Difference between revisions of "Main Page"

From Wiki.onotech.org
Jump to: navigation, search
(Wiki)
(Mod sec)
(16 intermediate revisions by the same user not shown)
Line 1: Line 1:
<strong>MediaWiki has been installed.</strong>
+
Recently restored from google cache!
 
+
<!-- This is a coasdffffasdfasdfasdfasdfasddfasfffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdffffasdfdfgdfgsdfgagsdfgsdfgsdfgsdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffsdfgsdfgsdfgsdfgsdfgsdfsdfgsdfggsdfgfffffffffffffffffasdffffasdfasdfasdfasdffffffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffasdfasdfasddfasfffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdffffasdfdfgdfgsdfgagsdfgsdfgsdfgsdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffsdfgsdfgsdfgsdfgsdfgsdfsdfgsdfggsdfgfffffffffffffffffasdffffasdfasdfasdfasdffffffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffsdfgsdfgdfffffffsdfgsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasfasdfasdfasddfasfffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdffffasdfdfgdfgsdfgagsdfgsdfgsdfgsdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffasdfasdfasddfasfffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdffffasdfdfgdfgsdfgagsdfgsdfgsdfgsdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffsdfgsdfgsdfgsdfgsdfgsdfsdfgsdfggsdfgfffffffffffffffffasdffffasdfasdfasdfasdffffffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffsdfgsdfgdfffffffsdfgsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfasdfasdfafasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdfasdfasddfasfffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdffffasdfdfgdfgsdfgagsdfgsdfgsdfgsdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffsdfgsdfgsdfgsdfgsdfgsdfsdfgsdfggsdfgfffffffffffffffffasdffffasdfasdfasdfasdffffffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffsdfgsdfgdfffffffsdfgsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfasdfasdfafasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdfasdfasddfasfffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdffffasdfdfgdfgsdfgagsdfgsdfgsdfgsdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffsdfgsdfgsdfgsdfgsdfgsdfsdfgsdfggsdfgfffffffffffffffffasdffffasdfasdfasdfasdffffffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffsdfgsdfgdfffffffsdfgsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfasdfasdfafasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdfasdfasddfasfffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdffffasdfdfgdfgsdfgagsdfgsdfgsdfgsdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffsdfgsdfgsdfgsdfgsdfgsdfsdfgsdfggsdfgfffffffffffffffffasdffffasdfasdfasdfasdffffffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffsdfgsdfgdfffffffsdfgsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfasdfasdfafasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffsdfgsdfgsdfgsdfgsdfgsdfsdfgsdfggsdfgfffffffffffffffffasdffffasdfasdfasdfasdffffffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffsdfgsdfgdfffffffsdfgsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfasdfasdfafasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfasdfasdfafasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffsdfgsdfgdfffffffsdfgsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfasdfasdfafasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffmment -->
Consult the [//meta.wikimedia.org/wiki/Help:Contents User's Guide] for information on using the wiki software.
 
 
 
 
= Firewalls/Blocked IPs =
 
= Firewalls/Blocked IPs =
 
==APF==
 
==APF==
Line 155: Line 153:
 
As well as APF or CSF
 
As well as APF or CSF
  
=unformated BS=
 
to fix later
 
  
cPanel
+
==cPanel==
 
Version
 
Version
/usr/local/cpanel/cpanel -V  
+
/usr/local/cpanel/cpanel -V  
 
+
or check the top right of WHM \
 
 
or check the top right of WHM Restart
 
/etc/init.d/cpanel restart
 
  
 +
Restart
 +
/scripts/restartsrv_cpsrvd
  
 
force update
 
force update
/scripts/upcp --force  
+
/scripts/upcp --force  
 
 
  
 
add spf and dkim server wide
 
add spf and dkim server wide
for user in $(\ls -A /var/cpanel/users) ; do /usr/local/cpanel/bin/dkim_keys_install $user; /usr/local/cpanel/bin/spf_installer $user ; done  
+
for user in $(\ls -A /var/cpanel/users) ; do /usr/local/cpanel/bin/dkim_keys_install $user; /usr/local/cpanel/bin/spf_installer $user ; done  
  
  
 
bypass cpanel security questions:
 
bypass cpanel security questions:
echo "$(last |grep "still logged in" |awk '{print $3}')" >> /var/cpanel/userhomes/cpanel/.cpanel/securitypolicy/iplist/root echo "10.20.4.233" >> /var/cpanel/userhomes/cpanel/.cpanel/securitypolicy/iplist/root
 
  
 +
echo "$(last |grep "still logged in" |awk '{print $3}')" >> /var/cpanel/userhomes/cpanel/.cpanel/securitypolicy/iplist/root
  
Chksrvd log
+
echo "10.20.4.233" >> /var/cpanel/userhomes/cpanel/.cpanel/securitypolicy/iplist/root
 +
 
 +
==Chksrvd log==
 
chekservd fails:
 
chekservd fails:
echo -e "\nchekservd fails\n" && egrep '\[\[check command:-\]' /var/log/chkservd.log | egrep -o '(20[0-9]{2}(-[0-9]{2}){2}\ [0-9]{2}(:[0-9]{2}){2}|[a-z]* \[\[check command:-\])'| sed 's/\[\[check command:-\]//'g how far back does the log go: egrep -o '20[0-9]{2}(-[0-9]{2}){2}\ [0-9]{2}(:[0-9]{2}){2}' /var/log/chkservd.log |head -n1
+
echo -e "\nchekservd fails\n" && egrep '\[\[check command:-\]' /var/log/chkservd.log | egrep -o '(20[0-9]{2}(-[0-9]{2}){2}\ [0-9]{2}(:[0-9]{2}){2}|[a-z]* \[\[check command:-\])'| sed 's/\[\[check command:-\]//'g  
 +
how far back does the log go:
 +
egrep -o '20[0-9]{2}(-[0-9]{2}){2}\ [0-9]{2}(:[0-9]{2}){2}' /var/log/chkservd.log |head -n1
  
  
Apache
+
==Apache==
 +
 
 +
===ea3===
 
Restart
 
Restart
/etc/init.d/httpd restart  
+
/etc/init.d/httpd restart  
 
 
 
 
Tail the Error lo
 
tail -f /usr/local/apache/logs/error_log
 
  
 +
Tail the Error log
 +
tail -f /usr/local/apache/logs/error_log
  
 
Config file on cPanel boxes
 
Config file on cPanel boxes
vim /usr/local/apache/conf/httpd.conf  
+
vim /usr/local/apache/conf/httpd.conf  
 
 
  
 
Apache's status
 
Apache's status
service httpd status httpd fullstatus  
+
service httpd status  
 +
httpd fullstatus  
  
 +
Check for Max Clients
 +
grep MaxClients /usr/local/apache/logs/error_log ps aux | grep httpd -c; egrep 'MaxClients|ServerLimit' /usr/local/apache/conf/httpd.conf
  
Check for Max Clients
+
===ea4===
grep MaxClients /usr/local/apache/logs/error_log ps aux | grep httpd -c; egrep 'MaxClients|ServerLimit' /usr/local/apache/conf/httpd.conf  
+
Config file
 +
/etc/apache2/conf.d/httpd.conf
  
 +
Error Log
 +
tail -f /etc/apache2/logs/error_log
  
 
connections made per ip
 
connections made per ip
netstat -tn 2>/dev/null | grep ':80[[:space:]]' | awk '{print $5}' | cut -f1 -d: | sort | uniq -c | sort -rn | head
+
netstat -tn 2>/dev/null | grep ':80[[:space:]]' | awk '{print $5}' | cut -f1 -d: | sort | uniq -c | sort -rn | head
  
 +
===php-fpm===
 +
restart
 +
/scripts/restartsrv_apache_php_fpm
  
Plesk?
+
===Plesk?===
 
tail /var/www/vhosts/<domain.com>/statistics/logs/error_log
 
tail /var/www/vhosts/<domain.com>/statistics/logs/error_log
  
  
MySQL
+
==MySQL==
handy infos
+
===handy infos===
 
config file
 
config file
vim /etc/my.cnf  
+
vim /etc/my.cnf  
  
  
 
Error log
 
Error log
tail -f /var/lib/mysql/`hostname`.err  
+
tail -f /var/lib/mysql/`hostname`.err  
  
  
 
Restart
 
Restart
/etc/init.d/mysql restart  
+
/systemctl status mysqld.service
 +
 +
/etc/init.d/mysql restart  
  
  
watch -n1 mysqladmin proc stat
+
watch -n1 mysqladmin proc stat
  
  
 
Jhayhoe's list frag tables
 
Jhayhoe's list frag tables
wget -O /scripts/fragmented.sh http://layer3.liquidweb.com/scripts/jhayhoe/fragmented.sh chmod +x /scripts/fragmented.sh /scripts/fragmented.sh  
+
wget -O /scripts/fragmented.sh http://layer3.liquidweb.com/scripts/jhayhoe/fragmented.sh chmod +x /scripts/fragmented.sh /scripts/fragmented.sh  
  
  
 
mysqlcheck
 
mysqlcheck
The mysqlcheck client performs table maintenance: It checks, repairs, optimizes, or analyzes tables
+
The mysqlcheck client performs table maintenance: It checks, repairs, optimizes, or analyzes tables
--all-databases, -A Check all tables in all databases. This is the same as using the --databases option and naming all the databases on the command line.
+
--all-databases, -A Check all tables in all databases. This is the same as using the --databases option and naming all the databases on the command line.
--optimize, -o Optimize the tables.  
+
--optimize, -o       Optimize the tables.  
--repair, -r Perform a repair that can fix almost anything except unique keys that are not unique.
+
--repair, -r         Perform a repair that can fix almost anything except unique keys that are not unique.
--auto-repairIf a checked table is corrupted, automatically fix it. Any necessary repairs are done after all tables have been checked.  
+
--auto-repair        If a checked table is corrupted, automatically fix it. Any necessary repairs are done after all tables have been checked.  
  
  
mysqlcheck -Aor
+
mysqlcheck -Aor
  
  
mysqlcheck --auto-repair --optimize --all-databases
+
mysqlcheck --auto-repair --optimize --all-databases
  
  
other stuff
+
===other stuff===
 
Shut it down and check tables
 
Shut it down and check tables
killall -9 tailwatchd
+
killall -9 tailwatchd
killall -9 crond
+
killall -9 crond
service mysql stop
+
service mysql stop
find /var/lib/mysql -iname "*.MYI" -exec myisamchk -fUr {} \; service mysql restart
+
find /var/lib/mysql -iname "*.MYI" -exec myisamchk -fUr {} \; service mysql restart
service crond restart
+
service crond restart
/scripts/restartsrv_tailwatchd  
+
/scripts/restartsrv_tailwatchd  
  
  
 
Optimize each table in a For loop,
 
Optimize each table in a For loop,
for i in $(mysql -e "show databases;" | sed 's/Database//') ; do for each in $(mysql -e "use $i; show tables;" | sed 's/Tables.*//' ;) ; do mysql -e "use $i ; optimize table $each" ; done ; done  
+
for i in $(mysql -e "show databases;" | sed 's/Database//') ; do for each in $(mysql -e "use $i; show tables;" | sed 's/Tables.*//' ;) ; do mysql -e "use $i ; optimize table $each" ; done ; done  
  
  
MyTop, it's like top for mysql (If it is installed on the server) http://jeremy.zawodny.com/mysql/mytop/mytop-1.6.tar.gz mytop
+
===MyTop===
innodb
+
it's like top for mysql (If it is installed on the server)  
 +
http://jeremy.zawodny.com/mysql/mytop/mytop-1.6.tar.gz  
 +
 +
mytop
 +
===innodb===
 
what tables are using innodb
 
what tables are using innodb
mysql -e "SELECT table_schema, table_name FROM INFORMATION_SCHEMA.TABLES WHERE engine = 'innodb';"
+
mysql -e "SELECT table_schema, table_name FROM INFORMATION_SCHEMA.TABLES WHERE engine = 'innodb';"
  
 +
conf
  
conf
 
 
located in
 
located in
/etc/my.cnf  
+
/etc/my.cnf  
  
  
script for the only settings that should ever need to be adjusted (according to lw wiki):
+
===Mysql Memory settings===
"Good starting points are 64M, then double this value as RAM doubles. 1GB RAM = 64M, 2GB = 128M, 4GB = 256M"
 
  
 +
echo -e "\n\n================Mysql Mem configured settings================" && awk '/(key|i.*b)_b.*r_(pool_)?(s.*|.*es)/{sub("="," "); print $1,$2}' /etc/my.cnf && echo -e "\n================Mysql Mem current settings================" && mysql -e "show variables" |awk '/(key|innodb)_buffer_(pool_)?(size|.*es)/{if($1~/.*es/)print$1,$2; else print$1,$2/1048576"M"}' && echo -e "\n================Mysql Mem suggested settings================" && mysql -Bse 'show variables like "datadir";'|awk '{print $2}'|xargs -I{} find {} -type f -printf "%s %f\n"|awk -F'[ ,.]' '{print $1, $NF}'|awk '{array[$2]+=$1} END {for (i in array) {printf("%-15s %s\n", sprintf("%.3f MB", array[i]/1048576), i)}}' | awk '{if($3~/MYI/)print"key_buffer_size\t\t",$1"M"};{if($3~/ibd/)a+=$1}END{print "innodb_buffer_pool_size\t",a"M"}'
  
echo "what they are:";mysql -e "show variables" |egrep 'innodb_buffer_pool_size|key_buffer_size' |awk '{print $1,$2/1024/1024"M"}'; echo "what they should be:"; cat /proc/meminfo |grep MemTotal | awk '{print $2/1024/1024*64"M"}'
+
===Plesk===
 
+
====old====
 
 
Plesk?
 
 
restart (notice the d)
 
restart (notice the d)
/etc/init.d/mysqld restart  
+
/etc/init.d/mysqld restart  
  
  
 
This will give you the admin password to Plesk
 
This will give you the admin password to Plesk
cat /etc/psa/.psa.shadow; echo -e "\n";  
+
cat /etc/psa/.psa.shadow; echo -e "\n";  
  
  
 
Use this password with:
 
Use this password with:
mysql -u admin -p watch "mysqladmin proc stat -u admin -p`cat /etc/psa/.psa.shadow`"
+
mysql -u admin -p  
 +
 +
watch "mysqladmin proc stat -u admin -p`cat /etc/psa/.psa.shadow`"
  
 +
====new====
 +
access the plesk db
  
Screen
+
plesk db
ctrl+a +d is keyboard shortcut to detach
+
alternatively
 +
MYSQL_PWD=$(cat /etc/psa/.psa.shadow) mysql -uadmin psa
 +
nightly dumps of the plesk db are in
 +
/var/lib/psa/dumps/
 +
restoring from a backup
 +
zcat mysql.daily.dump.0.gz | plesk db
 +
back it up as is  
 +
plesk db dump > backup.sql
  
 +
===Screen===
 +
ctrl+a +d is keyboard shortcut to detach
  
Error?
 
Directory '/var/run/screen' must have mode 777.
 
no prob:
 
chmod g+s /usr/bin/screen
 
  
 +
====Error?====
  
 +
Directory '/var/run/screen' must have mode 777.
 +
 +
no prob:
 +
chmod g+s /usr/bin/screen
 
all set
 
all set
 +
 
List current screens
 
List current screens
screen -ls  
+
screen -ls  
 
 
  
 
Create new screen
 
Create new screen
screen -S [name]  
+
screen -S [name]  
 
 
  
 
Attach
 
Attach
screen -r [screen name]  
+
screen -r [screen name]  
 
 
  
 
Detach
 
Detach
screen -d [screen name]  
+
screen -d [screen name]  
 
 
  
 
Join already attached or unattached...
 
Join already attached or unattached...
screen -x [screen name]  
+
screen -x [screen name]  
  
 +
screen -x by itself, will join the screen if there is only one to join
  
screen -x by itself, will join the screen if there is only one to join
+
===EasyApache===
EasyApache
 
 
Do before:
 
Do before:
USR=lw.$(date +%s); FILE=/root/preEA.$USR;cp /usr/local/apache/conf/httpd.conf{,.bak.$USR}; cp /usr/local/lib/php.ini{,.bak.$USR}; touch $FILE; cat > $FILE <(echo -e "\n--Current Handler--\n" ; /usr/local/cpanel/bin/rebuild_phpconf --current ; if [ -x /usr/bin/php4 ] ;then echo -e "\n--PHP 4 Version--\n" ; php4 -v 2>&1; echo -e "\n--PHP 4 Modules--\n"; php4 -m 2>&1 ;fi;if [ -x /usr/bin/php5 ] ;then echo -e "\n--PHP 5 Version--\n"; php5 -v ; echo -e "\n--PHP 5 Modules--\n"; php5 -m;fi ;echo -e "\n--Apache Version--\n" ;/usr/local/apache/bin/httpd -V; echo -e "\n--Apache Modules--\n";/usr/local/apache/bin/httpd -l ; echo -e "\n\n--Date Created: $(date +%c)--";echo -e "\n--Configuration files--\n" ; echo "httpd.conf: /usr/local/apache/conf/httpd.conf.bak.$USR"; echo "php.ini: /usr/local/lib/php.ini.bak.$USR";) ; echo -e "\nPreEA configuration stored in \n$FILE"  
+
 
 +
USR=lw.$(date +%s); FILE=/root/preEA.$USR;cp /usr/local/apache/conf/httpd.conf{,.bak.$USR}; cp /usr/local/lib/php.ini{,.bak.$USR}; touch $FILE; cat > $FILE <(echo -e "\n--Current Handler--\n" ; /usr/local/cpanel/bin/rebuild_phpconf --current ; if [ -x /usr/bin/php4 ] ;then echo -e "\n--PHP 4 Version--\n" ; php4 -v 2>&1; echo -e "\n--PHP 4 Modules--\n"; php4 -m 2>&1 ;fi;if [ -x /usr/bin/php5 ] ;then echo -e "\n--PHP 5 Version--\n"; php5 -v ; echo -e "\n--PHP 5 Modules--\n"; php5 -m;fi ;echo -e "\n--Apache Version--\n" ;/usr/local/apache/bin/httpd -V; echo -e "\n--Apache Modules--\n";/usr/local/apache/bin/httpd -l ; echo -e "\n\n--Date Created: $(date +%c)--";echo -e "\n--Configuration files--\n" ; echo "httpd.conf: /usr/local/apache/conf/httpd.conf.bak.$USR"; echo "php.ini: /usr/local/lib/php.ini.bak.$USR";) ; echo -e "\nPreEA configuration stored in \n$FILE"  
  
  
 
do it in a screen!
 
do it in a screen!
screen -S EA /scripts/easyapache
+
screen -S EA /scripts/easyapache
  
  
suPHPfix + suPHP
+
===suPHPfix + suPHP===
Save-state
+
 
 +
out dated
 +
====Save-state====
 
saves the file permissions of (all|cPuser) in their current state
 
saves the file permissions of (all|cPuser) in their current state
 
However,
 
However,
 
This will overwrite the previous save state if done a second time!
 
This will overwrite the previous save state if done a second time!
Save state is a JSON file located in: /var/cache/suphpfix backup the appropriate file in this directory if you are going to run this a second time
+
Save state is a JSON file located in:
 +
/var/cache/suphpfix  
 +
backup the appropriate file in this directory if you are going to run this a second time
 +
 
 
something like
 
something like
cp -rfa /var/cache/suphpfix /var/cache/$(date +"%m%d%Y").suphpfix.bak Check the ticket to see if it was run previously ! suphpfix --save-state (all|cPuser)  
+
cp -rfa /var/cache/suphpfix /var/cache/$(date +"%m%d%Y").suphpfix.bak
 +
Check the ticket to see if it was run previously !
 +
suphpfix --save-state (all|cPuser)  
  
  
Prep all
+
====Prep all====
 
makes the changes to the permissions suphpfix --prep (all|cPuser)
 
makes the changes to the permissions suphpfix --prep (all|cPuser)
Restore-state
+
====Restore-state====
 
restores from the current save state in
 
restores from the current save state in
/var/cache/suphpfix
+
/var/cache/suphpfix
suphpfix --restore-state (all|cPuser) switch to suPHP /usr/local/cpanel/bin/rebuild_phpconf 5 none suphp enabled
+
suphpfix --restore-state (all|cPuser)  
 +
 
 +
switch to suPHP
  
 +
/usr/local/cpanel/bin/rebuild_phpconf 5 none suphp enabled
  
SpamAssassin
+
====SpamAssassin====
 
Disable forwarding for DNSBL queries for SpamAssassin
 
Disable forwarding for DNSBL queries for SpamAssassin
 
Needs more testing!
 
Needs more testing!
sed -i.preSAfix.bak -e '1iinclude "/etc/named.disable.DNSBL.fwding.conf"; \' /etc/named.conf
+
<nowiki>
 +
sed -i.preSAfix.bak -e '1iinclude "/etc/named.disable.DNSBL.fwding.conf"; \' /etc/named.conf
 
touch /etc/named.disable.DNSBL.fwding.conf && chown named: /etc/named.disable.DNSBL.fwding.conf
 
touch /etc/named.disable.DNSBL.fwding.conf && chown named: /etc/named.disable.DNSBL.fwding.conf
cat <<EOF >> /etc/named.disable.DNSBL.fwding.conf  
+
cat <<EOF >> /etc/named.disable.DNSBL.fwding.conf  
 
view "DNSBL zones" {  
 
view "DNSBL zones" {  
 
//Disable forwarding for DNSBL queries for SpamAssassin  
 
//Disable forwarding for DNSBL queries for SpamAssassin  
Line 433: Line 466:
 
service named restart
 
service named restart
  
 
+
</nowiki>
SA-learn script
+
====SA-learn script====
 
stolen modified from jpurkis
 
stolen modified from jpurkis
enable Bayes in the user_conf
+
enable Bayes in the user_conf
use_bayes 1
+
use_bayes 1
bayes_auto_learn 1
+
bayes_auto_learn 1
bayes_min_ham_num 50
+
bayes_min_ham_num 50
bayes_min_spam_num 50
+
bayes_min_spam_num 50
  
  
 
su to the cPanel user in question and add a cronjob to run the following script, (placed where the cPanel user can access it).
 
su to the cPanel user in question and add a cronjob to run the following script, (placed where the cPanel user can access it).
#!/bin/bash  
+
#!/bin/bash  
#Find and learn spam  
+
#Find and learn spam  
find /home/$user/mail/ -type d -name ".Junk" -exec /usr/local/cpanel/3rdparty/bin/sa-learn --no-sync --spam {}/{cur,new}/ \;  
+
find /home/$user/mail/ -type d -name ".Junk" -exec /usr/local/cpanel/3rdparty/bin/sa-learn --no-sync --spam {}/{cur,new}/ \;  
#Find and learn ham
+
#Find and learn ham
find /home/$user/mail/ -type d -name ".non-spam" -exec /usr/local/cpanel/3rdparty/bin/sa-learn --no-sync --ham {}/{cur,new}/ \;  
+
find /home/$user/mail/ -type d -name ".non-spam" -exec /usr/local/cpanel/3rdparty/bin/sa-learn --no-sync --ham {}/{cur,new}/ \;  
#sync /usr/local/cpanel/3rdparty/bin/sa-learn --sync  
+
#sync /usr/local/cpanel/3rdparty/bin/sa-learn --sync  
#clean out learned spam for i in $(find /home/$user/mail/ -type d -name ".Junk" ); do rm -f $i/{cur,new}/* ; done  
+
#clean out learned spam for i in $(find /home/$user/mail/ -type d -name ".Junk" ); do rm -f $i/{cur,new}/* ; done  
#remove week old spam  
+
#remove week old spam  
for i in $(find /home/$user/mail/ -type d -name ".spam") ; do find $i/{cur,new}/ -type f -mtime +7 -exec rm -f \; ; done
+
for i in $(find /home/$user/mail/ -type d -name ".spam") ; do find $i/{cur,new}/ -type f -mtime +7 -exec rm -f \; ; done
  
  
exim
+
===exim===
Mail queue cleanup
+
====Mail queue cleanup====
who is 'authing' the mail. This needs to be addressed first. Stop the outgoing mail then clean it up.
+
who is 'authing' the mail.  
find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id'  
+
This needs to be addressed first.  
 +
Stop the outgoing mail then clean it up.
 +
find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id'  
  
  
 
Subject lines
 
Subject lines
find /var/spool/exim/input/ -name '*-H' | xargs egrep ' Subject:'
+
find /var/spool/exim/input/ -name '*-H' | xargs egrep ' Subject:'
  
  
refine the results
+
=====refine the results=====
 
is all the spam authed by the same user?
 
is all the spam authed by the same user?
find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id someuser@domain'  
+
find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id someuser@domain'  
  
  
 
or
 
or
find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id somecpuser'
+
find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id somecpuser'
  
  
 
or are the subject lines all the same?
 
or are the subject lines all the same?
find /var/spool/exim/input/ -name '*-H' | xargs egrep ' Subject: Discount spam, free'  
+
find /var/spool/exim/input/ -name '*-H' | xargs egrep ' Subject: Discount spam, free'  
  
  
 
then pipe that to:
 
then pipe that to:
 +
 
Regex for pulling out the mail ID
 
Regex for pulling out the mail ID
| egrep '([0-9a-zA-Z]{6}\-){2}[0-9a-zA-Z]{2}' -o  
+
| egrep '([0-9a-zA-Z]{6}\-){2}[0-9a-zA-Z]{2}' -o  
  
  
 
then pipe that to the exim command to remove mail by mail id to remove previously determined the mail
 
then pipe that to the exim command to remove mail by mail id to remove previously determined the mail
 
Removing the mail by mail ID
 
Removing the mail by mail ID
| xargs exim -Mrm
+
| xargs exim -Mrm
  
  
 
clear out bounces ect
 
clear out bounces ect
find /var/spool/exim/input/ -name '*-H' | xargs egrep 'Subject: (Undelivered Mail|Mail delivery|Mail failure|Delivery Status|Returned mail|Undeliverable|failure notice|Warning: message)'| egrep [0-9a-zA-Z]{6}\-[0-9a-zA-Z]{6}\-[0-9a-zA-Z]{2} -o | xargs exim -Mrm  
+
find /var/spool/exim/input/ -name '*-H' | xargs egrep 'Subject: (Undelivered Mail|Mail delivery|Mail failure|Delivery Status|Returned mail|Undeliverable|failure notice|Warning: message)'| egrep [0-9a-zA-Z]{6}\-[0-9a-zA-Z]{6}\-[0-9a-zA-Z]{2} -o | xargs exim -Mrm  
  
  
 
Babysitting cleanup of a large queue?
 
Babysitting cleanup of a large queue?
 
Make you notes look nice:
 
Make you notes look nice:
echo -e "#queue $(exim -bpc) @$(date) on $(hostname)"  
+
echo -e "#queue $(exim -bpc) @$(date) on $(hostname)"  
  
  
 
periodically run that, to get nice output, eg:
 
periodically run that, to get nice output, eg:
#queue 96910 @Fri Feb 27 08:28:48 EST 2015 on host.server.com
+
#queue 96910 @Fri Feb 27 08:28:48 EST 2015 on host.server.com
#queue 96710 @Fri Feb 27 08:28:58 EST 2015 on host.server.com
+
#queue 96710 @Fri Feb 27 08:28:58 EST 2015 on host.server.com
#queue 96595 @Fri Feb 27 08:29:08 EST 2015 on host.server.com  
+
#queue 96595 @Fri Feb 27 08:29:08 EST 2015 on host.server.com  
  
  
 
general
 
general
restart /etc/init.d/exim restart what is going on exiwhat number of messages in queue exim -bpc start the queue exim -q -v  
+
restart /etc/init.d/exim restart  
 +
what is going on  
 +
exiwhat  
 +
number of messages in queue
 +
exim -bpc  
 +
start the queue
 +
exim -q -v  
  
  
 
clean out default mail inbox
 
clean out default mail inbox
find /home/$(cpuser)/mail/{cur,new}/ -type f -exec rm -f \;
+
find /home/$(cpuser)/mail/{cur,new}/ -type f -exec rm -f \;
  
  
 
where $(cpuser) is the user alternatively add
 
where $(cpuser) is the user alternatively add
-mtime +7  
+
-mtime +7  
  
  
 
to leave stuff newer than one week if the user wants to review.
 
to leave stuff newer than one week if the user wants to review.
 
make cpanel interface report the correct value
 
make cpanel interface report the correct value
/scripts/generate_maildirsize --confirm --allaccounts --verbose $(cpuser)  
+
/scripts/generate_maildirsize --confirm --allaccounts --verbose $(cpuser)  
  
  
 
log location
 
log location
/var/log/exim_mainlog  
+
/var/log/exim_mainlog  
  
  
 
cant ping liquidweb.com? check
 
cant ping liquidweb.com? check
vim /etc/resolv.conf  
+
vim /etc/resolv.conf  
 +
 
 +
try google's resolvers 8.8.8.8
  
  
try google's resolvers 8.8.8.8
+
===diskspace clean up===
diskspace clean up
+
/var yum clean all  
/var yum clean all  
 
  
  
 
checking usage
 
checking usage
df -h du -h --max-depth=1  
+
 
 +
file system disk usage
 +
 
 +
df -h
 +
make it fancy
 +
df -Ph| awk '{if(0+$5>=80)print"\033[31m"$0"\033[0m"};{if($1~"Filesystem")print};{if($5<=80)print$0}'
 +
Summarize disk usage of each FILE, recursively for directories.
 +
 
 +
du -h --max-depth=1  
  
  
df and du discrepancy
+
====df and du discrepancy====
 
If df and du do not agree, there is one or more processes keeping a deleted file open.  
 
If df and du do not agree, there is one or more processes keeping a deleted file open.  
 
df is reading it and du is not  
 
df is reading it and du is not  
 
find them and kill them!  
 
find them and kill them!  
 
Find it, make sure these can be killed, note, ect.
 
Find it, make sure these can be killed, note, ect.
lsof | grep "deleted"  
+
lsof | grep "deleted"  
  
  
 
nice output if the sizer is >0 i.e.
 
nice output if the sizer is >0 i.e.
COMMAND PID SIZE NAME  
+
COMMAND PID SIZE NAME  
  
  
lsof | grep deleted |awk '{if ($7>0) print $1,$2"\t"$7/1024/1024"M\t" $9}'  
+
lsof | grep deleted |awk '{if ($7>0) print $1,$2"\t"$7/1024/1024"M\t" $9}'  
  
  
 
Kill them:
 
Kill them:
kill -15 <PID>
+
kill -15 <PID>
  
  
inodes
+
====inodes====
 
Plenty of open space but but the disk is still full?
 
Plenty of open space but but the disk is still full?
 
Check the number of inodes used
 
Check the number of inodes used
 
no inodes = no new files
 
no inodes = no new files
du -i  
+
du -i  
  
  
 
purge_dead_comet_files:
 
purge_dead_comet_files:
/usr/local/cpanel/bin/purge_dead_comet_files
+
/usr/local/cpanel/bin/purge_dead_comet_files
 
 
 
 
don't use
 
Delete ALL the files! Bad idea to use unless you know what you are doing
 
don't use this.
 
find . -type f | xargs rm -f
 
  
  
Line 576: Line 621:
 
Make sure you are rm'ing the right stuff  
 
Make sure you are rm'ing the right stuff  
 
echo it first!
 
echo it first!
for i in `cat /filepath/to/listtodelete.txt`; do echo "/dir/where/files/live/$i"; done  
+
for i in `cat /filepath/to/listtodelete.txt`; do echo "/dir/where/files/live/$i"; done  
  
  
 
once you are sure, make sure again, then delete with:
 
once you are sure, make sure again, then delete with:
for i in `cat /filepath/to/listtodelete.txt`; do rm -Rf /dir/where/files/live/$i; done
+
for i in `cat /filepath/to/listtodelete.txt`; do rm -Rf /dir/where/files/live/$i; done
  
 
+
===Mod sec===
Mod sec
 
 
install LW rules
 
install LW rules
yum install lp-modsec2-rules.noarch  
+
yum install lp-modsec2-rules.noarch  
  
  
 
copy old modsec whitelist to new one
 
copy old modsec whitelist to new one
cat /usr/local/apache/conf/modsec/00_asl_whitelist.conf > /usr/local/apache/conf/modsec2/whitelist.conf  
+
cat /usr/local/apache/conf/modsec/00_asl_whitelist.conf > /usr/local/apache/conf/modsec2/whitelist.conf  
  
  
 
Modsec finder (in progress)
 
Modsec finder (in progress)
clear; echo "ModSec tripping"; read -p "enter IP here " IP; DATE=$(date '+%b %d'); echo -e "\n\nModSec rules triped on $DATE\nand what to whitelist:\n\n "; grep "$DATE" /usr/local/apache/logs/error_log |grep modsec |grep $IP |egrep '\[id \"[0-9]*\"\]' | egrep -o '\[id \"[0-9]*\"\]|\[uri "[^"]+"\]' |egrep -o '[0-9]{4,9}|\"((\/[A-Za-z0-9\-]*)*)\.[a-zA-Z]{3,4}\/?\"' |tr '\n' ' '| sed 's/\/\"/&\n/g' |sed 's/[a-z]\"/&\n/g'|egrep -v '^ $' |sort |uniq -c | sort -rn |awk '{print $1" instance(s) of \n\n<LocationMatch "$3">\n SecRuleRemoveById "$2 "\n</LocationMatch> \n\n"}' Search for modsec errors grep -i modsec /usr/local/apache/logs/error_log | grep (enter domain here) | sed "s/$/\n/" grep for cust's ip or domain or whatever then append: |grep ModSec |grep "\[id "| grep -oP '\[\w{3} \w{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}]|\[id "\d+"\]|\[uri "[^"]+"\]' | tr '\n' ' ' |sed 's/alpha:\"\]/&\n/g' |sed 's/\[id \"/\n[id "/g'  
+
clear; echo "ModSec tripping"; read -p "enter IP here " IP; DATE=$(date '+%b %d'); echo -e "\n\nModSec rules triped on $DATE\nand what to whitelist:\n\n "; grep "$DATE" /usr/local/apache/logs/error_log |grep modsec |grep $IP |egrep '\[id \"[0-9]*\"\]' | egrep -o '\[id \"[0-9]*\"\]|\[uri "[^"]+"\]' |egrep -o '[0-9]{4,9}|\"((\/[A-Za-z0-9\-]*)*)\.[a-zA-Z]{3,4}\/?\"' |tr '\n' ' '| sed 's/\/\"/&\n/g' |sed 's/[a-z]\"/&\n/g'|egrep -v '^ $' |sort |uniq -c | sort -rn |awk '{print $1" instance(s) of \n\n<LocationMatch "$3">\n SecRuleRemoveById "$2 "\n</LocationMatch> \n\n"}'  
 +
Search for modsec errors
 +
grep -i modsec /usr/local/apache/logs/error_log | grep (enter domain here) | sed "s/$/\n/"  
 +
grep for cust's ip or domain or whatever then append:
 +
|grep ModSec |grep "\[id "| grep -oP '\[\w{3} \w{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}]|\[id "\d+"\]|\[uri "[^"]+"\]' | tr '\n' ' ' |sed 's/alpha:\"\]/&\n/g' |sed 's/\[id \"/\n[id "/g'
 +
 
 +
regex for grabing out ip uri and id
 +
egrep 'date or ip or whatever' /usr/local/apache/logs/error_log | grep -i modsec  |grep -noP '(?:(?<=client )(?:\d{1,3}\.){3}\d{1,3}(?=])|(?<=uri ")[^"]+|(?<=id ")\d+)'
  
 +
regex for grabing out date, ip, uri, and id.
 +
grep -noP '\w{3}\s\w{3}(?:\s\d{2}){2}(?::\d{2}){2}|(?<=client )(?:\d{1,3}\.){3}\d{1,3}(?=])|(?<=uri ")[^"]+|(?<=id ")\d+'
  
 
Only list them once and count multiples
 
Only list them once and count multiples
grep modsec /usr/local/apache/logs/error_log |grep (enter domain here) |awk -F] '{$1=$(NF-1)="";print}'| uniq -c | sed "s/$/\n/"  
+
grep modsec /usr/local/apache/logs/error_log |grep (enter domain here) |awk -F] '{$1=$(NF-1)="";print}'| uniq -c | sed "s/$/\n/"  
  
  
Line 604: Line 657:
 
ruleid is just the number Without quotes!
 
ruleid is just the number Without quotes!
 
add
 
add
<LocationMatch "/URI/From/Error">
+
<LocationMatch "/URI/From/Error">
SecRuleRemoveById $ruleid  
+
SecRuleRemoveById $ruleid  
</LocationMatch>  
+
</LocationMatch>  
  
  
 
to (in most cases)
 
to (in most cases)
vim /usr/local/apache/conf/modsec2/whitelist.conf  
+
vim /usr/local/apache/conf/modsec2/whitelist.conf  
  
  
 
restart apache
 
restart apache
/etc/init.d/httpd restart  
+
/etc/init.d/httpd restart  
  
  
 
Plesk?
 
Plesk?
grep ModSec /var/www/vhosts/domain.com/statistics/logs/error_log  
+
grep ModSec /var/www/vhosts/domain.com/statistics/logs/error_log  
  
  
 
add
 
add
<LocationMatch "/URI/From/Error">
+
<LocationMatch "/URI/From/Error">
SecRuleRemoveById $ruleid
+
SecRuleRemoveById $ruleid
</LocationMatch>  
+
</LocationMatch>  
  
  
 
to
 
to
vim /var/www/vhosts/<domain.com>/conf/vhost.conf  
+
vim /var/www/vhosts/<domain.com>/conf/vhost.conf  
  
  
 
or if a subdomain
 
or if a subdomain
vim /var/www/vhosts/<domain.com>/subdomains/<NameOfSubdomain>/conf/vhost.conf  
+
vim /var/www/vhosts/<domain.com>/subdomains/<NameOfSubdomain>/conf/vhost.conf  
  
  
 
rebuild plesk
 
rebuild plesk
/usr/local/psa/admin/bin/httpdmng --reconfigure-domain then <domain.com> or <sub.domain.com>  
+
/usr/local/psa/admin/bin/httpdmng --reconfigure-domain then <domain.com> or <sub.domain.com>  
  
  
 
like:
 
like:
/usr/local/psa/admin/bin/httpdmng --reconfigure-domain <sub.domain.com>  
+
/usr/local/psa/admin/bin/httpdmng --reconfigure-domain <sub.domain.com>  
  
  
 
restart apache
 
restart apache
/etc/init.d/httpd restart  
+
/etc/init.d/httpd restart  
  
  
 
test again:
 
test again:
tail -f /var/www/vhosts/domain.com/statistics/logs/error_log |grep ModSec  
+
tail -f /var/www/vhosts/domain.com/statistics/logs/error_log |grep ModSec  
  
  
 
Making a new rule
 
Making a new rule
in here define it and assign it a $ruleid vim /usr/local/apache/conf/modsec2.user.conf then you can add $ruleid to <LocationMatch "/URI/From/Error"> SecRuleRemoveById $ruleid </LocationMatch> like normal
+
in here define it and assign it a $ruleid  
 
+
vim /usr/local/apache/conf/modsec2.user.conf  
 +
then you can add $ruleid to  
 +
<LocationMatch "/URI/From/Error">  
 +
SecRuleRemoveById $ruleid  
 +
</LocationMatch>  
 +
like normal
  
PHP
+
===PHP===
php.ini
+
php.ini
 
To see where the file is loading from use:
 
To see where the file is loading from use:
php -i |grep -i loaded  
+
php -i |grep -i loaded  
  
  
 
you will get:
 
you will get:
Loaded Configuration File => /path/to/php.ini  
+
Loaded Configuration File => /path/to/php.ini  
  
  
 
in general, on cPanel it is:
 
in general, on cPanel it is:
vim /usr/local/lib/php.ini  
+
vim /usr/local/lib/php.ini  
  
  
 
common values to change
 
common values to change
*memory_limit = <>M  
+
*memory_limit = <>M  
*upload_max_filesize = <>M  
+
*upload_max_filesize = <>M  
*post_max_size = <>M  
+
*post_max_size = <>M  
*upload_max_filesize < post_max_size  
+
*upload_max_filesize < post_max_size  
  
  
 
Restart apache to have changes take effect
 
Restart apache to have changes take effect
/etc/init.d/httpd restart
+
/etc/init.d/httpd restart
  
  
 
php.conf
 
php.conf
 
Another php configuration file. It is used with the fastCGI php handler
 
Another php configuration file. It is used with the fastCGI php handler
/usr/local/apache/conf/php.conf  
+
/usr/local/apache/conf/php.conf  
  
  
 
so far I've only run into "mod_fcgid: HTTP request length" value errors here. add or increase the value of
 
so far I've only run into "mod_fcgid: HTTP request length" value errors here. add or increase the value of
MaxRequestLen
+
MaxRequestLen
 
Restart apache to have changes take effect
 
Restart apache to have changes take effect
/etc/init.d/httpd restart  
+
/etc/init.d/httpd restart  
  
  
 
Plesk?
 
Plesk?
 
In Plesk, php.ini lives in the same spot it does on any non-cPanel environment: /etc/php.ini
 
In Plesk, php.ini lives in the same spot it does on any non-cPanel environment: /etc/php.ini
vim /etc/php.ini  
+
vim /etc/php.ini  
  
  
 
Restart apache to have changes take effect
 
Restart apache to have changes take effect
/etc/init.d/httpd restart
+
/etc/init.d/httpd restart
  
  
Custom php.ini
+
===Custom php.ini===
cgi and fcgi
+
cgi and fcgi
 
Double check which is the current php handler
 
Double check which is the current php handler
/usr/local/cpanel/bin/rebuild_phpconf --current
+
/usr/local/cpanel/bin/rebuild_phpconf --current
  
  
Line 710: Line 768:
 
Via WHM In modify an account under Privileges  
 
Via WHM In modify an account under Privileges  
 
If it is unchecked, this will not work and the error messages are not helpful.
 
If it is unchecked, this will not work and the error messages are not helpful.
CGI
+
====CGI====
 
First copy the php.ini over
 
First copy the php.ini over
cd /home/(username)/public_html/cgi-bin
+
cd /home/(username)/public_html/cgi-bin
cp /usr/local/lib/php.ini php.ini
+
cp /usr/local/lib/php.ini php.ini
chown (username). php.ini  
+
chown (username). php.ini  
  
  
 
In the .htaccess in the public_html,
 
In the .htaccess in the public_html,
vim /home/(username)/public_html/.htaccess  
+
vim /home/(username)/public_html/.htaccess  
  
  
 
add the following at the very top of the file before everything:
 
add the following at the very top of the file before everything:
AddHandler php-cgi .php Action php-cgi /cgi-bin/phpini.cgi  
+
AddHandler php-cgi .php Action php-cgi /cgi-bin/phpini.cgi  
  
  
 
make the phpini.cgi file
 
make the phpini.cgi file
vim /home/(username)/public_html/cgi-bin/phpini.cgi  
+
vim /home/(username)/public_html/cgi-bin/phpini.cgi  
  
  
 
with the following contents:
 
with the following contents:
  
#!/bin/sh  
+
#!/bin/sh  
export PHPRC=/home/(username)/public_html/cgi-bin/php.ini  
+
export PHPRC=/home/(username)/public_html/cgi-bin/php.ini  
exec /usr/local/cpanel/cgi-sys/php5 -c /home/(username)/public_html/  
+
exec /usr/local/cpanel/cgi-sys/php5 -c /home/(username)/public_html/  
 
   
 
   
  
  
 
Also make sure that you correct the permissions on the phpini.cgi.
 
Also make sure that you correct the permissions on the phpini.cgi.
chmod +x /home/(username)/public_html/cgi-bin/phpini.cgi
+
chmod +x /home/(username)/public_html/cgi-bin/phpini.cgi
chown (username). /home/(username)/public_html/cgi-bin/phpini.cgi  
+
chown (username). /home/(username)/public_html/cgi-bin/phpini.cgi  
  
  
 
then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded:
 
then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded:
Loaded Configuration File = /home/(username)/public_html/cgi-bin/php.ini  
+
Loaded Configuration File = /home/(username)/public_html/cgi-bin/php.ini  
  
  
 
and not the main php.ini:
 
and not the main php.ini:
Loaded Configuration File = /usr/local/lib/php.ini
+
Loaded Configuration File = /usr/local/lib/php.ini
  
  
FCGI
+
====FCGI====
 
First copy the php.ini over
 
First copy the php.ini over
 
cd /home/(username)/public_html/cgi-bin
 
cd /home/(username)/public_html/cgi-bin
Line 758: Line 816:
  
 
In the .htaccess in the public_html,
 
In the .htaccess in the public_html,
vim /home/(username)/public_html/.htaccess  
+
vim /home/(username)/public_html/.htaccess  
  
  
 
add the following at the very top of the file before everything:
 
add the following at the very top of the file before everything:
AddHandler php5-fastcgi .php Action php5-fastcgi /cgi-bin/php.fcgi  
+
AddHandler php5-fastcgi .php Action php5-fastcgi /cgi-bin/php.fcgi  
  
  
 
Make the php.fcgi file
 
Make the php.fcgi file
vim /home/(username)/public_html/cgi-bin/php.fcgi  
+
vim /home/(username)/public_html/cgi-bin/php.fcgi  
  
  
 
with the following contents:
 
with the following contents:
#!/bin/sh  
+
#!/bin/sh  
export PHP_FCGI_CHILDREN=1  
+
export PHP_FCGI_CHILDREN=1  
export PHP_FCGI_MAX_REQUESTS=10  
+
export PHP_FCGI_MAX_REQUESTS=10  
exec /usr/local/cpanel/cgi-sys/php5  
+
exec /usr/local/cpanel/cgi-sys/php5  
  
  
  
 
Also make sure that you correct the permissions on the phpini.cgi.
 
Also make sure that you correct the permissions on the phpini.cgi.
chmod +x /home/(username)/public_html/cgi-bin/php.fcgi
+
chmod +x /home/(username)/public_html/cgi-bin/php.fcgi
chown (username). /home/(username)/public_html/cgi-bin/php.fcgi  
+
chown (username). /home/(username)/public_html/cgi-bin/php.fcgi  
  
  
 
then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded:
 
then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded:
Loaded Configuration File = /home/(username)/public_html/cgi-bin/php.ini  
+
Loaded Configuration File = /home/(username)/public_html/cgi-bin/php.ini  
  
  
 
and not the main php.ini:
 
and not the main php.ini:
Loaded Configuration File = /usr/local/lib/php.ini
+
Loaded Configuration File = /usr/local/lib/php.ini
  
  
suPHP
+
===suPHP===
 
copy the global php.ini over as the base for the custom
 
copy the global php.ini over as the base for the custom
cd /home/(username)/public_html/ cp /usr/local/lib/php.ini php.ini
+
cd /home/(username)/public_html/ cp /usr/local/lib/php.ini php.ini
chown (username). php.ini  
+
chown (username). php.ini  
  
  
 
In the .htaccess in the public_html,
 
In the .htaccess in the public_html,
vim /home/(username)/public_html/.htaccess  
+
vim /home/(username)/public_html/.htaccess  
  
  
 
add the following at the very top of the file before everything:
 
add the following at the very top of the file before everything:
suPHP_ConfigPath /home/user/public_html  
+
suPHP_ConfigPath /home/user/public_html  
<Files php.ini>
+
<Files php.ini>
order allow,deny deny from all
+
order allow,deny deny from all
</Files>  
+
</Files>  
  
  
 
then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded:
 
then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded:
Loaded Configuration File = /home/(username)/public_html/php.ini  
+
Loaded Configuration File = /home/(username)/public_html/php.ini  
  
  
 
and not the main php.ini:
 
and not the main php.ini:
Loaded Configuration File = /usr/local/lib/php.ini
+
Loaded Configuration File = /usr/local/lib/php.ini
  
  
phpinfo.php
+
===phpinfo.php===
move to the directory that you want to place the phpinfo.php page then make the it:
+
move to the directory that you want to place the phpinfo.php page then make the it:
echo "<?php phpinfo(); ?>" > ./phpinfo.php && chown $(pwd | cut -d/ -f3). ./phpinfo.php
+
echo "<?php phpinfo(); ?>" > ./phpinfo.php && chown $(pwd | cut -d/ -f3). ./phpinfo.php
  
  
linzardry
+
===linzardry===
OS version
+
====OS version====
cat /etc/redhat-release  
+
cat /etc/redhat-release  
  
  
 
Linux kernel bit
 
Linux kernel bit
getconf LONG_BIT  
+
getconf LONG_BIT  
  
  
 
load script
 
load script
wget -O /root/load_chugger.sh http://trippinglizard.com/load_chugger.sh; bash /root/load_chugger.sh  
+
wget -O /root/load_chugger.sh http://trippinglizard.com/load_chugger.sh; bash /root/load_chugger.sh  
  
  
 
memory
 
memory
free -m  
+
free -m  
  
  
 
Nice output of %total Free Physical Memory + cached memory
 
Nice output of %total Free Physical Memory + cached memory
cat /proc/meminfo | perl -e 'while(<>){ if(m/^(MemTotal|MemFree|Cached)/){ m/(\d+)/; push(@foo, $1); } } printf("%.2f%% Free Physical Memory\n", ( ( $foo[1] + $foo[2]) / $foo[0] ) * 100 ) ;'
+
cat /proc/meminfo | perl -e 'while(<>){ if(m/^(MemTotal|MemFree|Cached)/){ m/(\d+)/; push(@foo, $1); } } printf("%.2f%% Free Physical Memory\n", ( ( $foo[1] + $foo[2]) / $foo[0] ) * 100 ) ;'
  
  
grep
+
====grep====
grep for != <variable>
+
grep for != <variable>
grep -v <variable>  
+
grep -v <variable>  
  
  
copy
+
====copy===
 
keep perms and owners
 
keep perms and owners
cp -rfa  
+
cp -rfa  
  
  
 
Handy bash wizardry for cp
 
Handy bash wizardry for cp
 +
 
add:
 
add:
{,<nameofbakfile>} like: {,.bak}
+
{,<nameofbakfile>} like: {,.bak}
  
  
 
or
 
or
{,.lwbak}
+
{,.lwbak}
  
  
 
to the end of the filepath. i.e.
 
to the end of the filepath. i.e.
cp /path/to/file{,<nameofbakfile>}
+
cp /path/to/file{,<nameofbakfile>}
  
  
 
would create the file:
 
would create the file:
/path/to/file<nameofbakfile>  
+
/path/to/file<nameofbakfile>  
  
  
 
example:
 
example:
cp /usr/local/lib/php.ini{,.lwbak}  
+
cp /usr/local/lib/php.ini{,.lwbak}  
  
  
 
creates the file:
 
creates the file:
/usr/local/lib/php.ini.lwbak  
+
/usr/local/lib/php.ini.lwbak  
  
  
 
Works with move (mv) also!
 
Works with move (mv) also!
Dated backups
+
====Dated backups====
cp /path/to/stuff{,.$(date +"%m-%d-%Y").bak}  
+
cp /path/to/stuff{,.$(date +"%m-%d-%Y").bak}  
  
  
awk
+
====awk====
 
It is not the size of the awk command, it is how you use it
 
It is not the size of the awk command, it is how you use it
awk is verry help for for manipulating output into handy "Kraft Cop-i-past-a-bles™" awk '{print <variables> }'  
+
awk is verry help for for manipulating output into handy "Kraft Cop-i-past-a-bles™"  
 +
 
 +
awk '{print <variables> }'  
  
  
Line 891: Line 952:
  
 
NF, The Last field
 
NF, The Last field
$NF is the last field Try mathing the "NF" variable!
+
$NF is the last field Try mathing the "NF" variable!
$(NF-n) "n" fields over from the last field *$(NF-0) the last field.
+
$(NF-n) "n" fields over from the last field *$(NF-0) the last field.
$(NF-1) second to last field etcetera!
+
$(NF-1) second to last field etcetera!
 
Example: lets grep out the time and the 1min, 5min, and 15min load averages from every loadwatch log that has triggered today:
 
Example: lets grep out the time and the 1min, 5min, and 15min load averages from every loadwatch log that has triggered today:
cat /root/loadwatch/loadwatch.$(date +"%Y-%m-%d")* |grep "top - " |awk '{print $3"\t"$(NF-2)"\t"$(NF-1)"\t"$NF}'  
+
cat /root/loadwatch/loadwatch.$(date +"%Y-%m-%d")* |grep "top - " |awk '{print $3"\t"$(NF-2)"\t"$(NF-1)"\t"$NF}'  
  
  
 
would give you output similar to:
 
would give you output similar to:
04:05:04  21.40,  10.52,  4.21  
+
04:05:04  21.40,  10.52,  4.21  
11:52:19  83.74,  50.38,  21.74  
+
11:52:19  83.74,  50.38,  21.74  
11:56:11  109.98, 79.96,  39.31  
+
11:56:11  109.98, 79.96,  39.31  
12:20:14  124.66, 66.60,  28.87  
+
12:20:14  124.66, 66.60,  28.87  
12:23:42  130.51, 103.27, 51.41  
+
12:23:42  130.51, 103.27, 51.41  
12:24:01  93.53,  96.59,  50.32  
+
12:24:01  93.53,  96.59,  50.32  
12:17:42  59.66,  31.55,  13.19
+
12:17:42  59.66,  31.55,  13.19
  
  
 
Substring
 
Substring
 
Sometimes you want to further refine just one column
 
Sometimes you want to further refine just one column
substr($column_number,Starting_Character,Number_of_Characters_After_the_Starting_Character)
+
substr($column_number,Starting_Character,Number_of_Characters_After_the_Starting_Character)
substr($3,1,5)
+
 
 +
substr($3,1,5)
 
in the previous example,
 
in the previous example,
 +
 
lets say you just wanted the time without the seconds. i.e
 
lets say you just wanted the time without the seconds. i.e
04:05
+
04:05
11:52
+
11:52
11:56
+
11:56
12:20  
+
12:20  
  
  
 
not
 
not
04:05:04
+
04:05:04
11:52:19
+
11:52:19
11:56:11
+
11:56:11
12:20:14
+
12:20:14
  
  
Line 931: Line 994:
 
but just grab five (5) characters,  
 
but just grab five (5) characters,  
 
starting at the first (1).
 
starting at the first (1).
 +
 
If statements
 
If statements
 
try using them in front of print!
 
try using them in front of print!
awk '{if ($5 > 5) print $5,$1,$2}'
+
awk '{if ($5 > 5) print $5,$1,$2}'
  
 +
if column 5 is greater than 5 print columns 5,1,and 2.
  
if column 5 is greater than 5 print columns 5,1,and 2.
 
 
Example: using sar, show anytime the one minute load was above 10 then print that load and what time it happened (also then removing the header with grep).
 
Example: using sar, show anytime the one minute load was above 10 then print that load and what time it happened (also then removing the header with grep).
sar -q | awk '{if ($5 > 10) print $5"\t"$1,$2}' |grep -v ld  
+
sar -q | awk '{if ($5 > 10) print $5"\t"$1,$2}' |grep -v ld  
  
  
 
will result in nice output like:
 
will result in nice output like:
13.35 09:30:04 AM  
+
13.35 09:30:04 AM  
16.07 11:10:17 AM
+
16.07 11:10:17 AM
10.92 11:20:02 AM
+
10.92 11:20:02 AM
 +
 
  
  
 
Field Delimiters
 
Field Delimiters
 +
 
Also you can add the -F<character> flag to specify the are the field delimiters (what separates the columns) i.e.
 
Also you can add the -F<character> flag to specify the are the field delimiters (what separates the columns) i.e.
awk -F@ '{ print $NF }'  
+
awk -F@ '{ print $NF }'  
  
  
Line 955: Line 1,021:
 
Sum of every line
 
Sum of every line
 
Adds each line... you know what sum means.
 
Adds each line... you know what sum means.
awk '{a+=$0}END{print a}'
+
awk '{a+=$0}END{print a}'
  
  
 
add just column 7
 
add just column 7
awk '{a+=$7}END{print a}'
+
awk '{a+=$7}END{print a}'
  
  
Line 965: Line 1,031:
 
This is helpful in finding a time frame.  
 
This is helpful in finding a time frame.  
 
Pipe the output of a search though
 
Pipe the output of a search though
awk 'NR==1;END{print}'  
+
awk 'NR==1;END{print}'  
  
  
 
You can also use the sed equivalent as it is shorter:
 
You can also use the sed equivalent as it is shorter:
sed -n '1p;$p'  
+
sed -n '1p;$p'  
  
  
 
but lets say you want to just print column 4 (the time stamp) from a domlog
 
but lets say you want to just print column 4 (the time stamp) from a domlog
awk 'NR==1{print$4};END{print$4}'  
+
awk 'NR==1{print$4};END{print$4}'  
  
  
 
combine the results with the output of wc of the same data and you have helpful information.
 
combine the results with the output of wc of the same data and you have helpful information.
cut
+
 
 +
====cut====
 
cut works similar to awk with the -F flag
 
cut works similar to awk with the -F flag
cut -d '<character>' -f<column-number>  
+
cut -d '<character>' -f<column-number>  
  
  
 
i.e.
 
i.e.
cut -d ':' -f2  
+
cut -d ':' -f2  
  
  
 
Would be the same as
 
Would be the same as
awk -F: '{print $2}'
+
awk -F: '{print $2}'
  
  
cut vs awk
+
====cut vs awk====
 
Cut is much quicker than awk.  
 
Cut is much quicker than awk.  
 
But awk is more powerful and has more options.
 
But awk is more powerful and has more options.
 
It is an awkward thing to say, but sometime, cut just doesn't cut it.
 
It is an awkward thing to say, but sometime, cut just doesn't cut it.
 
Puns removed for your safety
 
Puns removed for your safety
create/delete user
+
====create/delete user====
 
$user = the username you want
 
$user = the username you want
useradd $user
+
useradd $user
userdel -r $user  
+
userdel -r $user  
  
  
 
give that user a password
 
give that user a password
passwd $user  
+
passwd $user  
  
  
 
add user to the sudoer file
 
add user to the sudoer file
 
run
 
run
visudo
+
visudo
  
  
 
and add
 
and add
$user ALL=(ALL) ALL  
+
$user ALL=(ALL) ALL  
  
  
 
$user will be able to use sudo with their own password instead of root's
 
$user will be able to use sudo with their own password instead of root's
number of cores
+
====number of cores====
grep -c proc /proc/cpuinfo nproc  
+
grep -c proc /proc/cpuinfo  
 +
 
 +
nproc  
  
  
 
find and change 777 perms
 
find and change 777 perms
 +
 
change all directories and files in every user's docroot from 777 to a more appropriate 755 for directories and 644 for files
 
change all directories and files in every user's docroot from 777 to a more appropriate 755 for directories and 644 for files
find /home/*/public_html/ -type d -perm 777 -exec chmod 755 '{}' \; find /home/*/public_html/ -type f -perm 777 -exec chmod 644 '{}' \;
+
find /home/*/public_html/ -type d -perm 777 -exec chmod 755 '{}' \; find /home/*/public_html/ -type f -perm 777 -exec chmod 644 '{}' \;
  
  
 
grep ps aux better
 
grep ps aux better
ps faux | egrep 'START|<program>' | grep -v grep  
+
 
 +
ps faux | egrep 'START|<program>' | grep -v grep  
  
  
 
quick info dump
 
quick info dump
lynx -dump -width 500 localhost/whm-server-status > /home/temp/connections.txt  
+
lynx -dump -width 500 localhost/whm-server-status > /home/temp/connections.txt  
  
  
Server stats
+
====Server stats====
 
This is a super long one liner that shows several bits of handy info.
 
This is a super long one liner that shows several bits of handy info.
exec 3<&1 && bash <&3 <(curl -sq http://layer3.liquidweb.com/serverstats)  
+
exec 3<&1 && bash <&3 <(curl -sq http://layer3.liquidweb.com/serverstats)  
  
  
 
try it on your vps!
 
try it on your vps!
rsync
+
===rsync===
 
From current server to remote server
 
From current server to remote server
rsync -avH /path/to/file user@(host.domain.com-or-IP):/path/on/remote/domain  
+
rsync -avH /path/to/file user@(host.domain.com-or-IP):/path/on/remote/domain  
  
  
 
within a server
 
within a server
rsync -avH /path/to/file/to/move /path/to/destination/  
+
rsync -avH /path/to/file/to/move /path/to/destination/  
  
  
 
test it out first! use the flag --dry-run for great success in avoiding tears
 
test it out first! use the flag --dry-run for great success in avoiding tears
--dry-run
+
--dry-run
  
  
Tar .ect
+
===Tar .ect===
 
Create a tar
 
Create a tar
tar -cvf file.tar.gz /path/to/file  
+
tar -cvf file.tar.gz /path/to/file  
  
  
 
Extract a .tar.gz
 
Extract a .tar.gz
tar -zxvf filename.tar.gz
+
tar -zxvf filename.tar.gz
  
  
 
Extract a .tar
 
Extract a .tar
tar -xvf filename.tar  
+
tar -xvf filename.tar  
  
  
 
Extract a .gz
 
Extract a .gz
gunzip filename.gz  
+
gunzip filename.gz  
  
  
 
Preview the contents of a package so you can pick what to pull out
 
Preview the contents of a package so you can pick what to pull out
tar -tvzf filename.tar.gz
+
tar -tvzf filename.tar.gz
  
  
 
you can also pipe that to search for a certain folder
 
you can also pipe that to search for a certain folder
tar -tvzf filename.tar.gz | grep (folder or filename)  
+
tar -tvzf filename.tar.gz | grep (folder or filename)  
  
  
 
Extract a certain file from a backup or tar file
 
Extract a certain file from a backup or tar file
tar -xvzf filname.tar.gz /home/mike/public_html  
+
tar -xvzf filname.tar.gz /home/mike/public_html  
  
  
 
use the exact line that the previous command gave you.  
 
use the exact line that the previous command gave you.  
 
stolen shamelessly from Shooltz
 
stolen shamelessly from Shooltz
Sar
+
===Sar===
 
sar memory % free
 
sar memory % free
sar -r | egrep -v "ld|Ave|Linux" |awk -v v=$(cat /proc/meminfo |grep MemTot |awk '{print $2}') '{print $1,$2"\t"(($3+$7)/v)*100"%" }'  
+
sar -r | egrep -v "ld|Ave|Linux" |awk -v v=$(cat /proc/meminfo |grep MemTot |awk '{print $2}') '{print $1,$2"\t"(($3+$7)/v)*100"%" }'  
  
  
 
Sar shows the current day's resource usage of since the 12am server time, in ten minute(default) intervals.
 
Sar shows the current day's resource usage of since the 12am server time, in ten minute(default) intervals.
CPU utilization report:
+
====CPU utilization report:====
 
sar
 
sar
%user = Percentage of CPU utilization that occurred while executing at the user level (application).
+
%user = Percentage of CPU utilization that occurred while executing at the user level (application).
%nice = Percentage of CPU utilization that occurred while executing at the user level with nice priority.
+
%nice = Percentage of CPU utilization that occurred while executing at the user level with nice priority.
%system = Percentage of CPU utilization that occurred while executing at the system level (kernel).
+
%system = Percentage of CPU utilization that occurred while executing at the system level (kernel).
%iowait = Percentage of time that the CPU or CPUs were idle during which the system had an outstanding disk I/O request.
+
%iowait = Percentage of time that the CPU or CPUs were idle during which the system had an outstanding disk I/O request.
%idle = Percentage of time that the CPU or CPUs were idle and the system did not have an outstanding disk I/O request.
+
%idle = Percentage of time that the CPU or CPUs were idle and the system did not have an outstanding disk I/O request.
Memory usage:
+
====Memory usage:====
sar -r  
+
sar -r  
  
 +
kbmemfree = Amount of free memory available in kilobytes.
 +
kbmemused = Amount of used memory in kilobytes. This does not take into account memory used by the kernel itself.
 +
%memused = Percentage of used memory.
 +
kbbuffers = Amount of memory used as buffers by the kernel in kilobytes.
 +
kbcached = Amount of memory used to cache data by the kernel in kilobytes.
 +
kbswpfree = Amount of free swap space in kilobytes.
 +
kbswpused = Amount of used swap space in kilobytes.
 +
%swpused = Percentage of used swap space.
 +
kbswpcad = Amount of cached swap memory in kilobytes. This is memory that once was swapped out, is swapped back in but still also is in the swap area (if memory is needed it doesn't need to be swapped out again because it is already in the swap area. This saves I/O).
  
kbmemfree = Amount of free memory available in kilobytes.
+
====Load:====
kbmemused = Amount of used memory in kilobytes. This does not take into account memory used by the kernel itself.
+
sar -q  
%memused = Percentage of used memory.
 
kbbuffers = Amount of memory used as buffers by the kernel in kilobytes.
 
kbcached = Amount of memory used to cache data by the kernel in kilobytes.
 
kbswpfree = Amount of free swap space in kilobytes.
 
kbswpused = Amount of used swap space in kilobytes.
 
%swpused = Percentage of used swap space.
 
kbswpcad = Amount of cached swap memory in kilobytes. This is memory that once was swapped out, is swapped back in but still also is in the swap area (if memory is needed it doesn't need to be swapped out again because it is already in the swap area. This saves I/O).
 
Load:
 
sar -q  
 
  
 
+
runq-sz = Run queue length (number of processes waiting for run time).
runq-sz = Run queue length (number of processes waiting for run time).
+
plist-sz = Number of processes in the process list.
plist-sz = Number of processes in the process list.
+
ldavg-1 = System load average for the last minute.
ldavg-1 = System load average for the last minute.
+
ldavg-5 = System load average for the past 5 minutes.
ldavg-5 = System load average for the past 5 minutes.
+
ldavg-15 = System load average for the past 15 minutes.
ldavg-15 = System load average for the past 15 minutes.
+
Previous Days
+
====Previous Days====
 
To check previous days use the -f flag along with the file path to the data file where <XX> is the day of the month:
 
To check previous days use the -f flag along with the file path to the data file where <XX> is the day of the month:
sar -f /var/log/sa/sa<XX>  
+
sar -f /var/log/sa/sa<XX>  
  
  
 
Load averages for the fifth of the month:
 
Load averages for the fifth of the month:
sar -q -f /var/log/sa/sa05
+
sar -q -f /var/log/sa/sa05
  
  
park wrapper errors
+
===park wrapper errors===
 
search for references of the domain. here are some of the places
 
search for references of the domain. here are some of the places
 +
 
grep -R <domain.com> /var/{cpanel/{users,bandwidth},named}/ /etc/httpd/conf/httpd.conf /etc/v{aliases,domainaliases,mail}/ /etc/{trueuser{domains,owners},named.conf,{local,user}domains}/
 
grep -R <domain.com> /var/{cpanel/{users,bandwidth},named}/ /etc/httpd/conf/httpd.conf /etc/v{aliases,domainaliases,mail}/ /etc/{trueuser{domains,owners},named.conf,{local,user}domains}/
  
  
 
Then remove references to the domain. After that, remember to:
 
Then remove references to the domain. After that, remember to:
/scripts/rebuilddnsconfig  
+
/scripts/rebuilddnsconfig  
 
 
 
 
 
retry creating the domain.
 
retry creating the domain.
restoring scripts
+
===restoring scripts===
 
Back up current account
 
Back up current account
/scripts/pkgacct $username  
+
/scripts/pkgacct $username  
 
 
 
 
 
(puts it in /home/ and should be called cpmove-$) mv it out of the way. to cpmove-{USER}.tar.gz.bak
 
(puts it in /home/ and should be called cpmove-$) mv it out of the way. to cpmove-{USER}.tar.gz.bak
Restore account
+
====Restore account====
 
backup most be in home move the backup you want to restore from  
 
backup most be in home move the backup you want to restore from  
 
(must be named like one of these):
 
(must be named like one of these):
cpmove-{USER}
+
cpmove-{USER}
cpmove-{USER}.tar
+
cpmove-{USER}.tar
cpmove-{USER}.tar.gz
+
cpmove-{USER}.tar.gz
USER.tar
+
USER.tar
USER.tar.gz
+
USER.tar.gz
backup-{BACKUP-DATE_TIME}_{USER}.tar
+
backup-{BACKUP-DATE_TIME}_{USER}.tar
backup-{BACKUP-DATE_TIME}_{USER}.tar.gz  
+
backup-{BACKUP-DATE_TIME}_{USER}.tar.gz  
  
  
 
to one of the places cPanel looks:
 
to one of the places cPanel looks:
/home, /home2, /home3, /root, /usr, /usr/home, /web  
+
/home, /home2, /home3, /root, /usr, /usr/home, /web  
  
  
restore
+
====restore====
/scripts/restorepkg $username  
+
/scripts/restorepkg $username  
  
  
 
Or
 
Or
/scripts/restorepkg $username /Path/to/the/userbackup.tar.gz  
+
/scripts/restorepkg $username /Path/to/the/userbackup.tar.gz  
  
  
 
may need to kill the account if it already exists Or just use the force:
 
may need to kill the account if it already exists Or just use the force:
/scripts/restorepkg --force $username
+
/scripts/restorepkg --force $username
/scripts/restorepkg --force $username /Path/to/the/userbackup.tar.gz  
+
/scripts/restorepkg --force $username /Path/to/the/userbackup.tar.gz  
  
  
 
Remove current account
 
Remove current account
/scripts/killacct $username   
+
/scripts/killacct $username   
  
  
crontab
+
===crontab===
 
Crontab Commands
 
Crontab Commands
export EDITOR=vi  
+
export EDITOR=vi  
 
 
  
 
to specify a editor to open crontab file. Edit your crontab file, or create one if it doesn’t already exist.
 
to specify a editor to open crontab file. Edit your crontab file, or create one if it doesn’t already exist.
crontab -e  
+
crontab -e  
  
  
 
Display your crontab file.
 
Display your crontab file.
crontab -l  
+
crontab -l  
  
  
 
Remove your crontab file.
 
Remove your crontab file.
crontab -r  
+
crontab -r  
 
 
  
 
Display the last time you edited your crontab file. (This option is only available on a few systems.)
 
Display the last time you edited your crontab file. (This option is only available on a few systems.)
crontab -v  
+
crontab -v  
 
 
  
  
min  |hour |day o month |month  |day o week
+
min  |hour |day o month |month  |day o week
  
  
30  |0    |1         |1,6,12 |*         – 00:30 Hrs on 1st of Jan, June & Dec.
+
30  |0    |1         |1,6,12 |*         – 00:30 Hrs on 1st of Jan, June & Dec.
0    |20  |*         |10    |1-5         – 8.00 PM every weekday (Mon-Fri) only in Oct.  
+
0    |20  |*         |10    |1-5         – 8.00 PM every weekday (Mon-Fri) only in Oct.  
0    |0    |1,10,15    |*      |*         – midnight on 1st ,10th & 15th of month  
+
0    |0    |1,10,15    |*      |*         – midnight on 1st ,10th & 15th of month  
5,10 |0    |10         |*      |1         – At 12.05,12.10 every Monday & on 10th of every month
+
5,10 |0    |10         |*      |1         – At 12.05,12.10 every Monday & on 10th of every month
  
  
LoadParse
+
===LoadParse===
mkdir -p /scripts
+
mkdir -p /scripts
wget -O /scripts/loadparse http://layer3.liquidweb.com/scripts/loadparse.sh
+
wget -O /scripts/loadparse http://layer3.liquidweb.com/scripts/loadparse.sh
chmod +x /scripts/loadparse  
+
chmod +x /scripts/loadparse  
  
  
Line 1,215: Line 1,280:
 
LoadParse One Liners
 
LoadParse One Liners
 
these need loadparse installed Top CPU users in loadwatch logs, logged today
 
these need loadparse installed Top CPU users in loadwatch logs, logged today
cd /root/loadwatch
+
cd /root/loadwatch
for i in `ll /root/loadwatch |grep $(date +"%Y-%m-%d") |awk '{print $NF}'`; do /scripts/loadparse $i | head ; done  
+
for i in `ll /root/loadwatch |grep $(date +"%Y-%m-%d") |awk '{print $NF}'`; do /scripts/loadparse $i | head ; done  
  
  
 
Top mem users in loadwatch logs, logged today
 
Top mem users in loadwatch logs, logged today
cd /root/loadwatch
+
cd /root/loadwatch
for i in `ll /root/loadwatch |grep $(date +"%Y-%m-%d") |awk '{print $NF}'`; do /scripts/loadparse $i | sed -n '14,20p'; done
+
for i in `ll /root/loadwatch |grep $(date +"%Y-%m-%d") |awk '{print $NF}'`; do /scripts/loadparse $i | sed -n '14,20p'; done
 
 
  
 +
===wordpress===
 
reset password, username, and/or email
 
reset password, username, and/or email
get cpuser
+
get cpuser
/scripts/whoown <domain>  
+
/scripts/whoown <domain>  
  
  
 
get database name
 
get database name
grep DB_NAME /home/<cpuser>/public_html/wp-config.php  
+
grep DB_NAME /home/<cpuser>/public_html/wp-config.php  
  
  
 
mysql oneliner to update all of them on user id 1 (the admin account) remove sections not needed replace everything in <>.
 
mysql oneliner to update all of them on user id 1 (the admin account) remove sections not needed replace everything in <>.
mysql -e "UPDATE <DB_NAME>.wp_users SET user_login = '<admin>', user_pass = MD5('<Password>'), user_email = '<their email address>' WHERE wp_users.ID = 1;"  
+
mysql -e "UPDATE <DB_NAME>.wp_users SET user_login = '<admin>', user_pass = MD5('<Password>'), user_email = '<their email address>' WHERE wp_users.ID = 1;"  
  
  
Outlook and now more recently Thunderbird
+
===Outlook and now more recently Thunderbird===
 
Email clients are failing to connect servers using courier and SSL due to the key size being too small dovecot (the new default ) is fine, it is just cPanel never bothered to update courier. per nfuller techstaff email (modified)
 
Email clients are failing to connect servers using courier and SSL due to the key size being too small dovecot (the new default ) is fine, it is just cPanel never bothered to update courier. per nfuller techstaff email (modified)
echo "QUIT" | openssl s_client -connect `hostname`:995 2> /dev/null | grep 'Server Temp Key'  
+
echo "QUIT" | openssl s_client -connect `hostname`:995 2> /dev/null | grep 'Server Temp Key'  
  
  
 
will result in something like:
 
will result in something like:
Server Temp Key: DH, 768 bits  
+
Server Temp Key: DH, 768 bits  
  
  
 
If the bits is lower than 1024, like above, outlook won't connect. Thankfully this is an easy fix. Run the following one liner:
 
If the bits is lower than 1024, like above, outlook won't connect. Thankfully this is an easy fix. Run the following one liner:
cp -av /usr/lib/courier-imap/share/dhparams.pem{,.bak_768_bits} && openssl dhparam -out /usr/lib/courier-imap/share/dhparams.pem 2048  
+
cp -av /usr/lib/courier-imap/share/dhparams.pem{,.bak_768_bits} && openssl dhparam -out /usr/lib/courier-imap/share/dhparams.pem 2048  
  
  
 
That will backup the old key and create one at 2048 bits. Run the first one liner again to check your work:
 
That will backup the old key and create one at 2048 bits. Run the first one liner again to check your work:
echo "QUIT" | openssl s_client -connect `hostname`:995 2> /dev/null | grep 'Server Temp Key'  
+
echo "QUIT" | openssl s_client -connect `hostname`:995 2> /dev/null | grep 'Server Temp Key'  
  
  
 
it should result in:
 
it should result in:
Server Temp Key: DH, 2048 bits
+
Server Temp Key: DH, 2048 bits
  
  
  
what kernels you can boot from
+
===what kernels you can boot from===
awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
+
awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg

Revision as of 18:40, 5 December 2018

Recently restored from google cache!

Contents

Firewalls/Blocked IPs

APF

Blacklist

vim /etc/apf/deny_hosts.rules 

Whitelist

vim /etc/apf/allow_hosts.rules 

Config file

vim /etc/apf/conf.apf 

Restart

/etc/init.d/apf restart 

Flush IP Tables

iptables -F

CSF

Use CSF to grep the current rules for an IP

csf -g ip.add.re.ss

CSF uses maxmind geoip free databass to add Geo info to the logs. You can also manually query what CSf has stored locally, from command line:

csf -i ip.add.re.ss

Blacklist

vim /etc/csf/csf.deny 

Whitelist

vim /etc/csf/csf.allow 

Restart (both CSF and LFD)

csf -ra 

Configuration

vim /etc/csf/csf.conf 

login failure log

/var/log/lfd.log 

Fun output, IP address and the LFD trigger that got it blocked:

grep "*Blocked in csf*" /var/log/lfd.log | egrep -o '( (([0-9]{1,3}\.){3})[0-9]{1,3}|\[LF_.*)' | sed -e :a -e '$!N;s/\n\[/ \t==blocked for==\> \t\[/;ta' -e 'P;D' 


looks like

118.98.66.56    ==blocked for==> [LF_SMTPAUTH]
92.38.233.191   ==blocked for==> [LF_SSHD]
104.167.104.147 ==blocked for==> [LF_SSHD]
73.179.232.255  ==blocked for==> [LF_CPANEL]
118.163.76.38   ==blocked for==> [LF_SMTPAUTH]


cPHulk

Brute Force Protection deny/allow list edited through WHM

 Main >> Security Center >> cPHulk Brute Force Protection 

command line

Is it running?

/usr/local/cpanel/scripts/restartsrv_cphulkd --status 

stop and disable it

/usr/local/cpanel/etc/init/stopcphulkd
/usr/local/cpanel/bin/cphulk_pam_ctl --disable


Host Access Control

GUI in WHM (along with syntax/instructions):

Main >> Security Center >> Host Access Control

or edit the file directly:

/etc/hosts.allow 

keep in mind that there is

/etc/hosts.deny 

which WHM does not not touch, but this is another place IPs can be manually blocked


FTP

Passive mode issues

Determine which ftp service is in use

PureFTPd or proFTPd Then enable the use of passive ports for the FTP service being used.

By default the FTP configs will show/suggest using 30000 to 50000 this is an unnecessarily large range of ports to use open. Determine whether APF or CSF is in use. Then make sure the ports are open in the firewall. Restart the services updated. Make sure that passive mode is open in the ftp config

For PureFTPd

backup the existing conf

cp -va /etc/pure-ftpd.conf{,.$(date +"%m-%d-%Y").bak}
vim /etc/pure-ftpd.conf 

add or modify to look something like this

#Port range for passive connections replies. - for firewalling. 
PassivePortRange 30000 35000 

xor

For proFTPd

backup the existing conf

cp -va /etc/proftpd.conf{,.$(date +"%m-%d-%Y").bak}
vim /etc/proftpd.conf 

add or modify to look something like this:

PassivePorts 30000 35000

Open those ports in the firewall

For CSF

backup the existing conf

cp -va /etc/csf/csf.conf{,.$(date +"%m-%d-%Y").bak}
vim /etc/csf/csf.conf 

add

30000:35000 

(CSF's range syntax is a colon)

to the end of

# Allow incoming TCP ports
TCP_IN = "ports,moreports,otherports,30000:35000" 

xor

For APF

backup the existing conf

cp -va /etc/apf/conf.apf{,.$(date +"%m-%d-%Y").bak}
vim /etc/apf/conf.apf 

add

30000_35000

(APF's range syntax is an underscore) to the end of

# Common inbound (ingress) TCP ports 
IG_TCP_CPORTS="ports,moreports,otherports,30000_35000" 

check storm server firewall this might be blocking ports as well

restart the services

service pure-ftpd restart 
service proftpd restart 

As well as APF or CSF


cPanel

Version

/usr/local/cpanel/cpanel -V 

or check the top right of WHM \

Restart

/scripts/restartsrv_cpsrvd

force update

/scripts/upcp --force 

add spf and dkim server wide

for user in $(\ls -A /var/cpanel/users) ; do /usr/local/cpanel/bin/dkim_keys_install $user; /usr/local/cpanel/bin/spf_installer $user ; done 


bypass cpanel security questions:

echo "$(last |grep "still logged in" |awk '{print $3}')" >> /var/cpanel/userhomes/cpanel/.cpanel/securitypolicy/iplist/root
echo "10.20.4.233" >> /var/cpanel/userhomes/cpanel/.cpanel/securitypolicy/iplist/root

Chksrvd log

chekservd fails:

echo -e "\nchekservd fails\n" && egrep '\[\[check command:-\]' /var/log/chkservd.log | egrep -o '(20[0-9]{2}(-[0-9]{2}){2}\ [0-9]{2}(:[0-9]{2}){2}|[a-z]* \[\[check command:-\])'| sed 's/\[\[check command:-\]//'g 

how far back does the log go:

egrep -o '20[0-9]{2}(-[0-9]{2}){2}\ [0-9]{2}(:[0-9]{2}){2}' /var/log/chkservd.log |head -n1


Apache

ea3

Restart

/etc/init.d/httpd restart 

Tail the Error log

tail -f /usr/local/apache/logs/error_log 

Config file on cPanel boxes

vim /usr/local/apache/conf/httpd.conf 

Apache's status

service httpd status 
httpd fullstatus 

Check for Max Clients

grep MaxClients /usr/local/apache/logs/error_log ps aux | grep httpd -c; egrep 'MaxClients|ServerLimit' /usr/local/apache/conf/httpd.conf 

ea4

Config file

/etc/apache2/conf.d/httpd.conf	

Error Log

tail -f /etc/apache2/logs/error_log	

connections made per ip

netstat -tn 2>/dev/null | grep ':80space:' | awk '{print $5}' | cut -f1 -d: | sort | uniq -c | sort -rn | head

php-fpm

restart

/scripts/restartsrv_apache_php_fpm

Plesk?

tail /var/www/vhosts/<domain.com>/statistics/logs/error_log


MySQL

handy infos

config file

vim /etc/my.cnf 


Error log

tail -f /var/lib/mysql/`hostname`.err 


Restart

/systemctl status mysqld.service

/etc/init.d/mysql restart 


watch -n1 mysqladmin proc stat


Jhayhoe's list frag tables

wget -O /scripts/fragmented.sh http://layer3.liquidweb.com/scripts/jhayhoe/fragmented.sh chmod +x /scripts/fragmented.sh /scripts/fragmented.sh 


mysqlcheck

The mysqlcheck client performs table maintenance: It checks, repairs, optimizes, or analyzes tables
--all-databases, -A  Check all tables in all databases. This is the same as using the --databases option and naming all the databases on the command line.
--optimize, -o       Optimize the tables. 
--repair, -r         Perform a repair that can fix almost anything except unique keys that are not unique.
--auto-repair        If a checked table is corrupted, automatically fix it. Any necessary repairs are done after all tables have been checked. 


mysqlcheck -Aor


mysqlcheck --auto-repair --optimize --all-databases


other stuff

Shut it down and check tables

killall -9 tailwatchd
killall -9 crond
service mysql stop
find /var/lib/mysql -iname "*.MYI" -exec myisamchk -fUr {} \; service mysql restart
service crond restart
/scripts/restartsrv_tailwatchd 


Optimize each table in a For loop,

for i in $(mysql -e "show databases;" | sed 's/Database//') ; do for each in $(mysql -e "use $i; show tables;" | sed 's/Tables.*//' ;) ; do mysql -e "use $i ; optimize table $each" ; done ; done 


MyTop

it's like top for mysql (If it is installed on the server)

http://jeremy.zawodny.com/mysql/mytop/mytop-1.6.tar.gz 

mytop

innodb

what tables are using innodb

mysql -e "SELECT table_schema, table_name FROM INFORMATION_SCHEMA.TABLES WHERE engine = 'innodb';"

conf

located in

/etc/my.cnf 


Mysql Memory settings

echo -e "\n\n================Mysql Mem configured settings================" && awk '/(key|i.*b)_b.*r_(pool_)?(s.*|.*es)/{sub("="," "); print $1,$2}' /etc/my.cnf && echo -e "\n================Mysql Mem current settings================" && mysql -e "show variables" |awk '/(key|innodb)_buffer_(pool_)?(size|.*es)/{if($1~/.*es/)print$1,$2; else print$1,$2/1048576"M"}' && echo -e "\n================Mysql Mem suggested settings================" && mysql -Bse 'show variables like "datadir";'|awk '{print $2}'|xargs -I{} find {} -type f -printf "%s %f\n"|awk -F'[ ,.]' '{print $1, $NF}'|awk '{array[$2]+=$1} END {for (i in array) {printf("%-15s %s\n", sprintf("%.3f MB", array[i]/1048576), i)}}' | awk '{if($3~/MYI/)print"key_buffer_size\t\t",$1"M"};{if($3~/ibd/)a+=$1}END{print "innodb_buffer_pool_size\t",a"M"}'

Plesk

old

restart (notice the d)

/etc/init.d/mysqld restart 


This will give you the admin password to Plesk

cat /etc/psa/.psa.shadow; echo -e "\n"; 


Use this password with:

mysql -u admin -p 

watch "mysqladmin proc stat -u admin -p`cat /etc/psa/.psa.shadow`"

new

access the plesk db

plesk db

alternatively

MYSQL_PWD=$(cat /etc/psa/.psa.shadow) mysql -uadmin psa

nightly dumps of the plesk db are in

/var/lib/psa/dumps/

restoring from a backup

zcat mysql.daily.dump.0.gz | plesk db

back it up as is

plesk db dump > backup.sql

Screen

ctrl+a +d is keyboard shortcut to detach 


Error?

Directory '/var/run/screen' must have mode 777.

no prob:

chmod g+s /usr/bin/screen 

all set

List current screens

screen -ls 

Create new screen

screen -S [name] 

Attach

screen -r [screen name] 

Detach

screen -d [screen name] 

Join already attached or unattached...

screen -x [screen name] 

screen -x by itself, will join the screen if there is only one to join

EasyApache

Do before:

USR=lw.$(date +%s); FILE=/root/preEA.$USR;cp /usr/local/apache/conf/httpd.conf{,.bak.$USR}; cp /usr/local/lib/php.ini{,.bak.$USR}; touch $FILE; cat > $FILE <(echo -e "\n--Current Handler--\n" ; /usr/local/cpanel/bin/rebuild_phpconf --current ; if [ -x /usr/bin/php4 ] ;then echo -e "\n--PHP 4 Version--\n" ; php4 -v 2>&1; echo -e "\n--PHP 4 Modules--\n"; php4 -m 2>&1 ;fi;if [ -x /usr/bin/php5 ] ;then echo -e "\n--PHP 5 Version--\n"; php5 -v ; echo -e "\n--PHP 5 Modules--\n"; php5 -m;fi ;echo -e "\n--Apache Version--\n" ;/usr/local/apache/bin/httpd -V; echo -e "\n--Apache Modules--\n";/usr/local/apache/bin/httpd -l ; echo -e "\n\n--Date Created: $(date +%c)--";echo -e "\n--Configuration files--\n" ; echo "httpd.conf: /usr/local/apache/conf/httpd.conf.bak.$USR"; echo "php.ini: /usr/local/lib/php.ini.bak.$USR";) ; echo -e "\nPreEA configuration stored in \n$FILE" 


do it in a screen!

screen -S EA /scripts/easyapache


suPHPfix + suPHP

out dated

Save-state

saves the file permissions of (all|cPuser) in their current state However, This will overwrite the previous save state if done a second time! Save state is a JSON file located in:

/var/cache/suphpfix 

backup the appropriate file in this directory if you are going to run this a second time

something like

cp -rfa /var/cache/suphpfix /var/cache/$(date +"%m%d%Y").suphpfix.bak

Check the ticket to see if it was run previously !

suphpfix --save-state (all|cPuser) 


Prep all

makes the changes to the permissions suphpfix --prep (all|cPuser)

Restore-state

restores from the current save state in

/var/cache/suphpfix

suphpfix --restore-state (all|cPuser)

switch to suPHP

/usr/local/cpanel/bin/rebuild_phpconf 5 none suphp enabled 

SpamAssassin

Disable forwarding for DNSBL queries for SpamAssassin Needs more testing! sed -i.preSAfix.bak -e '1iinclude "/etc/named.disable.DNSBL.fwding.conf"; \' /etc/named.conf touch /etc/named.disable.DNSBL.fwding.conf && chown named: /etc/named.disable.DNSBL.fwding.conf cat <<EOF >> /etc/named.disable.DNSBL.fwding.conf view "DNSBL zones" { //Disable forwarding for DNSBL queries for SpamAssassin // //http://wiki.apache.org/spamassassin/CachingNameserver // //If you have a large ISP or are using large public DNS provider(s) //it is recommended you not forward mail-related DNS traffic through //their DNS servers (though non-mail DNS traffic from your site shouldn't //have problems.) With bind, this means not having any "forwarders" listed. //Or, at a minimum, you could create exemptions by //defining empty forwarders for DNSBL zones, like this: zone "multi.uribl.com" { type forward; forward first; forwarders {}; }; zone "dnsbl.sorbs.net" { type forward; forward first; forwarders {}; }; zone "combined.njabl.org" { type forward; forward first; forwarders {}; }; zone "activationcode.r.mail-abuse.com" { type forward; forward first; forwarders {}; }; zone "nonconfirm.mail-abuse.com" { type forward; forward first; forwarders {}; }; zone "iadb.isipp.com" { type forward; forward first; forwarders {}; }; zone "bl.spamcop.net" { type forward; forward first; forwarders {}; }; zone "fulldom.rfc-ignorant.org" { type forward; forward first; forwarders {}; }; zone "list.dnswl.org" { type forward; forward first; forwarders {}; }; zone "blackholes.mail-abuse.org" { type forward; forward first; forwarders {}; }; zone "bl.score.senderscore.com" { type forward; forward first; forwarders {}; }; zone "zen.spamhaus.org" { type forward; forward first; forwarders {}; }; }; EOF service named restart

SA-learn script

stolen modified from jpurkis

enable Bayes in the user_conf
use_bayes 1
bayes_auto_learn 1
bayes_min_ham_num 50
bayes_min_spam_num 50


su to the cPanel user in question and add a cronjob to run the following script, (placed where the cPanel user can access it).

#!/bin/bash 
#Find and learn spam 
find /home/$user/mail/ -type d -name ".Junk" -exec /usr/local/cpanel/3rdparty/bin/sa-learn --no-sync --spam {}/{cur,new}/ \; 
#Find and learn ham
find /home/$user/mail/ -type d -name ".non-spam" -exec /usr/local/cpanel/3rdparty/bin/sa-learn --no-sync --ham {}/{cur,new}/ \; 
#sync /usr/local/cpanel/3rdparty/bin/sa-learn --sync 
#clean out learned spam for i in $(find /home/$user/mail/ -type d -name ".Junk" ); do rm -f $i/{cur,new}/* ; done 
#remove week old spam 
for i in $(find /home/$user/mail/ -type d -name ".spam") ; do find $i/{cur,new}/ -type f -mtime +7 -exec rm -f \; ; done


exim

Mail queue cleanup

who is 'authing' the mail. This needs to be addressed first. Stop the outgoing mail then clean it up.

find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id' 


Subject lines

find /var/spool/exim/input/ -name '*-H' | xargs egrep ' Subject:'


refine the results

is all the spam authed by the same user?

find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id someuser@domain' 


or

find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id somecpuser'


or are the subject lines all the same?

find /var/spool/exim/input/ -name '*-H' | xargs egrep ' Subject: Discount spam, free' 


then pipe that to:

Regex for pulling out the mail ID

| egrep '([0-9a-zA-Z]{6}\-){2}[0-9a-zA-Z]{2}' -o 


then pipe that to the exim command to remove mail by mail id to remove previously determined the mail Removing the mail by mail ID

| xargs exim -Mrm


clear out bounces ect

find /var/spool/exim/input/ -name '*-H' | xargs egrep 'Subject: (Undelivered Mail|Mail delivery|Mail failure|Delivery Status|Returned mail|Undeliverable|failure notice|Warning: message)'| egrep [0-9a-zA-Z]{6}\-[0-9a-zA-Z]{6}\-[0-9a-zA-Z]{2} -o | xargs exim -Mrm 


Babysitting cleanup of a large queue? Make you notes look nice:

echo -e "#queue $(exim -bpc) @$(date) on $(hostname)" 


periodically run that, to get nice output, eg:

#queue 96910 @Fri Feb 27 08:28:48 EST 2015 on host.server.com
#queue 96710 @Fri Feb 27 08:28:58 EST 2015 on host.server.com
#queue 96595 @Fri Feb 27 08:29:08 EST 2015 on host.server.com 


general

restart /etc/init.d/exim restart 

what is going on

exiwhat 

number of messages in queue

exim -bpc 

start the queue

exim -q -v 


clean out default mail inbox

find /home/$(cpuser)/mail/{cur,new}/ -type f -exec rm -f \;


where $(cpuser) is the user alternatively add

-mtime +7 


to leave stuff newer than one week if the user wants to review. make cpanel interface report the correct value

/scripts/generate_maildirsize --confirm --allaccounts --verbose $(cpuser) 


log location

/var/log/exim_mainlog 


cant ping liquidweb.com? check

vim /etc/resolv.conf 

try google's resolvers 8.8.8.8


diskspace clean up

/var yum clean all 


checking usage

file system disk usage

df -h

make it fancy

df -Ph| awk '{if(0+$5>=80)print"\033[31m"$0"\033[0m"};{if($1~"Filesystem")print};{if($5<=80)print$0}' 

Summarize disk usage of each FILE, recursively for directories.

du -h --max-depth=1 


df and du discrepancy

If df and du do not agree, there is one or more processes keeping a deleted file open. df is reading it and du is not find them and kill them! Find it, make sure these can be killed, note, ect.

lsof | grep "deleted" 


nice output if the sizer is >0 i.e.

COMMAND PID SIZE NAME 


lsof | grep deleted |awk '{if ($7>0) print $1,$2"\t"$7/1024/1024"M\t" $9}' 


Kill them:

kill -15 <PID>


inodes

Plenty of open space but but the disk is still full? Check the number of inodes used no inodes = no new files

du -i 


purge_dead_comet_files:

/usr/local/cpanel/bin/purge_dead_comet_files


delete files from a list Make sure you are rm'ing the right stuff echo it first!

for i in `cat /filepath/to/listtodelete.txt`; do echo "/dir/where/files/live/$i"; done 


once you are sure, make sure again, then delete with:

for i in `cat /filepath/to/listtodelete.txt`; do rm -Rf /dir/where/files/live/$i; done

Mod sec

install LW rules

yum install lp-modsec2-rules.noarch 


copy old modsec whitelist to new one

cat /usr/local/apache/conf/modsec/00_asl_whitelist.conf > /usr/local/apache/conf/modsec2/whitelist.conf 


Modsec finder (in progress)

clear; echo "ModSec tripping"; read -p "enter IP here " IP; DATE=$(date '+%b %d'); echo -e "\n\nModSec rules triped on $DATE\nand what to whitelist:\n\n "; grep "$DATE" /usr/local/apache/logs/error_log |grep modsec |grep $IP |egrep '\[id \"[0-9]*\"\]' | egrep -o '\[id \"[0-9]*\"\]|\[uri "[^"]+"\]' |egrep -o '[0-9]{4,9}|\"((\/[A-Za-z0-9\-]*)*)\.[a-zA-Z]{3,4}\/?\"' |tr '\n' ' '| sed 's/\/\"/&\n/g' |sed 's/[a-z]\"/&\n/g'|egrep -v '^ $' |sort |uniq -c | sort -rn |awk '{print $1" instance(s) of \n\n<LocationMatch "$3">\n SecRuleRemoveById "$2 "\n</LocationMatch> \n\n"}' 

Search for modsec errors

grep -i modsec /usr/local/apache/logs/error_log | grep (enter domain here) | sed "s/$/\n/" 

grep for cust's ip or domain or whatever then append:

|grep ModSec |grep "\[id "| grep -oP '\[\w{3} \w{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}]|\[id "\d+"\]|\[uri "[^"]+"\]' | tr '\n' ' ' |sed 's/alpha:\"\]/&\n/g' |sed 's/\[id \"/\n[id "/g' 

regex for grabing out ip uri and id

egrep 'date or ip or whatever' /usr/local/apache/logs/error_log | grep -i modsec  |grep -noP '(?:(?<=client )(?:\d{1,3}\.){3}\d{1,3}(?=])|(?<=uri ")[^"]+|(?<=id ")\d+)'

regex for grabing out date, ip, uri, and id.

grep -noP '\w{3}\s\w{3}(?:\s\d{2}){2}(?::\d{2}){2}|(?<=client )(?:\d{1,3}\.){3}\d{1,3}(?=])|(?<=uri ")[^"]+|(?<=id ")\d+'

Only list them once and count multiples

grep modsec /usr/local/apache/logs/error_log |grep (enter domain here) |awk -F] '{$1=$(NF-1)="";print}'| uniq -c | sed "s/$/\n/" 


get uri and id uri is with quotes, ruleid is just the number Without quotes! add

<LocationMatch "/URI/From/Error">
SecRuleRemoveById $ruleid 
</LocationMatch> 


to (in most cases)

vim /usr/local/apache/conf/modsec2/whitelist.conf 


restart apache

/etc/init.d/httpd restart 


Plesk?

grep ModSec /var/www/vhosts/domain.com/statistics/logs/error_log 


add

<LocationMatch "/URI/From/Error">
SecRuleRemoveById $ruleid
</LocationMatch> 


to

vim /var/www/vhosts/<domain.com>/conf/vhost.conf 


or if a subdomain

vim /var/www/vhosts/<domain.com>/subdomains/<NameOfSubdomain>/conf/vhost.conf 


rebuild plesk

/usr/local/psa/admin/bin/httpdmng --reconfigure-domain then <domain.com> or <sub.domain.com> 


like:

/usr/local/psa/admin/bin/httpdmng --reconfigure-domain <sub.domain.com> 


restart apache

/etc/init.d/httpd restart 


test again:

tail -f /var/www/vhosts/domain.com/statistics/logs/error_log |grep ModSec 


Making a new rule in here define it and assign it a $ruleid

vim /usr/local/apache/conf/modsec2.user.conf 

then you can add $ruleid to

<LocationMatch "/URI/From/Error"> 
SecRuleRemoveById $ruleid 
</LocationMatch> 

like normal

PHP

php.ini

To see where the file is loading from use:

php -i |grep -i loaded 


you will get:

Loaded Configuration File => /path/to/php.ini 


in general, on cPanel it is:

vim /usr/local/lib/php.ini 


common values to change

*memory_limit = <>M 
*upload_max_filesize = <>M 
*post_max_size = <>M 
*upload_max_filesize < post_max_size 


Restart apache to have changes take effect

/etc/init.d/httpd restart


php.conf Another php configuration file. It is used with the fastCGI php handler

/usr/local/apache/conf/php.conf 


so far I've only run into "mod_fcgid: HTTP request length" value errors here. add or increase the value of

MaxRequestLen

Restart apache to have changes take effect

/etc/init.d/httpd restart 


Plesk? In Plesk, php.ini lives in the same spot it does on any non-cPanel environment: /etc/php.ini

vim /etc/php.ini 


Restart apache to have changes take effect

/etc/init.d/httpd restart


Custom php.ini

cgi and fcgi

Double check which is the current php handler

/usr/local/cpanel/bin/rebuild_phpconf --current


Also Remember to check if the account has CGI Privileges Via WHM In modify an account under Privileges If it is unchecked, this will not work and the error messages are not helpful.

CGI

First copy the php.ini over

cd /home/(username)/public_html/cgi-bin
cp /usr/local/lib/php.ini php.ini
chown (username). php.ini 


In the .htaccess in the public_html,

vim /home/(username)/public_html/.htaccess 


add the following at the very top of the file before everything:

AddHandler php-cgi .php Action php-cgi /cgi-bin/phpini.cgi 


make the phpini.cgi file

vim /home/(username)/public_html/cgi-bin/phpini.cgi 


with the following contents:

#!/bin/sh 
export PHPRC=/home/(username)/public_html/cgi-bin/php.ini 
exec /usr/local/cpanel/cgi-sys/php5 -c /home/(username)/public_html/ 


Also make sure that you correct the permissions on the phpini.cgi.

chmod +x /home/(username)/public_html/cgi-bin/phpini.cgi
chown (username). /home/(username)/public_html/cgi-bin/phpini.cgi 


then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded:

Loaded Configuration File = /home/(username)/public_html/cgi-bin/php.ini 


and not the main php.ini:

Loaded Configuration File = /usr/local/lib/php.ini


FCGI

First copy the php.ini over cd /home/(username)/public_html/cgi-bin cp /usr/local/lib/php.ini php.ini chown (username). php.ini


In the .htaccess in the public_html,

vim /home/(username)/public_html/.htaccess 


add the following at the very top of the file before everything:

AddHandler php5-fastcgi .php Action php5-fastcgi /cgi-bin/php.fcgi 


Make the php.fcgi file

vim /home/(username)/public_html/cgi-bin/php.fcgi 


with the following contents:

#!/bin/sh 
export PHP_FCGI_CHILDREN=1 
export PHP_FCGI_MAX_REQUESTS=10 
exec /usr/local/cpanel/cgi-sys/php5 


Also make sure that you correct the permissions on the phpini.cgi.

chmod +x /home/(username)/public_html/cgi-bin/php.fcgi
chown (username). /home/(username)/public_html/cgi-bin/php.fcgi 


then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded:

Loaded Configuration File = /home/(username)/public_html/cgi-bin/php.ini 


and not the main php.ini:

Loaded Configuration File = /usr/local/lib/php.ini


suPHP

copy the global php.ini over as the base for the custom

cd /home/(username)/public_html/ cp /usr/local/lib/php.ini php.ini
chown (username). php.ini 


In the .htaccess in the public_html,

vim /home/(username)/public_html/.htaccess 


add the following at the very top of the file before everything:

suPHP_ConfigPath /home/user/public_html 
<Files php.ini>
order allow,deny deny from all
</Files> 


then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded:

Loaded Configuration File = /home/(username)/public_html/php.ini 


and not the main php.ini:

Loaded Configuration File = /usr/local/lib/php.ini


phpinfo.php

move to the directory that you want to place the phpinfo.php page then make the it:
echo "<?php phpinfo(); ?>" > ./phpinfo.php && chown $(pwd | cut -d/ -f3). ./phpinfo.php


linzardry

OS version

cat /etc/redhat-release 


Linux kernel bit

getconf LONG_BIT 


load script

wget -O /root/load_chugger.sh http://trippinglizard.com/load_chugger.sh; bash /root/load_chugger.sh 


memory

free -m 


Nice output of %total Free Physical Memory + cached memory

cat /proc/meminfo | perl -e 'while(<>){ if(m/^(MemTotal|MemFree|Cached)/){ m/(\d+)/; push(@foo, $1); } } printf("%.2f%% Free Physical Memory\n", ( ( $foo[1] + $foo[2]) / $foo[0] ) * 100 ) ;'


grep

grep for != <variable>
grep -v <variable> 


=copy

keep perms and owners

cp -rfa 


Handy bash wizardry for cp

add:

{,<nameofbakfile>} like: {,.bak}


or

{,.lwbak}


to the end of the filepath. i.e.

cp /path/to/file{,<nameofbakfile>}


would create the file:

/path/to/file<nameofbakfile> 


example:

cp /usr/local/lib/php.ini{,.lwbak} 


creates the file:

/usr/local/lib/php.ini.lwbak 


Works with move (mv) also!

Dated backups

cp /path/to/stuff{,.$(date +"%m-%d-%Y").bak} 


awk

It is not the size of the awk command, it is how you use it awk is verry help for for manipulating output into handy "Kraft Cop-i-past-a-bles™"

awk '{print <variables> }' 


variables

  • $column_number *commas <,> denote spaces *echo "strings" *numbers *math operators *"\n" is a new line *"\t" is a tab


NF, The Last field

$NF is the last field Try mathing the "NF" variable!
$(NF-n) "n" fields over from the last field *$(NF-0) the last field.
$(NF-1) second to last field etcetera!

Example: lets grep out the time and the 1min, 5min, and 15min load averages from every loadwatch log that has triggered today:

cat /root/loadwatch/loadwatch.$(date +"%Y-%m-%d")* |grep "top - " |awk '{print $3"\t"$(NF-2)"\t"$(NF-1)"\t"$NF}' 


would give you output similar to:

04:05:04  21.40,  10.52,  4.21 
11:52:19  83.74,  50.38,  21.74 
11:56:11  109.98, 79.96,  39.31 
12:20:14  124.66, 66.60,  28.87 
12:23:42  130.51, 103.27, 51.41 
12:24:01  93.53,  96.59,  50.32 
12:17:42  59.66,  31.55,  13.19


Substring Sometimes you want to further refine just one column

substr($column_number,Starting_Character,Number_of_Characters_After_the_Starting_Character)
substr($3,1,5)

in the previous example,

lets say you just wanted the time without the seconds. i.e

04:05
11:52
11:56
12:20 


not

04:05:04
11:52:19
11:56:11
12:20:14


replace $3 with substr($3,1,5) still grab the third column '($3), but just grab five (5) characters, starting at the first (1).

If statements try using them in front of print!

awk '{if ($5 > 5) print $5,$1,$2}'

if column 5 is greater than 5 print columns 5,1,and 2.

Example: using sar, show anytime the one minute load was above 10 then print that load and what time it happened (also then removing the header with grep).

sar -q | awk '{if ($5 > 10) print $5"\t"$1,$2}' |grep -v ld 


will result in nice output like:

13.35 09:30:04 AM 
16.07 11:10:17 AM
10.92 11:20:02 AM


Field Delimiters

Also you can add the -F<character> flag to specify the are the field delimiters (what separates the columns) i.e.

awk -F@ '{ print $NF }' 


this would be, print everything after the last "@" Sum of every line Adds each line... you know what sum means.

awk '{a+=$0}END{print a}'


add just column 7

awk '{a+=$7}END{print a}'


First and Last line This is helpful in finding a time frame. Pipe the output of a search though

awk 'NR==1;END{print}' 


You can also use the sed equivalent as it is shorter:

sed -n '1p;$p' 


but lets say you want to just print column 4 (the time stamp) from a domlog

awk 'NR==1{print$4};END{print$4}' 


combine the results with the output of wc of the same data and you have helpful information.

cut

cut works similar to awk with the -F flag

cut -d '<character>' -f<column-number> 


i.e.

cut -d ':' -f2 


Would be the same as

awk -F: '{print $2}'


cut vs awk

Cut is much quicker than awk. But awk is more powerful and has more options. It is an awkward thing to say, but sometime, cut just doesn't cut it. Puns removed for your safety

create/delete user

$user = the username you want

useradd $user
userdel -r $user 


give that user a password

passwd $user 


add user to the sudoer file run

visudo


and add

$user ALL=(ALL) ALL 


$user will be able to use sudo with their own password instead of root's

number of cores

grep -c proc /proc/cpuinfo 
nproc 


find and change 777 perms

change all directories and files in every user's docroot from 777 to a more appropriate 755 for directories and 644 for files

find /home/*/public_html/ -type d -perm 777 -exec chmod 755 '{}' \; find /home/*/public_html/ -type f -perm 777 -exec chmod 644 '{}' \;


grep ps aux better

ps faux | egrep 'START|<program>' | grep -v grep 


quick info dump

lynx -dump -width 500 localhost/whm-server-status > /home/temp/connections.txt 


Server stats

This is a super long one liner that shows several bits of handy info.

exec 3<&1 && bash <&3 <(curl -sq http://layer3.liquidweb.com/serverstats) 


try it on your vps!

rsync

From current server to remote server

rsync -avH /path/to/file user@(host.domain.com-or-IP):/path/on/remote/domain 


within a server

rsync -avH /path/to/file/to/move /path/to/destination/ 


test it out first! use the flag --dry-run for great success in avoiding tears

--dry-run


Tar .ect

Create a tar

tar -cvf file.tar.gz /path/to/file 


Extract a .tar.gz

tar -zxvf filename.tar.gz


Extract a .tar

tar -xvf filename.tar 


Extract a .gz

gunzip filename.gz 


Preview the contents of a package so you can pick what to pull out

tar -tvzf filename.tar.gz


you can also pipe that to search for a certain folder

tar -tvzf filename.tar.gz | grep (folder or filename) 


Extract a certain file from a backup or tar file

tar -xvzf filname.tar.gz /home/mike/public_html 


use the exact line that the previous command gave you. stolen shamelessly from Shooltz

Sar

sar memory % free

sar -r | egrep -v "ld|Ave|Linux" |awk -v v=$(cat /proc/meminfo |grep MemTot |awk '{print $2}') '{print $1,$2"\t"(($3+$7)/v)*100"%" }' 


Sar shows the current day's resource usage of since the 12am server time, in ten minute(default) intervals.

CPU utilization report:

sar

%user = Percentage of CPU utilization that occurred while executing at the user level (application).
%nice = Percentage of CPU utilization that occurred while executing at the user level with nice priority.
%system = Percentage of CPU utilization that occurred while executing at the system level (kernel).
%iowait = Percentage of time that the CPU or CPUs were idle during which the system had an outstanding disk I/O request.
%idle = Percentage of time that the CPU or CPUs were idle and the system did not have an outstanding disk I/O request.

Memory usage:

sar -r 
kbmemfree = Amount of free memory available in kilobytes.
kbmemused = Amount of used memory in kilobytes. This does not take into account memory used by the kernel itself.
%memused = Percentage of used memory.
kbbuffers = Amount of memory used as buffers by the kernel in kilobytes.
kbcached = Amount of memory used to cache data by the kernel in kilobytes.
kbswpfree = Amount of free swap space in kilobytes.
kbswpused = Amount of used swap space in kilobytes.
%swpused = Percentage of used swap space.
kbswpcad = Amount of cached swap memory in kilobytes. This is memory that once was swapped out, is swapped back in but still also is in the swap area (if memory is needed it doesn't need to be swapped out again because it is already in the swap area. This saves I/O).

Load:

sar -q 
runq-sz = Run queue length (number of processes waiting for run time).
plist-sz = Number of processes in the process list.
ldavg-1 = System load average for the last minute.
ldavg-5 = System load average for the past 5 minutes.
ldavg-15 = System load average for the past 15 minutes.

Previous Days

To check previous days use the -f flag along with the file path to the data file where <XX> is the day of the month:

sar -f /var/log/sa/sa<XX> 


Load averages for the fifth of the month:

sar -q -f /var/log/sa/sa05


park wrapper errors

search for references of the domain. here are some of the places

grep -R <domain.com> /var/{cpanel/{users,bandwidth},named}/ /etc/httpd/conf/httpd.conf /etc/v{aliases,domainaliases,mail}/ /etc/{trueuser{domains,owners},named.conf,{local,user}domains}/


Then remove references to the domain. After that, remember to:

/scripts/rebuilddnsconfig 

retry creating the domain.

restoring scripts

Back up current account

/scripts/pkgacct $username 

(puts it in /home/ and should be called cpmove-$) mv it out of the way. to cpmove-{USER}.tar.gz.bak

Restore account

backup most be in home move the backup you want to restore from (must be named like one of these):

cpmove-{USER}
cpmove-{USER}.tar
cpmove-{USER}.tar.gz
USER.tar
USER.tar.gz
backup-{BACKUP-DATE_TIME}_{USER}.tar
backup-{BACKUP-DATE_TIME}_{USER}.tar.gz 


to one of the places cPanel looks:

/home, /home2, /home3, /root, /usr, /usr/home, /web 


restore

/scripts/restorepkg $username 


Or

/scripts/restorepkg $username /Path/to/the/userbackup.tar.gz 


may need to kill the account if it already exists Or just use the force:

/scripts/restorepkg --force $username
/scripts/restorepkg --force $username /Path/to/the/userbackup.tar.gz 


Remove current account

/scripts/killacct $username  


crontab

Crontab Commands

export EDITOR=vi 

to specify a editor to open crontab file. Edit your crontab file, or create one if it doesn’t already exist.

crontab -e 


Display your crontab file.

crontab -l 


Remove your crontab file.

crontab -r 

Display the last time you edited your crontab file. (This option is only available on a few systems.)

crontab -v 


min  |hour |day o month |month  |day o week


30   |0    |1	        |1,6,12 |*	         – 00:30 Hrs on 1st of Jan, June & Dec.
0    |20   |*	        |10     |1-5	         – 8.00 PM every weekday (Mon-Fri) only in Oct. 
0    |0    |1,10,15     |*      |*	         – midnight on 1st ,10th & 15th of month 
5,10 |0    |10	        |*      |1	         – At 12.05,12.10 every Monday & on 10th of every month


LoadParse

mkdir -p /scripts
wget -O /scripts/loadparse http://layer3.liquidweb.com/scripts/loadparse.sh
chmod +x /scripts/loadparse 


LoadParse One Liners these need loadparse installed Top CPU users in loadwatch logs, logged today

cd /root/loadwatch
for i in `ll /root/loadwatch |grep $(date +"%Y-%m-%d") |awk '{print $NF}'`; do /scripts/loadparse $i | head ; done 


Top mem users in loadwatch logs, logged today

cd /root/loadwatch
for i in `ll /root/loadwatch |grep $(date +"%Y-%m-%d") |awk '{print $NF}'`; do /scripts/loadparse $i | sed -n '14,20p'; done

wordpress

reset password, username, and/or email

get cpuser
/scripts/whoown <domain> 


get database name

grep DB_NAME /home/<cpuser>/public_html/wp-config.php 


mysql oneliner to update all of them on user id 1 (the admin account) remove sections not needed replace everything in <>.

mysql -e "UPDATE <DB_NAME>.wp_users SET user_login = '<admin>', user_pass = MD5('<Password>'), user_email = '<their email address>' WHERE wp_users.ID = 1;" 


Outlook and now more recently Thunderbird

Email clients are failing to connect servers using courier and SSL due to the key size being too small dovecot (the new default ) is fine, it is just cPanel never bothered to update courier. per nfuller techstaff email (modified)

echo "QUIT" | openssl s_client -connect `hostname`:995 2> /dev/null | grep 'Server Temp Key' 


will result in something like:

Server Temp Key: DH, 768 bits 


If the bits is lower than 1024, like above, outlook won't connect. Thankfully this is an easy fix. Run the following one liner:

cp -av /usr/lib/courier-imap/share/dhparams.pem{,.bak_768_bits} && openssl dhparam -out /usr/lib/courier-imap/share/dhparams.pem 2048 


That will backup the old key and create one at 2048 bits. Run the first one liner again to check your work:

echo "QUIT" | openssl s_client -connect `hostname`:995 2> /dev/null | grep 'Server Temp Key' 


it should result in:

Server Temp Key: DH, 2048 bits


what kernels you can boot from

awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg