Wiki.onotech.org onotech_mw751 https://wiki.onotech.org/index.php?title=Main_Page MediaWiki 1.27.7 first-letter Media Special Talk User User talk talk File File talk MediaWiki MediaWiki talk Template Template talk Help Help talk Category Category talk Main Page 0 1 97 96 2020-05-20T13:54:13Z Conofrio 1 /* awk */ wikitext text/x-wiki Recently restored from google cache! <!-- This is a coasdffffasdfasdfasdfasdfasddfasfffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdffffasdfdfgdfgsdfgagsdfgsdfgsdfgsdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffsdfgsdfgsdfgsdfgsdfgsdfsdfgsdfggsdfgfffffffffffffffffasdffffasdfasdfasdfasdffffffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffasdfasdfasddfasfffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdffffasdfdfgdfgsdfgagsdfgsdfgsdfgsdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffsdfgsdfgsdfgsdfgsdfgsdfsdfgsdfggsdfgfffffffffffffffffasdffffasdfasdfasdfasdffffffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffsdfgsdfgdfffffffsdfgsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasfasdfasdfasddfasfffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdffffasdfdfgdfgsdfgagsdfgsdfgsdfgsdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffasdfasdfasddfasfffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdffffasdfdfgdfgsdfgagsdfgsdfgsdfgsdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffsdfgsdfgsdfgsdfgsdfgsdfsdfgsdfggsdfgfffffffffffffffffasdffffasdfasdfasdfasdffffffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffsdfgsdfgdfffffffsdfgsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfasdfasdfafasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdfasdfasddfasfffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdffffasdfdfgdfgsdfgagsdfgsdfgsdfgsdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffsdfgsdfgsdfgsdfgsdfgsdfsdfgsdfggsdfgfffffffffffffffffasdffffasdfasdfasdfasdffffffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffsdfgsdfgdfffffffsdfgsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfasdfasdfafasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdfasdfasddfasfffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdffffasdfdfgdfgsdfgagsdfgsdfgsdfgsdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffsdfgsdfgsdfgsdfgsdfgsdfsdfgsdfggsdfgfffffffffffffffffasdffffasdfasdfasdfasdffffffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffsdfgsdfgdfffffffsdfgsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfasdfasdfafasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdfasdfasddfasfffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffasdffffasdfdfgdfgsdfgagsdfgsdfgsdfgsdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffsdfgsdfgsdfgsdfgsdfgsdfsdfgsdfggsdfgfffffffffffffffffasdffffasdfasdfasdfasdffffffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffsdfgsdfgdfffffffsdfgsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfasdfasdfafasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffsdfgsdfgsdfgsdfgsdfgsdfsdfgsdfggsdfgfffffffffffffffffasdffffasdfasdfasdfasdffffffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasffffffffffffffffffffffffffffffffffsdfgsdfgdfffffffsdfgsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfasdfasdfafasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfasdfasdfafasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffsdfgsdfgdfffffffsdfgsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfffffffffffffffffffsdfasdfasdfasffffffffffffffffffffffffffffffffffffffffffasdffffasdfasdfasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffsdfgsdfgfffffffffffffffffffffffffasdffffasdfasdfasdfasdfafasdfasdfasdfasffffffffasdfasdfasdfasdfasdfasfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffmment --> = Firewalls/Blocked IPs = ==APF== Blacklist vim /etc/apf/deny_hosts.rules Whitelist vim /etc/apf/allow_hosts.rules Config file vim /etc/apf/conf.apf Restart /etc/init.d/apf restart Flush IP Tables iptables -F ==CSF== Use CSF to grep the current rules for an IP csf -g ip.add.re.ss CSF uses maxmind geoip free databass to add Geo info to the logs. You can also manually query what CSf has stored locally, from command line: csf -i ip.add.re.ss Blacklist vim /etc/csf/csf.deny Whitelist vim /etc/csf/csf.allow Restart (both CSF and LFD) csf -ra Configuration vim /etc/csf/csf.conf login failure log /var/log/lfd.log Fun output, IP address and the LFD trigger that got it blocked: grep "*Blocked in csf*" /var/log/lfd.log | egrep -o '( (([0-9]{1,3}\.){3})[0-9]{1,3}|\[LF_.*)' | sed -e :a -e '$!N;s/\n\[/ \t==blocked for==\> \t\[/;ta' -e 'P;D' looks like 118.98.66.56 ==blocked for==> [LF_SMTPAUTH] 92.38.233.191 ==blocked for==> [LF_SSHD] 104.167.104.147 ==blocked for==> [LF_SSHD] 73.179.232.255 ==blocked for==> [LF_CPANEL] 118.163.76.38 ==blocked for==> [LF_SMTPAUTH] ==cPHulk== Brute Force Protection deny/allow list edited through WHM Main >> Security Center >> cPHulk Brute Force Protection ===command line=== Is it running? /usr/local/cpanel/scripts/restartsrv_cphulkd --status stop and disable it /usr/local/cpanel/etc/init/stopcphulkd /usr/local/cpanel/bin/cphulk_pam_ctl --disable ==Host Access Control== GUI in WHM (along with syntax/instructions): Main >> Security Center >> Host Access Control or edit the file directly: /etc/hosts.allow keep in mind that there is /etc/hosts.deny which WHM does not not touch, but this is another place IPs can be manually blocked ==FTP== ===Passive mode issues=== ====Determine which ftp service is in use==== '''PureFTPd''' or '''proFTPd''' Then enable the use of passive ports for the FTP service being used. By default the FTP configs will show/suggest using 30000 to 50000 this is an unnecessarily large range of ports to use open. Determine whether APF or CSF is in use. Then make sure the ports are open in the firewall. Restart the services updated. Make sure that passive mode is open in the ftp config =====For PureFTPd===== backup the existing conf cp -va /etc/pure-ftpd.conf{,.$(date +"%m-%d-%Y").bak} vim /etc/pure-ftpd.conf add or modify to look something like this #Port range for passive connections replies. - for firewalling. PassivePortRange 30000 35000 xor =====For proFTPd===== backup the existing conf cp -va /etc/proftpd.conf{,.$(date +"%m-%d-%Y").bak} vim /etc/proftpd.conf add or modify to look something like this: PassivePorts 30000 35000 ===Open those ports in the firewall=== ====For CSF==== backup the existing conf cp -va /etc/csf/csf.conf{,.$(date +"%m-%d-%Y").bak} vim /etc/csf/csf.conf add 30000:35000 (CSF's range syntax is a colon) to the end of # Allow incoming TCP ports TCP_IN = "ports,moreports,otherports,30000:35000" xor ====For APF==== backup the existing conf cp -va /etc/apf/conf.apf{,.$(date +"%m-%d-%Y").bak} vim /etc/apf/conf.apf add 30000_35000 (APF's range syntax is an underscore) to the end of # Common inbound (ingress) TCP ports IG_TCP_CPORTS="ports,moreports,otherports,30000_35000" '''check storm server firewall''' this might be blocking ports as well ====restart the services==== service pure-ftpd restart service proftpd restart As well as APF or CSF ==cPanel== Version /usr/local/cpanel/cpanel -V or check the top right of WHM \ Restart /scripts/restartsrv_cpsrvd force update /scripts/upcp --force add spf and dkim server wide for user in $(\ls -A /var/cpanel/users) ; do /usr/local/cpanel/bin/dkim_keys_install $user; /usr/local/cpanel/bin/spf_installer $user ; done bypass cpanel security questions: echo "$(last |grep "still logged in" |awk '{print $3}')" >> /var/cpanel/userhomes/cpanel/.cpanel/securitypolicy/iplist/root echo "10.20.4.233" >> /var/cpanel/userhomes/cpanel/.cpanel/securitypolicy/iplist/root ==Chksrvd log== chekservd fails: echo -e "\nchekservd fails\n" && egrep '\[\[check command:-\]' /var/log/chkservd.log | egrep -o '(20[0-9]{2}(-[0-9]{2}){2}\ [0-9]{2}(:[0-9]{2}){2}|[a-z]* \[\[check command:-\])'| sed 's/\[\[check command:-\]//'g how far back does the log go: egrep -o '20[0-9]{2}(-[0-9]{2}){2}\ [0-9]{2}(:[0-9]{2}){2}' /var/log/chkservd.log |head -n1 ==Apache== ===ea3=== Restart /etc/init.d/httpd restart Tail the Error log tail -f /usr/local/apache/logs/error_log Config file on cPanel boxes vim /usr/local/apache/conf/httpd.conf Apache's status service httpd status httpd fullstatus Check for Max Clients grep MaxClients /usr/local/apache/logs/error_log ps aux | grep httpd -c; egrep 'MaxClients|ServerLimit' /usr/local/apache/conf/httpd.conf ===ea4=== Config file /etc/apache2/conf.d/httpd.conf Error Log tail -f /etc/apache2/logs/error_log connections made per ip netstat -tn 2>/dev/null | grep ':80[[:space:]]' | awk '{print $5}' | cut -f1 -d: | sort | uniq -c | sort -rn | head ===php-fpm=== restart /scripts/restartsrv_apache_php_fpm ===Plesk?=== tail /var/www/vhosts/<domain.com>/statistics/logs/error_log ==MySQL== ===handy infos=== config file vim /etc/my.cnf Error log tail -f /var/lib/mysql/`hostname`.err Restart /systemctl status mysqld.service /etc/init.d/mysql restart watch -n1 mysqladmin proc stat Jhayhoe's list frag tables wget -O /scripts/fragmented.sh http://layer3.liquidweb.com/scripts/jhayhoe/fragmented.sh chmod +x /scripts/fragmented.sh /scripts/fragmented.sh mysqlcheck The mysqlcheck client performs table maintenance: It checks, repairs, optimizes, or analyzes tables --all-databases, -A Check all tables in all databases. This is the same as using the --databases option and naming all the databases on the command line. --optimize, -o Optimize the tables. --repair, -r Perform a repair that can fix almost anything except unique keys that are not unique. --auto-repair If a checked table is corrupted, automatically fix it. Any necessary repairs are done after all tables have been checked. mysqlcheck -Aor mysqlcheck --auto-repair --optimize --all-databases ===other stuff=== Shut it down and check tables killall -9 tailwatchd killall -9 crond service mysql stop find /var/lib/mysql -iname "*.MYI" -exec myisamchk -fUr {} \; service mysql restart service crond restart /scripts/restartsrv_tailwatchd Optimize each table in a For loop, for i in $(mysql -e "show databases;" | sed 's/Database//') ; do for each in $(mysql -e "use $i; show tables;" | sed 's/Tables.*//' ;) ; do mysql -e "use $i ; optimize table $each" ; done ; done ===MyTop=== it's like top for mysql (If it is installed on the server) http://jeremy.zawodny.com/mysql/mytop/mytop-1.6.tar.gz mytop ===innodb=== what tables are using innodb mysql -e "SELECT table_schema, table_name FROM INFORMATION_SCHEMA.TABLES WHERE engine = 'innodb';" conf located in /etc/my.cnf ===Mysql Memory settings=== echo -e "\n\n================Mysql Mem configured settings================" && awk '/(key|i.*b)_b.*r_(pool_)?(s.*|.*es)/{sub("="," "); print $1,$2}' /etc/my.cnf && echo -e "\n================Mysql Mem current settings================" && mysql -e "show variables" |awk '/(key|innodb)_buffer_(pool_)?(size|.*es)/{if($1~/.*es/)print$1,$2; else print$1,$2/1048576"M"}' && echo -e "\n================Mysql Mem suggested settings================" && mysql -Bse 'show variables like "datadir";'|awk '{print $2}'|xargs -I{} find {} -type f -printf "%s %f\n"|awk -F'[ ,.]' '{print $1, $NF}'|awk '{array[$2]+=$1} END {for (i in array) {printf("%-15s %s\n", sprintf("%.3f MB", array[i]/1048576), i)}}' | awk '{if($3~/MYI/)print"key_buffer_size\t\t",$1"M"};{if($3~/ibd/)a+=$1}END{print "innodb_buffer_pool_size\t",a"M"}' ===Plesk=== ====old==== restart (notice the d) /etc/init.d/mysqld restart This will give you the admin password to Plesk cat /etc/psa/.psa.shadow; echo -e "\n"; Use this password with: mysql -u admin -p watch "mysqladmin proc stat -u admin -p`cat /etc/psa/.psa.shadow`" ====new==== access the plesk db plesk db alternatively MYSQL_PWD=$(cat /etc/psa/.psa.shadow) mysql -uadmin psa nightly dumps of the plesk db are in /var/lib/psa/dumps/ restoring from a backup zcat mysql.daily.dump.0.gz | plesk db back it up as is plesk db dump > backup.sql ===Screen=== ctrl+a +d is keyboard shortcut to detach ====Error?==== Directory '/var/run/screen' must have mode 777. no prob: chmod g+s /usr/bin/screen all set List current screens screen -ls Create new screen screen -S [name] Attach screen -r [screen name] Detach screen -d [screen name] Join already attached or unattached... screen -x [screen name] screen -x by itself, will join the screen if there is only one to join ===EasyApache=== Do before: USR=lw.$(date +%s); FILE=/root/preEA.$USR;cp /usr/local/apache/conf/httpd.conf{,.bak.$USR}; cp /usr/local/lib/php.ini{,.bak.$USR}; touch $FILE; cat > $FILE <(echo -e "\n--Current Handler--\n" ; /usr/local/cpanel/bin/rebuild_phpconf --current ; if [ -x /usr/bin/php4 ] ;then echo -e "\n--PHP 4 Version--\n" ; php4 -v 2>&1; echo -e "\n--PHP 4 Modules--\n"; php4 -m 2>&1 ;fi;if [ -x /usr/bin/php5 ] ;then echo -e "\n--PHP 5 Version--\n"; php5 -v ; echo -e "\n--PHP 5 Modules--\n"; php5 -m;fi ;echo -e "\n--Apache Version--\n" ;/usr/local/apache/bin/httpd -V; echo -e "\n--Apache Modules--\n";/usr/local/apache/bin/httpd -l ; echo -e "\n\n--Date Created: $(date +%c)--";echo -e "\n--Configuration files--\n" ; echo "httpd.conf: /usr/local/apache/conf/httpd.conf.bak.$USR"; echo "php.ini: /usr/local/lib/php.ini.bak.$USR";) ; echo -e "\nPreEA configuration stored in \n$FILE" do it in a screen! screen -S EA /scripts/easyapache ===suPHPfix + suPHP=== out dated ====Save-state==== saves the file permissions of (all|cPuser) in their current state However, This will overwrite the previous save state if done a second time! Save state is a JSON file located in: /var/cache/suphpfix backup the appropriate file in this directory if you are going to run this a second time something like cp -rfa /var/cache/suphpfix /var/cache/$(date +"%m%d%Y").suphpfix.bak Check the ticket to see if it was run previously ! suphpfix --save-state (all|cPuser) ====Prep all==== makes the changes to the permissions suphpfix --prep (all|cPuser) ====Restore-state==== restores from the current save state in /var/cache/suphpfix suphpfix --restore-state (all|cPuser) switch to suPHP /usr/local/cpanel/bin/rebuild_phpconf 5 none suphp enabled ====SpamAssassin==== Disable forwarding for DNSBL queries for SpamAssassin Needs more testing! <nowiki> sed -i.preSAfix.bak -e '1iinclude "/etc/named.disable.DNSBL.fwding.conf"; \' /etc/named.conf touch /etc/named.disable.DNSBL.fwding.conf && chown named: /etc/named.disable.DNSBL.fwding.conf cat <<EOF >> /etc/named.disable.DNSBL.fwding.conf view "DNSBL zones" { //Disable forwarding for DNSBL queries for SpamAssassin // //http://wiki.apache.org/spamassassin/CachingNameserver // //If you have a large ISP or are using large public DNS provider(s) //it is recommended you not forward mail-related DNS traffic through //their DNS servers (though non-mail DNS traffic from your site shouldn't //have problems.) With bind, this means not having any "forwarders" listed. //Or, at a minimum, you could create exemptions by //defining empty forwarders for DNSBL zones, like this: zone "multi.uribl.com" { type forward; forward first; forwarders {}; }; zone "dnsbl.sorbs.net" { type forward; forward first; forwarders {}; }; zone "combined.njabl.org" { type forward; forward first; forwarders {}; }; zone "activationcode.r.mail-abuse.com" { type forward; forward first; forwarders {}; }; zone "nonconfirm.mail-abuse.com" { type forward; forward first; forwarders {}; }; zone "iadb.isipp.com" { type forward; forward first; forwarders {}; }; zone "bl.spamcop.net" { type forward; forward first; forwarders {}; }; zone "fulldom.rfc-ignorant.org" { type forward; forward first; forwarders {}; }; zone "list.dnswl.org" { type forward; forward first; forwarders {}; }; zone "blackholes.mail-abuse.org" { type forward; forward first; forwarders {}; }; zone "bl.score.senderscore.com" { type forward; forward first; forwarders {}; }; zone "zen.spamhaus.org" { type forward; forward first; forwarders {}; }; }; EOF service named restart </nowiki> ====SA-learn script==== stolen modified from jpurkis enable Bayes in the user_conf use_bayes 1 bayes_auto_learn 1 bayes_min_ham_num 50 bayes_min_spam_num 50 su to the cPanel user in question and add a cronjob to run the following script, (placed where the cPanel user can access it). #!/bin/bash #Find and learn spam find /home/$user/mail/ -type d -name ".Junk" -exec /usr/local/cpanel/3rdparty/bin/sa-learn --no-sync --spam {}/{cur,new}/ \; #Find and learn ham find /home/$user/mail/ -type d -name ".non-spam" -exec /usr/local/cpanel/3rdparty/bin/sa-learn --no-sync --ham {}/{cur,new}/ \; #sync /usr/local/cpanel/3rdparty/bin/sa-learn --sync #clean out learned spam for i in $(find /home/$user/mail/ -type d -name ".Junk" ); do rm -f $i/{cur,new}/* ; done #remove week old spam for i in $(find /home/$user/mail/ -type d -name ".spam") ; do find $i/{cur,new}/ -type f -mtime +7 -exec rm -f \; ; done ===exim=== ====Mail queue cleanup==== who is 'authing' the mail. This needs to be addressed first. Stop the outgoing mail then clean it up. find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id' Subject lines find /var/spool/exim/input/ -name '*-H' | xargs egrep ' Subject:' =====refine the results===== is all the spam authed by the same user? find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id someuser@domain' or find /var/spool/exim/input/ -name '*-H' | xargs egrep 'auth_id somecpuser' or are the subject lines all the same? find /var/spool/exim/input/ -name '*-H' | xargs egrep ' Subject: Discount spam, free' =====then pipe that to:===== Regex for pulling out the mail ID | egrep '([0-9a-zA-Z]{6}\-){2}[0-9a-zA-Z]{2}' -o then pipe that to the exim command to remove mail by mail id to remove previously determined the mail Removing the mail by mail ID | xargs exim -Mrm =====clear out bounces ect===== find /var/spool/exim/input/ -name '*-H' | xargs egrep 'Subject: (Undelivered Mail|Mail delivery|Mail failure|Delivery Status|Returned mail|Undeliverable|failure notice|Warning: message)'| egrep [0-9a-zA-Z]{6}\-[0-9a-zA-Z]{6}\-[0-9a-zA-Z]{2} -o | xargs exim -Mrm =====Babysitting cleanup of a large queue?===== Make you notes look nice: echo -e "#queue $(exim -bpc) @$(date) on $(hostname)" periodically run that, to get nice output, eg: #queue 96910 @Fri Feb 27 08:28:48 EST 2015 on host.server.com #queue 96710 @Fri Feb 27 08:28:58 EST 2015 on host.server.com #queue 96595 @Fri Feb 27 08:29:08 EST 2015 on host.server.com ===general=== restart /etc/init.d/exim restart ====what is going on==== exiwhat ====number of messages in queue==== exim -bpc ====start the queue==== exim -q -v ==clean out default mail inbox== find /home/$(cpuser)/mail/{cur,new}/ -type f -exec rm -f \; where $(cpuser) is the user alternatively add -mtime +7 to leave stuff newer than one week if the user wants to review. make cpanel interface report the correct value /scripts/generate_maildirsize --confirm --allaccounts --verbose $(cpuser) log location /var/log/exim_mainlog cant ping liquidweb.com? check vim /etc/resolv.conf try google's resolvers 8.8.8.8 =list all mailbox users and disk/quotas= for cPUser in `\ls -A1 /var/cpanel/users|grep -v ^system$` ;do echo \ "${cPUser}"\ ; sudo -u "${cPUser}" /usr/local/cpanel/cpanel-email listpopswithdisk | awk -F"===|/" '{print$1"\n>Used:\t\t\t\t\t\t"$2"\n>Quota: "$3}' |numfmt --to=si --field 2 --invalid=ignore ;done ==diskspace clean up== /var yum clean all checking usage file system disk usage df -h make it fancy df -Ph| awk '{if(0+$5>=80)print"\033[31m"$0"\033[0m"};{if($1~"Filesystem")print};{if($5<=80)print$0}' Summarize disk usage of each FILE, recursively for directories. du -h --max-depth=1 ====df and du discrepancy==== If df and du do not agree, there is one or more processes keeping a deleted file open. df is reading it and du is not find them and kill them! Find it, make sure these can be killed, note, ect. lsof | grep "deleted" nice output if the sizer is >0 i.e. COMMAND PID SIZE NAME lsof | grep deleted |awk '{if ($7>0) print $1,$2"\t"$7/1024/1024"M\t" $9}' Kill them: kill -15 <PID> ====inodes==== Plenty of open space but but the disk is still full? Check the number of inodes used no inodes = no new files du -i purge_dead_comet_files: /usr/local/cpanel/bin/purge_dead_comet_files delete files from a list Make sure you are rm'ing the right stuff echo it first! for i in `cat /filepath/to/listtodelete.txt`; do echo "/dir/where/files/live/$i"; done once you are sure, make sure again, then delete with: for i in `cat /filepath/to/listtodelete.txt`; do rm -Rf /dir/where/files/live/$i; done ===Mod sec=== install LW rules yum install lp-modsec2-rules.noarch copy old modsec whitelist to new one cat /usr/local/apache/conf/modsec/00_asl_whitelist.conf > /usr/local/apache/conf/modsec2/whitelist.conf Modsec finder (in progress) clear; echo "ModSec tripping"; read -p "enter IP here " IP; DATE=$(date '+%b %d'); echo -e "\n\nModSec rules triped on $DATE\nand what to whitelist:\n\n "; grep "$DATE" /usr/local/apache/logs/error_log |grep modsec |grep $IP |egrep '\[id \"[0-9]*\"\]' | egrep -o '\[id \"[0-9]*\"\]|\[uri "[^"]+"\]' |egrep -o '[0-9]{4,9}|\"((\/[A-Za-z0-9\-]*)*)\.[a-zA-Z]{3,4}\/?\"' |tr '\n' ' '| sed 's/\/\"/&\n/g' |sed 's/[a-z]\"/&\n/g'|egrep -v '^ $' |sort |uniq -c | sort -rn |awk '{print $1" instance(s) of \n\n<LocationMatch "$3">\n SecRuleRemoveById "$2 "\n</LocationMatch> \n\n"}' Search for modsec errors grep -i modsec /usr/local/apache/logs/error_log | grep (enter domain here) | sed "s/$/\n/" grep for cust's ip or domain or whatever then append: |grep ModSec |grep "\[id "| grep -oP '\[\w{3} \w{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}]|\[id "\d+"\]|\[uri "[^"]+"\]' | tr '\n' ' ' |sed 's/alpha:\"\]/&\n/g' |sed 's/\[id \"/\n[id "/g' regex for grabing out ip uri and id egrep 'date or ip or whatever' /usr/local/apache/logs/error_log | grep -i modsec |grep -noP '(?:(?<=client )(?:\d{1,3}\.){3}\d{1,3}(?=])|(?<=uri ")[^"]+|(?<=id ")\d+)' regex for grabing out date, ip, uri, and id. grep -noP '\w{3}\s\w{3}(?:\s\d{2}){2}(?::\d{2}){2}|(?<=client )(?:\d{1,3}\.){3}\d{1,3}(?=])|(?<=uri ")[^"]+|(?<=id ")\d+' Only list them once and count multiples grep modsec /usr/local/apache/logs/error_log |grep (enter domain here) |awk -F] '{$1=$(NF-1)="";print}'| uniq -c | sed "s/$/\n/" get uri and id uri is with quotes, ruleid is just the number Without quotes! add <LocationMatch "/URI/From/Error"> SecRuleRemoveById $ruleid </LocationMatch> to (in most cases) vim /usr/local/apache/conf/modsec2/whitelist.conf restart apache /etc/init.d/httpd restart Plesk? grep ModSec /var/www/vhosts/domain.com/statistics/logs/error_log add <LocationMatch "/URI/From/Error"> SecRuleRemoveById $ruleid </LocationMatch> to vim /var/www/vhosts/<domain.com>/conf/vhost.conf or if a subdomain vim /var/www/vhosts/<domain.com>/subdomains/<NameOfSubdomain>/conf/vhost.conf rebuild plesk /usr/local/psa/admin/bin/httpdmng --reconfigure-domain then <domain.com> or <sub.domain.com> like: /usr/local/psa/admin/bin/httpdmng --reconfigure-domain <sub.domain.com> restart apache /etc/init.d/httpd restart test again: tail -f /var/www/vhosts/domain.com/statistics/logs/error_log |grep ModSec Making a new rule in here define it and assign it a $ruleid vim /usr/local/apache/conf/modsec2.user.conf then you can add $ruleid to <LocationMatch "/URI/From/Error"> SecRuleRemoveById $ruleid </LocationMatch> like normal ===PHP=== php.ini To see where the file is loading from use: php -i |grep -i loaded you will get: Loaded Configuration File => /path/to/php.ini in general, on cPanel it is: vim /usr/local/lib/php.ini common values to change *memory_limit = <>M *upload_max_filesize = <>M *post_max_size = <>M *upload_max_filesize < post_max_size Restart apache to have changes take effect /etc/init.d/httpd restart php.conf Another php configuration file. It is used with the fastCGI php handler /usr/local/apache/conf/php.conf so far I've only run into "mod_fcgid: HTTP request length" value errors here. add or increase the value of MaxRequestLen Restart apache to have changes take effect /etc/init.d/httpd restart Plesk? In Plesk, php.ini lives in the same spot it does on any non-cPanel environment: /etc/php.ini vim /etc/php.ini Restart apache to have changes take effect /etc/init.d/httpd restart ===Custom php.ini=== cgi and fcgi Double check which is the current php handler /usr/local/cpanel/bin/rebuild_phpconf --current Also Remember to check if the account has CGI Privileges Via WHM In modify an account under Privileges If it is unchecked, this will not work and the error messages are not helpful. ====CGI==== First copy the php.ini over cd /home/(username)/public_html/cgi-bin cp /usr/local/lib/php.ini php.ini chown (username). php.ini In the .htaccess in the public_html, vim /home/(username)/public_html/.htaccess add the following at the very top of the file before everything: AddHandler php-cgi .php Action php-cgi /cgi-bin/phpini.cgi make the phpini.cgi file vim /home/(username)/public_html/cgi-bin/phpini.cgi with the following contents: #!/bin/sh export PHPRC=/home/(username)/public_html/cgi-bin/php.ini exec /usr/local/cpanel/cgi-sys/php5 -c /home/(username)/public_html/ Also make sure that you correct the permissions on the phpini.cgi. chmod +x /home/(username)/public_html/cgi-bin/phpini.cgi chown (username). /home/(username)/public_html/cgi-bin/phpini.cgi then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded: Loaded Configuration File = /home/(username)/public_html/cgi-bin/php.ini and not the main php.ini: Loaded Configuration File = /usr/local/lib/php.ini ====FCGI==== First copy the php.ini over cd /home/(username)/public_html/cgi-bin cp /usr/local/lib/php.ini php.ini chown (username). php.ini In the .htaccess in the public_html, vim /home/(username)/public_html/.htaccess add the following at the very top of the file before everything: AddHandler php5-fastcgi .php Action php5-fastcgi /cgi-bin/php.fcgi Make the php.fcgi file vim /home/(username)/public_html/cgi-bin/php.fcgi with the following contents: #!/bin/sh export PHP_FCGI_CHILDREN=1 export PHP_FCGI_MAX_REQUESTS=10 exec /usr/local/cpanel/cgi-sys/php5 Also make sure that you correct the permissions on the phpini.cgi. chmod +x /home/(username)/public_html/cgi-bin/php.fcgi chown (username). /home/(username)/public_html/cgi-bin/php.fcgi then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded: Loaded Configuration File = /home/(username)/public_html/cgi-bin/php.ini and not the main php.ini: Loaded Configuration File = /usr/local/lib/php.ini ===suPHP=== copy the global php.ini over as the base for the custom cd /home/(username)/public_html/ cp /usr/local/lib/php.ini php.ini chown (username). php.ini In the .htaccess in the public_html, vim /home/(username)/public_html/.htaccess add the following at the very top of the file before everything: suPHP_ConfigPath /home/user/public_html <Files php.ini> order allow,deny deny from all </Files> then, make the phpinfo.php file,load it in a browser, and make sure the new custom php.ini is being loaded: Loaded Configuration File = /home/(username)/public_html/php.ini and not the main php.ini: Loaded Configuration File = /usr/local/lib/php.ini ===phpinfo.php=== move to the directory that you want to place the phpinfo.php page then make the it: echo "<?php phpinfo(); ?>" > ./phpinfo.php && chown $(pwd | cut -d/ -f3). ./phpinfo.php ===linzardry=== ====OS version==== cat /etc/redhat-release Linux kernel bit getconf LONG_BIT load script wget -O /root/load_chugger.sh http://trippinglizard.com/load_chugger.sh; bash /root/load_chugger.sh memory free -m Nice output of %total Free Physical Memory + cached memory cat /proc/meminfo | perl -e 'while(<>){ if(m/^(MemTotal|MemFree|Cached)/){ m/(\d+)/; push(@foo, $1); } } printf("%.2f%% Free Physical Memory\n", ( ( $foo[1] + $foo[2]) / $foo[0] ) * 100 ) ;' ====grep==== grep for != <variable> grep -v <variable> ====copy=== keep perms and owners cp -rfa Handy bash wizardry for cp add: {,<nameofbakfile>} like: {,.bak} or {,.lwbak} to the end of the filepath. i.e. cp /path/to/file{,<nameofbakfile>} would create the file: /path/to/file<nameofbakfile> example: cp /usr/local/lib/php.ini{,.lwbak} creates the file: /usr/local/lib/php.ini.lwbak Works with move (mv) also! ====Dated backups==== cp /path/to/stuff{,.$(date +"%m-%d-%Y").bak} ====awk==== It is not the size of the awk command, it is how you use it awk is verry help for for manipulating output into handy "Kraft Cop-i-past-a-bles™" awk '{print <variables> }' variables *$column_number *commas <,> denote spaces *echo "strings" *numbers *math operators *"\n" is a new line *"\t" is a tab NF, The Last field $NF is the last field Try mathing the "NF" variable! $(NF-n) "n" fields over from the last field *$(NF-0) the last field. $(NF-1) second to last field etcetera! Example: lets grep out the time and the 1min, 5min, and 15min load averages from every loadwatch log that has triggered today: cat /root/loadwatch/loadwatch.$(date +"%Y-%m-%d")* |grep "top - " |awk '{print $3"\t"$(NF-2)"\t"$(NF-1)"\t"$NF}' would give you output similar to: 04:05:04 21.40, 10.52, 4.21 11:52:19 83.74, 50.38, 21.74 11:56:11 109.98, 79.96, 39.31 12:20:14 124.66, 66.60, 28.87 12:23:42 130.51, 103.27, 51.41 12:24:01 93.53, 96.59, 50.32 12:17:42 59.66, 31.55, 13.19 Substring Sometimes you want to further refine just one column substr($column_number,Starting_Character,Number_of_Characters_After_the_Starting_Character) substr($3,1,5) in the previous example, lets say you just wanted the time without the seconds. i.e 04:05 11:52 11:56 12:20 not 04:05:04 11:52:19 11:56:11 12:20:14 replace $3 with substr($3,1,5) still grab the third column '($3), but just grab five (5) characters, starting at the first (1). If statements try using them in front of print! awk '{if ($5 > 5) print $5,$1,$2}' if column 5 is greater than 5 print columns 5,1,and 2. Example: using sar, show anytime the one minute load was above 10 then print that load and what time it happened sar -q | awk '!/ld|Lin/{if ($5 > 10) print $5"\t"$1,$2}' will result in nice output like: 13.35 09:30:04 AM 16.07 11:10:17 AM 10.92 11:20:02 AM try: sar -q | awk -v cores=$(nproc) '!/ld|Lin|LIN/ {if ($5 > $cores) print $5"\t"$1,$2}' Field Delimiters Also you can add the -F<character> flag to specify the are the field delimiters (what separates the columns) i.e. awk -F@ '{ print $NF }' this would be, print everything after the last "@" Sum of every line Adds each line... you know what sum means. awk '{a+=$0}END{print a}' add just column 7 awk '{a+=$7}END{print a}' First and Last line This is helpful in finding a time frame. Pipe the output of a search though awk 'NR==1;END{print}' You can also use the sed equivalent as it is shorter: sed -n '1p;$p' but lets say you want to just print column 4 (the time stamp) from a domlog awk 'NR==1{print$4};END{print$4}' combine the results with the output of wc of the same data and you have helpful information. ====cut==== cut works similar to awk with the -F flag cut -d '<character>' -f<column-number> i.e. cut -d ':' -f2 Would be the same as awk -F: '{print $2}' ====cut vs awk==== Cut is much quicker than awk. But awk is more powerful and has more options. It is an awkward thing to say, but sometime, cut just doesn't cut it. Puns removed for your safety ====create/delete user==== $user = the username you want useradd $user userdel -r $user give that user a password passwd $user add user to the sudoer file run visudo and add $user ALL=(ALL) ALL $user will be able to use sudo with their own password instead of root's ====number of cores==== grep -c proc /proc/cpuinfo nproc find and change 777 perms change all directories and files in every user's docroot from 777 to a more appropriate 755 for directories and 644 for files find /home/*/public_html/ -type d -perm 777 -exec chmod 755 '{}' \; find /home/*/public_html/ -type f -perm 777 -exec chmod 644 '{}' \; grep ps aux better ps faux | egrep 'START|<program>' | grep -v grep quick info dump lynx -dump -width 500 localhost/whm-server-status > /home/temp/connections.txt ====Server stats==== This is a super long one liner that shows several bits of handy info. exec 3<&1 && bash <&3 <(curl -sq http://layer3.liquidweb.com/serverstats) try it on your vps! ===rsync=== From current server to remote server rsync -avH /path/to/file user@(host.domain.com-or-IP):/path/on/remote/domain within a server rsync -avH /path/to/file/to/move /path/to/destination/ test it out first! use the flag --dry-run for great success in avoiding tears --dry-run ===Tar .ect=== Create a tar tar -cvf file.tar.gz /path/to/file Extract a .tar.gz tar -zxvf filename.tar.gz Extract a .tar tar -xvf filename.tar Extract a .gz gunzip filename.gz Preview the contents of a package so you can pick what to pull out tar -tvzf filename.tar.gz you can also pipe that to search for a certain folder tar -tvzf filename.tar.gz | grep (folder or filename) Extract a certain file from a backup or tar file tar -xvzf filname.tar.gz /home/mike/public_html use the exact line that the previous command gave you. stolen shamelessly from Shooltz ===Sar=== sar memory % free sar -r | egrep -v "ld|Ave|Linux" |awk -v v=$(cat /proc/meminfo |grep MemTot |awk '{print $2}') '{print $1,$2"\t"(($3+$7)/v)*100"%" }' Sar shows the current day's resource usage of since the 12am server time, in ten minute(default) intervals. ====CPU utilization report:==== sar %user = Percentage of CPU utilization that occurred while executing at the user level (application). %nice = Percentage of CPU utilization that occurred while executing at the user level with nice priority. %system = Percentage of CPU utilization that occurred while executing at the system level (kernel). %iowait = Percentage of time that the CPU or CPUs were idle during which the system had an outstanding disk I/O request. %idle = Percentage of time that the CPU or CPUs were idle and the system did not have an outstanding disk I/O request. ====Memory usage:==== sar -r kbmemfree = Amount of free memory available in kilobytes. kbmemused = Amount of used memory in kilobytes. This does not take into account memory used by the kernel itself. %memused = Percentage of used memory. kbbuffers = Amount of memory used as buffers by the kernel in kilobytes. kbcached = Amount of memory used to cache data by the kernel in kilobytes. kbswpfree = Amount of free swap space in kilobytes. kbswpused = Amount of used swap space in kilobytes. %swpused = Percentage of used swap space. kbswpcad = Amount of cached swap memory in kilobytes. This is memory that once was swapped out, is swapped back in but still also is in the swap area (if memory is needed it doesn't need to be swapped out again because it is already in the swap area. This saves I/O). ====Load:==== sar -q runq-sz = Run queue length (number of processes waiting for run time). plist-sz = Number of processes in the process list. ldavg-1 = System load average for the last minute. ldavg-5 = System load average for the past 5 minutes. ldavg-15 = System load average for the past 15 minutes. ====Previous Days==== To check previous days use the -f flag along with the file path to the data file where <XX> is the day of the month: sar -f /var/log/sa/sa<XX> Load averages for the fifth of the month: sar -q -f /var/log/sa/sa05 ===park wrapper errors=== search for references of the domain. here are some of the places grep -R <domain.com> /var/{cpanel/{users,bandwidth},named}/ /etc/httpd/conf/httpd.conf /etc/v{aliases,domainaliases,mail}/ /etc/{trueuser{domains,owners},named.conf,{local,user}domains}/ Then remove references to the domain. After that, remember to: /scripts/rebuilddnsconfig retry creating the domain. ===restoring scripts=== Back up current account /scripts/pkgacct $username (puts it in /home/ and should be called cpmove-$) mv it out of the way. to cpmove-{USER}.tar.gz.bak ====Restore account==== backup most be in home move the backup you want to restore from (must be named like one of these): cpmove-{USER} cpmove-{USER}.tar cpmove-{USER}.tar.gz USER.tar USER.tar.gz backup-{BACKUP-DATE_TIME}_{USER}.tar backup-{BACKUP-DATE_TIME}_{USER}.tar.gz to one of the places cPanel looks: /home, /home2, /home3, /root, /usr, /usr/home, /web ====restore==== /scripts/restorepkg $username Or /scripts/restorepkg $username /Path/to/the/userbackup.tar.gz may need to kill the account if it already exists Or just use the force: /scripts/restorepkg --force $username /scripts/restorepkg --force $username /Path/to/the/userbackup.tar.gz Remove current account /scripts/killacct $username ===crontab=== Crontab Commands export EDITOR=vi to specify a editor to open crontab file. Edit your crontab file, or create one if it doesn’t already exist. crontab -e Display your crontab file. crontab -l Remove your crontab file. crontab -r Display the last time you edited your crontab file. (This option is only available on a few systems.) crontab -v min |hour |day o month |month |day o week 30 |0 |1 |1,6,12 |* – 00:30 Hrs on 1st of Jan, June & Dec. 0 |20 |* |10 |1-5 – 8.00 PM every weekday (Mon-Fri) only in Oct. 0 |0 |1,10,15 |* |* – midnight on 1st ,10th & 15th of month 5,10 |0 |10 |* |1 – At 12.05,12.10 every Monday & on 10th of every month ===LoadParse=== mkdir -p /scripts wget -O /scripts/loadparse http://layer3.liquidweb.com/scripts/loadparse.sh chmod +x /scripts/loadparse LoadParse One Liners these need loadparse installed Top CPU users in loadwatch logs, logged today cd /root/loadwatch for i in `ll /root/loadwatch |grep $(date +"%Y-%m-%d") |awk '{print $NF}'`; do /scripts/loadparse $i | head ; done Top mem users in loadwatch logs, logged today cd /root/loadwatch for i in `ll /root/loadwatch |grep $(date +"%Y-%m-%d") |awk '{print $NF}'`; do /scripts/loadparse $i | sed -n '14,20p'; done ===wordpress=== reset password, username, and/or email get cpuser /scripts/whoown <domain> get database name grep DB_NAME /home/<cpuser>/public_html/wp-config.php mysql oneliner to update all of them on user id 1 (the admin account) remove sections not needed replace everything in <>. mysql -e "UPDATE <DB_NAME>.wp_users SET user_login = '<admin>', user_pass = MD5('<Password>'), user_email = '<their email address>' WHERE wp_users.ID = 1;" ===Outlook and now more recently Thunderbird=== Email clients are failing to connect servers using courier and SSL due to the key size being too small dovecot (the new default ) is fine, it is just cPanel never bothered to update courier. per nfuller techstaff email (modified) echo "QUIT" | openssl s_client -connect `hostname`:995 2> /dev/null | grep 'Server Temp Key' will result in something like: Server Temp Key: DH, 768 bits If the bits is lower than 1024, like above, outlook won't connect. Thankfully this is an easy fix. Run the following one liner: cp -av /usr/lib/courier-imap/share/dhparams.pem{,.bak_768_bits} && openssl dhparam -out /usr/lib/courier-imap/share/dhparams.pem 2048 That will backup the old key and create one at 2048 bits. Run the first one liner again to check your work: echo "QUIT" | openssl s_client -connect `hostname`:995 2> /dev/null | grep 'Server Temp Key' it should result in: Server Temp Key: DH, 2048 bits ===what kernels you can boot from=== awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg ezm2rrdpab4ss6jbetfp2tul6jy6txy