processes keeping a deleted file open.
df is reading it and du is not
find them and kill them!
Find it, make sure these can be killed, note, ect.
lsof | grep "deleted"
nice output if the sizer is >0 i.e.
COMMAND PID SIZE NAME
lsof | grep deleted |awk '{if ($7>0) print $1,$2"\t"$7/1024/1024"M\t" $9}'
Kill them:
kill -15 <PID>
inodes
Plenty of open space but but the disk is still full?
Check the number of inodes used
no inodes = no new files
du -i
purge_dead_comet_files:
/usr/local/cpanel/bin/purge_dead_comet_files
don't use
Delete ALL the files! Bad idea to use unless you know what you are doing
don't use this.
find . -type f | xargs rm -f
delete files from a list
Make sure you are rm'ing the right stuff
echo it first!
for i in `cat /filepath/to/listtodelete.txt`; do echo "/dir/where/files/live/$i"; done
once you are sure, make sure again, then delete with:
for i in `cat /filepath/to/listtodelete.txt`; do rm -Rf /dir/where/files/live/$i; done
Mod sec
install LW rules
yum install lp-modsec2-rules.noarch
copy old modsec whitelist to new one
cat /usr/local/apache/conf/modsec/00_asl_whitelist.conf > /usr/local/apache/conf/modsec2/whitelist.conf
Modsec finder (in progress)
clear; echo "ModSec tripping"; read -p "enter IP here " IP; DATE=$(date '+%b %d'); echo -e "\n\nModSec rules triped on $DATE\nand what to whitelist:\n\n "; grep "$DATE" /usr/local/apache/logs/error_log |grep modsec |grep $IP |egrep '\[id \"[0-9]*\"\]' | egrep -o '\[id \"[0-9]*\"\]|\[uri "[^"]+"\]' |egrep -o '[0-9]{4,9}|\"((\/[A-Za-z0-9\-]*)*)\.[a-zA-Z]{3,4}\/?\"' |tr '\n' ' '| sed 's/\/\"/&\n/g' |sed 's/[a-z]\"/&\n/g'|egrep -v '^ $' |sort |uniq -c | sort -rn |awk '{print $1" instance(s) of \n\n<LocationMatch "$3">\n SecRuleRemoveById "$2 "\n</LocationMatch> \n\n"}' Search for modsec errors grep -i modsec /usr/local/apache/logs/error_log | grep (enter domain here) | sed "s/$/\n/" grep for cust's ip or domain or whatever then append: |grep ModSec |grep "\[id "| grep -oP '\[\w{3} \w{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}]|\[id "\d+"\]|\[uri "[^"]+"\]' | tr '\n' ' ' |sed 's/alpha:\"\]/&\n/g' |sed 's/\[id \"/\n[id "/g'
Only list them once and count multiples
grep modsec /usr/local/apache/logs/error_log |grep (enter domain here) |awk -F] '{$1=$(NF-1)="";print}'| uniq -c | sed "s/$/\n/"
get uri and id
uri is with quotes,
ruleid is just the number Without quotes!
add
<LocationMatch "/URI/From/Error">
SecRuleRemoveById $ruleid
</LocationMatch>
to (in most cases)
vim /usr/local/apache/conf/modsec2/whitelist.conf
restart apache
/etc/init.d/httpd restart
Plesk?
grep ModSec /var/www/vhosts/domain.com/statistics/logs/error_log
add
<LocationMatch "/URI/From/Error">
SecRuleRemoveById $ruleid
</LocationMatch>
to
vim /var/www/vhosts/<domain.com>/conf/vhost.conf
or if a subdomain
vim /var/www/vhosts/<domain.com>/subdomains/<NameOfSubdomain>/conf/vhost.conf
rebuild plesk
/usr/local/psa/admin/bin/httpdmng --reconfigure-domain then <domain.com> or <sub.domain.com>
like:
/usr/local/psa/admin/bin/httpdmng --reconfigure-domain <sub.domain.com>
restart apache
/etc/init.d/httpd restart
test again:
tail -f /var/www/vhosts/domain.com/statistics/logs/error_log |grep ModSec
Making a new rule
in here define it and assign it a $ruleid vim /usr/local/apache/conf/modsec2.user.conf then you can add $ruleid to <LocationMatch "/URI/From/Error"> SecRuleRemoveById $ruleid </LocationMatch> like normal
PHP
php.ini
To see where the file is loading from use:
php -i |grep -i loaded
you will get:
Loaded Configuration File => /path/to/php.ini
in general, on cPanel it is:
vim /usr/local/lib/php.ini
common values to change
- memory_limit = <>M
- upload_max_filesize = <>M
- post_max_size = <>M
- upload_max_filesize < post_max_size
Restart apache to have changes take effect
/etc/init.d/httpd restart
php.conf
Another php configuration file. It is used with the fastCGI php handler
/usr/local/apache/conf/php.conf
so far I've only run into "mod_fcgid: HTTP request length" value errors here. add or increase the value of
MaxRequestLen
Restart apache to have changes take effect
/etc/init.d/httpd restart
Plesk?
In Plesk, php.ini lives in the same spot it does on any non-cPanel environment: /etc/php.ini
vim /etc/php.ini
Restart apache to have changes take effect
/etc/init.d/httpd restart
Custom php.ini
cgi and fcgi
Double check which is the current php handler
/usr/local/cpanel/bin/rebuild_phpconf --current
Also Remember to check if the account has CGI Privileges Via WHM In modify an account under Privileges If it is unchecked, this will not work and the error messages are not helpful. CGI First copy the php.ini over cd /home/(username)/public_html/cgi-bin cp /usr/local/lib/php.ini php.ini chown (username). php.ini
In the .htaccess in the public_html,
vim /home/(username)/public_html/.htaccess
add the following at the very top of the file before everything:
AddHandler php-cgi .php Action php-cgi /cgi-bin/phpini.cgi
make the phpini.cgi file
vim /home/(username)/public_html/cgi-bin/phpini.cgi
with the following contents:
- !/bin/sh
export PHPRC=/home/(username)/public_html/cgi-bin/php.ini exec /usr/local/cpanel/cgi-sys/php5 -c /home/(username)/public_html/
Also make sure that you correct the permissions on the phpini.cgi. chmod +x /home/(username)/public_html/cgi-bin/phpini.cgi chown (username). /home/(username)/public_html/cgi-bin/phpini.cgi
then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded:
Loaded Configuration File = /home/(username)/public_html/cgi-bin/php.ini
and not the main php.ini:
Loaded Configuration File = /usr/local/lib/php.ini
FCGI
First copy the php.ini over
cd /home/(username)/public_html/cgi-bin
cp /usr/local/lib/php.ini php.ini
chown (username). php.ini
In the .htaccess in the public_html,
vim /home/(username)/public_html/.htaccess
add the following at the very top of the file before everything:
AddHandler php5-fastcgi .php Action php5-fastcgi /cgi-bin/php.fcgi
Make the php.fcgi file
vim /home/(username)/public_html/cgi-bin/php.fcgi
with the following contents:
- !/bin/sh
export PHP_FCGI_CHILDREN=1 export PHP_FCGI_MAX_REQUESTS=10 exec /usr/local/cpanel/cgi-sys/php5
Also make sure that you correct the permissions on the phpini.cgi. chmod +x /home/(username)/public_html/cgi-bin/php.fcgi chown (username). /home/(username)/public_html/cgi-bin/php.fcgi
then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded:
Loaded Configuration File = /home/(username)/public_html/cgi-bin/php.ini
and not the main php.ini:
Loaded Configuration File = /usr/local/lib/php.ini
suPHP
copy the global php.ini over as the base for the custom
cd /home/(username)/public_html/ cp /usr/local/lib/php.ini php.ini
chown (username). php.ini
In the .htaccess in the public_html,
vim /home/(username)/public_html/.htaccess
add the following at the very top of the file before everything:
suPHP_ConfigPath /home/user/public_html
<Files php.ini>
order allow,deny deny from all
</Files>
then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded:
Loaded Configuration File = /home/(username)/public_html/php.ini
and not the main php.ini:
Loaded Configuration File = /usr/local/lib/php.ini
phpinfo.php
move to the directory that you want to place the phpinfo.php page then make the it:
echo "<?php phpinfo(); ?>" > ./phpinfo.php && chown $(pwd | cut -d/ -f3). ./phpinfo.php
linzardry
OS version
cat /etc/redhat-release
Linux kernel bit
getconf LONG_BIT
load script
wget -O /root/load_chugger.sh http://trippinglizard.com/load_chugger.sh; bash /root/load_chugger.sh
memory
free -m
Nice output of %total Free Physical Memory + cached memory
cat /proc/meminfo | perl -e 'while(<>){ if(m/^(MemTotal|MemFree|Cached)/){ m/(\d+)/; push(@foo, $1); } } printf("%.2f%% Free Physical Memory\n", ( ( $foo[1] + $foo[2]) / $foo[0] ) * 100 ) ;'
grep
grep for != <variable>
grep -v <variable>
copy
keep perms and owners
cp -rfa
Handy bash wizardry for cp
add:
{,<nameofbakfile>} like: {,.bak}
or
{,.lwbak}
to the end of the filepath. i.e.
cp /path/to/file{,<nameofbakfile>}
would create the file:
/path/to/file<nameofbakfile>
example:
cp /usr/local/lib/php.ini{,.lwbak}
creates the file:
/usr/local/lib/php.ini.lwbak
Works with move (mv) also!
Dated backups
cp /path/to/stuff{,.$(date +"%m-%d-%Y").bak}
awk
It is not the size of the awk command, it is how you use it
awk is verry help for for manipulating output into handy "Kraft Cop-i-past-a-bles™" awk '{print <variables> }'
variables
- $column_number *commas <,> denote spaces *echo "strings" *numbers *math operators *"\n" is a new line *"\t" is a tab
NF, The Last field
$NF is the last field Try mathing the "NF" variable!
$(NF-n) "n" fields over from the last field *$(NF-0) the last field.
$(NF-1) second to last field etcetera!
Example: lets grep out the time and the 1min, 5min, and 15min load averages from every loadwatch log that has triggered today:
cat /root/loadwatch/loadwatch.$(date +"%Y-%m-%d")* |grep "top - " |awk '{print $3"\t"$(NF-2)"\t"$(NF-1)"\t"$NF}'
would give you output similar to:
04:05:04 21.40, 10.52, 4.21
11:52:19 83.74, 50.38, 21.74
11:56:11 109.98, 79.96, 39.31
12:20:14 124.66, 66.60, 28.87
12:23:42 130.51, 103.27, 51.41
12:24:01 93.53, 96.59, 50.32
12:17:42 59.66, 31.55, 13.19
Substring
Sometimes you want to further refine just one column
substr($column_number,Starting_Character,Number_of_Characters_After_the_Starting_Character)
substr($3,1,5)
in the previous example,
lets say you just wanted the time without the seconds. i.e
04:05
11:52
11:56
12:20
not
04:05:04
11:52:19
11:56:11
12:20:14
replace $3 with substr($3,1,5)
still grab the third column '($3),
but just grab five (5) characters,
starting at the first (1).
If statements
try using them in front of print!
awk '{if ($5 > 5) print $5,$1,$2}'
if column 5 is greater than 5 print columns 5,1,and 2.
Example: using sar, show anytime the one minute load was above 10 then print that load and what time it happened (also then removing the header with grep).
sar -q | awk '{if ($5 > 10) print $5"\t"$1,$2}' |grep -v ld
will result in nice output like:
13.35 09:30:04 AM
16.07 11:10:17 AM
10.92 11:20:02 AM
Field Delimiters
Also you can add the -F<character> flag to specify the are the field delimiters (what separates the columns) i.e.
awk -F@ '{ print $NF }'
this would be, print everything after the last "@"
Sum of every line
Adds each line... you know what sum means.
awk '{a+=$0}END{print a}'
add just column 7
awk '{a+=$7}END{print a}'
First and Last line
This is helpful in finding a time frame.
Pipe the output of a search though
awk 'NR==1;END{print}'
You can also use the sed equivalent as it is shorter:
sed -n '1p;$p'
but lets say you want to just print column 4 (the time stamp) from a domlog
awk 'NR==1{print$4};END{print$4}'
combine the results with the output of wc of the same data and you have helpful information.
cut
cut works similar to awk with the -F flag
cut -d '<character>' -f<column-number>
i.e.
cut -d ':' -f2
Would be the same as
awk -F: '{print $2}'
cut vs awk
Cut is much quicker than awk.
But awk is more powerful and has more options.
It is an awkward thing to say, but sometime, cut just doesn't cut it.
Puns removed for your safety
create/delete user
$user = the username you want
useradd $user
userdel -r $user
give that user a password
passwd $user
add user to the sudoer file
run
visudo
and add
$user ALL=(ALL) ALL
$user will be able to use sudo with their own password instead of root's
number of cores
grep -c proc /proc/cpuinfo nproc
find and change 777 perms
change all directories and files in every user's docroot from 777 to a more appropriate 755 for directories and 644 for files
find /home/*/public_html/ -type d -perm 777 -exec chmod 755 '{}' \; find /home/*/public_html/ -type f -perm 777 -exec chmod 644 '{}' \;
grep ps aux better
ps faux | egrep 'START|<program>' | grep -v grep
quick info dump
lynx -dump -width 500 localhost/whm-server-status > /home/temp/connections.txt
Server stats
This is a super long one liner that shows several bits of handy info.
exec 3<&1 && bash <&3 <(curl -sq http://layer3.liquidweb.com/serverstats)
try it on your vps!
rsync
From current server to remote server
rsync -avH /path/to/file user@(host.domain.com-or-IP):/path/on/remote/domain
within a server
rsync -avH /path/to/file/to/move /path/to/destination/
test it out first! use the flag --dry-run for great success in avoiding tears
--dry-run
Tar .ect
Create a tar
tar -cvf file.tar.gz /path/to/file
Extract a .tar.gz
tar -zxvf filename.tar.gz
Extract a .tar
tar -xvf filename.tar
Extract a .gz
gunzip filename.gz
Preview the contents of a package so you can pick what to pull out
tar -tvzf filename.tar.gz
you can also pipe that to search for a certain folder
tar -tvzf filename.tar.gz | grep (folder or filename)
Extract a certain file from a backup or tar file
tar -xvzf filname.tar.gz /home/mike/public_html
use the exact line that the previous command gave you.
stolen shamelessly from Shooltz
Sar
sar memory % free
sar -r | egrep -v "ld|Ave|Linux" |awk -v v=$(cat /proc/meminfo |grep MemTot |awk '{print $2}') '{print $1,$2"\t"(($3+$7)/v)*100"%" }'
Sar shows the current day's resource usage of since the 12am server time, in ten minute(default) intervals.
CPU utilization report:
sar
%user = Percentage of CPU utilization that occurred while executing at the user level (application).
%nice = Percentage of CPU utilization that occurred while executing at the user level with nice priority.
%system = Percentage of CPU utilization that occurred while executing at the system level (kernel).
%iowait = Percentage of time that the CPU or CPUs were idle during which the system had an outstanding disk I/O request.
%idle = Percentage of time that the CPU or CPUs were idle and the system did not have an outstanding disk I/O request.
Memory usage:
sar -r
kbmemfree = Amount of free memory available in kilobytes.
kbmemused = Amount of used memory in kilobytes. This does not take into account memory used by the kernel itself.
%memused = Percentage of used memory.
kbbuffers = Amount of memory used as buffers by the kernel in kilobytes.
kbcached = Amount of memory used to cache data by the kernel in kilobytes.
kbswpfree = Amount of free swap space in kilobytes.
kbswpused = Amount of used swap space in kilobytes.
%swpused = Percentage of used swap space.
kbswpcad = Amount of cached swap memory in kilobytes. This is memory that once was swapped out, is swapped back in but still also is in the swap area (if memory is needed it doesn't need to be swapped out again because it is already in the swap area. This saves I/O).
Load:
sar -q
runq-sz = Run queue length (number of processes waiting for run time).
plist-sz = Number of processes in the process list.
ldavg-1 = System load average for the last minute.
ldavg-5 = System load average for the past 5 minutes.
ldavg-15 = System load average for the past 15 minutes.
Previous Days
To check previous days use the -f flag along with the file path to the data file where <XX> is the day of the month:
sar -f /var/log/sa/sa<XX>
Load averages for the fifth of the month:
sar -q -f /var/log/sa/sa05
park wrapper errors
search for references of the domain. here are some of the places
grep -R <domain.com> /var/{cpanel/{users,bandwidth},named}/ /etc/httpd/conf/httpd.conf /etc/v{aliases,domainaliases,mail}/ /etc/{trueuser{domains,owners},named.conf,{local,user}domains}/
Then remove references to the domain. After that, remember to:
/scripts/rebuilddnsconfig
retry creating the domain.
restoring scripts
Back up current account
/scripts/pkgacct $username
(puts it in /home/ and should be called cpmove-$) mv it out of the way. to cpmove-{USER}.tar.gz.bak
Restore account
backup most be in home move the backup you want to restore from
(must be named like one of these):
cpmove-{USER}
cpmove-{USER}.tar
cpmove-{USER}.tar.gz
USER.tar
USER.tar.gz
backup-{BACKUP-DATE_TIME}_{USER}.tar
backup-{BACKUP-DATE_TIME}_{USER}.tar.gz
to one of the places cPanel looks:
/home, /home2, /home3, /root, /usr, /usr/home, /web
restore
/scripts/restorepkg $username
Or
/scripts/restorepkg $username /Path/to/the/userbackup.tar.gz
may need to kill the account if it already exists Or just use the force:
/scripts/restorepkg --force $username
/scripts/restorepkg --force $username /Path/to/the/userbackup.tar.gz
Remove current account
/scripts/killacct $username
crontab
Crontab Commands
export EDITOR=vi
to specify a editor to open crontab file. Edit your crontab file, or create one if it doesn’t already exist.
crontab -e
Display your crontab file.
crontab -l
Remove your crontab file.
crontab -r
Display the last time you edited your crontab file. (This option is only available on a few systems.)
crontab -v
min |hour |day o month |month |day o week
30 |0 |1 |1,6,12 |* – 00:30 Hrs on 1st of Jan, June & Dec.
0 |20 |* |10 |1-5 – 8.00 PM every weekday (Mon-Fri) only in Oct.
0 |0 |1,10,15 |* |* – midnight on 1st ,10th & 15th of month
5,10 |0 |10 |* |1 – At 12.05,12.10 every Monday & on 10th of every month
LoadParse
mkdir -p /scripts
wget -O /scripts/loadparse http://layer3.liquidweb.com/scripts/loadparse.sh
chmod +x /scripts/loadparse
LoadParse One Liners these need loadparse installed Top CPU users in loadwatch logs, logged today cd /root/loadwatch for i in `ll /root/loadwatch |grep $(date +"%Y-%m-%d") |awk '{print $NF}'`; do /scripts/loadparse $i | head ; done
Top mem users in loadwatch logs, logged today
cd /root/loadwatch
for i in `ll /root/loadwatch |grep $(date +"%Y-%m-%d") |awk '{print $NF}'`; do /scripts/loadparse $i | sed -n '14,20p'; done
reset password, username, and/or email
get cpuser
/scripts/whoown <domain>
get database name
grep DB_NAME /home/<cpuser>/public_html/wp-config.php
mysql oneliner to update all of them on user id 1 (the admin account) remove sections not needed replace everything in <>.
mysql -e "UPDATE <DB_NAME>.wp_users SET user_login = '<admin>', user_pass = MD5('<Password>'), user_email = '<their email address>' WHERE wp_users.ID = 1;"
Outlook and now more recently Thunderbird
Email clients are failing to connect servers using courier and SSL due to the key size being too small dovecot (the new default ) is fine, it is just cPanel never bothered to update courier. per nfuller techstaff email (modified)
echo "QUIT" | openssl s_client -connect `hostname`:995 2> /dev/null | grep 'Server Temp Key'
will result in something like:
Server Temp Key: DH, 768 bits
If the bits is lower than 1024, like above, outlook won't connect. Thankfully this is an easy fix. Run the following one liner:
cp -av /usr/lib/courier-imap/share/dhparams.pem{,.bak_768_bits} && openssl dhparam -out /usr/lib/courier-imap/share/dhparams.pem 2048
That will backup the old key and create one at 2048 bits. Run the first one liner again to check your work:
echo "QUIT" | openssl s_client -connect `hostname`:995 2> /dev/null | grep 'Server Temp Key'
it should result in:
Server Temp Key: DH, 2048 bits
what kernels you can boot from awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
