How to install and enable SuPHP on a cPanel server OR How to install phpSuExec on a Linux Server?
SuPHP Or PHPSuExec as most people call is a module that increases the security of the server and executes PHP files under the owner of the file instead of the Apache user i.e. nobody. The advantages of having suPHP are:
1. Files or Directories those need 777 permissions to write into will no longer need those permissions and will result in an “Internal Server Error” The maximum permissions a directory or a file will need is 755 so it won’t be world writable anymore.
2. You need to place all the php directives for ex. safe_mode in the php.ini of a domain instead of .htaccess as it will result in an “Internal Server Error”.
3. All the files and directories that will be uploaded using a script will have the ownership of the owner instead of ‘nobody’ (i.e. the Apache user).
4. You will be able to edit/remove the files that are uploaded using scripts using Ftp.
5. The directives placed in a php.ini of an account will only effect the directory it is placed and won’t effect recursively as opposed to .htaccess.
Below is a small guide on installation, activation and verification of SuPHP on a cPanel server:
1. Installing SuPHP using easyapache script OR “Apache Update” option in WHM. Login to your server as root and execute the easyapache script:
# /scripts/easyapache
Once you execute the script, it will open a new screen asking you to select various options. On the first screen, you have to select the profile. You can use the default settings and select “Start customizing based on profile”. You then have to select the Apache version, then the PHP version on the next screen.
On the 5th screen, it will list different modules and the first one is “Mod SuPHP”. Select the modules using space bar and select “Save and Build”. All the previous options along with Suphp module will be compiled again. It will take around 30 minutes to complete the compilation process.
2. Enable SuPHP. Once the installation completes, you have to enable SuPHP to make it work. To enable SuPHP, simply execute the following command:
# /usr/local/cpanel/bin/rebuild_phpconf 5 none suphp 1
where,
5, is PHP version 5.
none, is we do not need PHP4.
suphp, is we need to enable suphp
1, is we need Apache Suexec enabled.
Once you execute the command, you can verify the configuration using:
# /usr/local/cpanel/bin/rebuild_phpconf –current
Available handlers: suphp dso cgi none
DEFAULT PHP: 5
PHP4 SAPI: none
PHP5 SAPI: suphp
SUEXEC: enabled
Once you see ’suphp’ in front of PHP5, it’s time to restart the Apache service for the changes to take effect.
service httpd restart
3. Verify if SuPHP is working. Create a php file say phpinfo.php under an account and set the permissions to 777.
touch /home/user/public_html/phpinfo.php
chmod 777 /home/user/public_html/phpinfo.php
You should see a “Internal Server Error” on browsing the file. If you do, SuPHP is working so make sure files/directories are owned by owner and permissions should be no more than 755.
The log file resides at:
/usr/local/apache/logs/suphp_log
Hope this article helps you to enable SuPHP from the command line.
Wednesday, January 27, 2010
Script to change IP address of all the accounts.
How to change IP address of all the accounts on a cPanel server?
The “Change Site IP Address” option is WHM is not feasible in case you need to change IP address of all the accounts on a server. In order to change IP address of all the domains on a cPanel server, you have to use the “swapip” script provided by cPanel.
The following script will do the needful:
for i in `cat /etc/trueuserdomains | cut -d: -f1`
do
/usr/local/cpanel/bin/swapip OLDIP NEWIP $i;
done;
where,
OLDIP is the current IP assigned to the domain.
NEWIP is the new IP which you would like to assign.
$i is the domain names read per line from the /etc/trueuserdomains file.
The “Change Site IP Address” option is WHM is not feasible in case you need to change IP address of all the accounts on a server. In order to change IP address of all the domains on a cPanel server, you have to use the “swapip” script provided by cPanel.
The following script will do the needful:
for i in `cat /etc/trueuserdomains | cut -d: -f1`
do
/usr/local/cpanel/bin/swapip OLDIP NEWIP $i;
done;
where,
OLDIP is the current IP assigned to the domain.
NEWIP is the new IP which you would like to assign.
$i is the domain names read per line from the /etc/trueuserdomains file.
Howto: Change cPanel theme for multiple accounts.
How to change cPanel theme for multiple accounts?
The cPanel theme for an account is specified in the /var/cpanel/users/username file in the format CPMOD=x3
where, x3 is the theme. WHM only provides the option to change the cPanel theme for an account one at a time. In order to change the theme for all the accounts at once, execute the following command:
for i in `ls -la /var/cpanel/users/ | awk ‘{print $9}’ | sed ‘1,3 d’`; do sed -i “/CPMOD/d” $i; echo “CPMOD=x3″ >> $i; done;
here, it will change the cPanel theme of all the accounts on the server to ‘x3′ theme.
As the files are updated manually, you need to execute /scripts/updateuserdomains to rebuild the cache.
The cPanel theme for an account is specified in the /var/cpanel/users/username file in the format CPMOD=x3
where, x3 is the theme. WHM only provides the option to change the cPanel theme for an account one at a time. In order to change the theme for all the accounts at once, execute the following command:
for i in `ls -la /var/cpanel/users/ | awk ‘{print $9}’ | sed ‘1,3 d’`; do sed -i “/CPMOD/d” $i; echo “CPMOD=x3″ >> $i; done;
here, it will change the cPanel theme of all the accounts on the server to ‘x3′ theme.
As the files are updated manually, you need to execute /scripts/updateuserdomains to rebuild the cache.
How to change the FTP port?
How to change the Ftp port to a non-standard port?
If you have say, Pure-Ftp as a Ftp server, edit the configuration file:
pico /etc/pure-ftpd.conf
Search for the line:
# Bind 127.0.0.1,21
and add the following line below it
Bind *,2121
where, 2121 is the new port you want the Ftp server to listen to.
Save the file and restart the ftp service.
service pure-ftpd restart
Use netstat to check if the new port is listening:
netstat -al | grep 2121
If your server is behind a firewall, you will have to open the new Ftp port in the allowed list. For example, if you have CSF firewall installed on your server, edit the configuration at
/etc/csf/csf.conf
and replace port 21 with 2121 in the TCP_IN. Save the file and restart the csf firewall
csf -r
If you have say, Pure-Ftp as a Ftp server, edit the configuration file:
pico /etc/pure-ftpd.conf
Search for the line:
# Bind 127.0.0.1,21
and add the following line below it
Bind *,2121
where, 2121 is the new port you want the Ftp server to listen to.
Save the file and restart the ftp service.
service pure-ftpd restart
Use netstat to check if the new port is listening:
netstat -al | grep 2121
If your server is behind a firewall, you will have to open the new Ftp port in the allowed list. For example, if you have CSF firewall installed on your server, edit the configuration at
/etc/csf/csf.conf
and replace port 21 with 2121 in the TCP_IN. Save the file and restart the csf firewall
csf -r
Not allowed to add any more than (0) addon domains!
Error:
There was a problem creating the addondomain.
Sorry, you are not allowed to add any more than (0) addon domains! The domain below was not setup.
Reason:
The domain is not allowed to host any add-on domains on it and the addon domain resources are set to zero by the administrator of the server. You won’t be able to add add-on domain OR park domain from cPanel and receives the “Sorry, you are not allowed to add any more than (0) addon domains!” error message.
Solution:
You need to change add-on domain resources from zero (0) to 1 or more. There are 2 methods to increase the add-on domains for an account:
1) Login to WHM as root, goto Account Functions >> Modify an Account >> select the domain name from the domain’s list and click ‘Modify’ >> specify the number of add-on domains in “Max Addon Domains” text box >> click Save.
2) Login to your server as root. Edit the users file
pico /var/cpanel/users/username
set the MAXADDON from zero to 1 or more
MAXADDON=1
Save the file and update the cache using
/scripts/updateuserdomains
There was a problem creating the addondomain.
Sorry, you are not allowed to add any more than (0) addon domains! The domain below was not setup.
Reason:
The domain is not allowed to host any add-on domains on it and the addon domain resources are set to zero by the administrator of the server. You won’t be able to add add-on domain OR park domain from cPanel and receives the “Sorry, you are not allowed to add any more than (0) addon domains!” error message.
Solution:
You need to change add-on domain resources from zero (0) to 1 or more. There are 2 methods to increase the add-on domains for an account:
1) Login to WHM as root, goto Account Functions >> Modify an Account >> select the domain name from the domain’s list and click ‘Modify’ >> specify the number of add-on domains in “Max Addon Domains” text box >> click Save.
2) Login to your server as root. Edit the users file
pico /var/cpanel/users/username
set the MAXADDON from zero to 1 or more
MAXADDON=1
Save the file and update the cache using
/scripts/updateuserdomains
How to install Zend Optimizer on a cPanel server?
How to install Zend Optimizer on a cPanel server?
cPanel offers ‘phpextensionmgr’ script through which you can install various extensions. To list the available PHP extensions, execute the command as root
root@LHS [~]# /scripts/phpextensionmgr list
Available Extensions:
EAccelerator
IonCubeLoader
Zendopt
SourceGuardian
PHPSuHosin
To list the available Options and Actions, execute
root@LHS [~]# /scripts/phpextensionmgr –help
Usage:
phpextensionmgr [options] [action] [extension]
Options:
–help Help message
–prefix Installation prefix for PHP (normally /usr/local or /usr/local/php4)
Actions:
install Install or update the extension
uninstall Uninstall the extension
status Display the installation status of the extension
list Show available extensions
To install Zend Optimizer, execute the command
root@LHS [~]# /scripts/phpextensionmgr install Zendopt
To verify whether Zend Optimizer is installed, execute:
root@LHS [~]# php -v
You can install the other available extensions using the same command, just replace ‘Zendopt’ with the extension name you wish to install.
cPanel offers ‘phpextensionmgr’ script through which you can install various extensions. To list the available PHP extensions, execute the command as root
root@LHS [~]# /scripts/phpextensionmgr list
Available Extensions:
EAccelerator
IonCubeLoader
Zendopt
SourceGuardian
PHPSuHosin
To list the available Options and Actions, execute
root@LHS [~]# /scripts/phpextensionmgr –help
Usage:
phpextensionmgr [options] [action] [extension]
Options:
–help Help message
–prefix Installation prefix for PHP (normally /usr/local or /usr/local/php4)
Actions:
install Install or update the extension
uninstall Uninstall the extension
status Display the installation status of the extension
list Show available extensions
To install Zend Optimizer, execute the command
root@LHS [~]# /scripts/phpextensionmgr install Zendopt
To verify whether Zend Optimizer is installed, execute:
root@LHS [~]# php -v
You can install the other available extensions using the same command, just replace ‘Zendopt’ with the extension name you wish to install.
Unable to delete an email account from cPanel
Error Message:
The e-mail address postmaster@mydomain.com deleted successfully.
Sorry, you do not have access to the domain mydomain.com
The error message is displayed when you delete an email account of a domain from cPanel >> ‘Email Accounts’ that is either shifted under another users account OR usually happens when a domain is swapped from add-on domain to main domain OR vice-versa. In this case, you have to manually remove the email account entries for domain mydomain.com from the existing account.
The files you need to remove the entries from are
/home/user/etc/domainname.tld/passwd
/home/user/etc/domainname.tld/shadow
/home/user/.cpanel/email_accounts.yaml
The directory that need to be removed is
/home/user/mail/mydomain.com
where, ‘user’ is the one under who’s account the email address of ‘mydomain.com’ exist.
The e-mail address postmaster@mydomain.com deleted successfully.
Sorry, you do not have access to the domain mydomain.com
The error message is displayed when you delete an email account of a domain from cPanel >> ‘Email Accounts’ that is either shifted under another users account OR usually happens when a domain is swapped from add-on domain to main domain OR vice-versa. In this case, you have to manually remove the email account entries for domain mydomain.com from the existing account.
The files you need to remove the entries from are
/home/user/etc/domainname.tld/passwd
/home/user/etc/domainname.tld/shadow
/home/user/.cpanel/email_accounts.yaml
The directory that need to be removed is
/home/user/mail/mydomain.com
where, ‘user’ is the one under who’s account the email address of ‘mydomain.com’ exist.
phpMyAdmin: Cannot start session without errors
Error:
Cannot start session without errors, please check for errors in your PHP and/or webserver log file, and configure your PHP installation correct.
You receive the error message “Cannot start session without errors” while accessing phpMyAdmin in cPanel. phpMyAdmin will not work if any of the following settings are incorrect on a cPanel server.
1. The owner and group of /var/cpanel/userhomes/cpanelphpmyadmin directory should be cpanelphpmyadmin recursively as by default phpMyAdmin sessions are written under /var/cpanel/userhomes/cpanelphpmyadmin/sessions/ directory.
chown cpanelphpmyadmin /var/cpanel/userhomes/cpanelphpmyadmin -R
chgrp cpanelphpmyadmin /var/cpanel/userhomes/cpanelphpmyadmin -R
The 1st step should fix the issue but if it doesn’t follow the next 2 steps:
2. Change the session.save_path parameter to /tmp in the file /usr/local/cpanel/3rdparty/etc/phpmyadmin/php.ini i.e. edit the file
pico /usr/local/cpanel/3rdparty/etc/phpmyadmin/php.ini
change session.save_path as below
session.save_path = /tmp
3. The /tmp directory permissions should be 1777, not 755.
chmod 1777 /tmp
Cannot start session without errors, please check for errors in your PHP and/or webserver log file, and configure your PHP installation correct.
You receive the error message “Cannot start session without errors” while accessing phpMyAdmin in cPanel. phpMyAdmin will not work if any of the following settings are incorrect on a cPanel server.
1. The owner and group of /var/cpanel/userhomes/cpanelphpmyadmin directory should be cpanelphpmyadmin recursively as by default phpMyAdmin sessions are written under /var/cpanel/userhomes/cpanelphpmyadmin/sessions/ directory.
chown cpanelphpmyadmin /var/cpanel/userhomes/cpanelphpmyadmin -R
chgrp cpanelphpmyadmin /var/cpanel/userhomes/cpanelphpmyadmin -R
The 1st step should fix the issue but if it doesn’t follow the next 2 steps:
2. Change the session.save_path parameter to /tmp in the file /usr/local/cpanel/3rdparty/etc/phpmyadmin/php.ini i.e. edit the file
pico /usr/local/cpanel/3rdparty/etc/phpmyadmin/php.ini
change session.save_path as below
session.save_path = /tmp
3. The /tmp directory permissions should be 1777, not 755.
chmod 1777 /tmp
HowTo: Add Additional IPs
How to add multiple IPs on an Ethernet network interface card i.e. eth0? OR
How to add additional IPs on a Linux server?
People find it rather hard to add the IPs manually on a Plain server. Following are the steps you can follow to add a range of IPs on a CentOS server:
1 ) Change directory to /etc/sysconfig/network-scripts/ using the ‘cd’ command:
cd /etc/sysconfig/network-scripts/ (this directory contains Interface configuration files)
2) Create a file ifcfg-eth0-range0 using your favorite text editor like ‘pico’
pico ifcfg-eth0-range0
3) Add the following lines to the file:
IPADDR_START=1.1.1.10
IPADDR_END=1.1.1.20
CLONENUM_START=1
where,
IPADDR_START is the first IP in the range.
IPADDR_END is the last IP in the range.
CLONENUM_START=1, where 1 will start adding IPs from eth0:1
4) Save and exit the file.
5) You now need to execute “ifup-aliases” script for the range of IPs to take affect. Execute the following command:
./ifup-aliases eth0
This will add the IPs on eth0 and will bring all the virtual interfaces up. You can view all the interfaces using the “ifconfig” command.
How to add additional IPs on a Linux server?
People find it rather hard to add the IPs manually on a Plain server. Following are the steps you can follow to add a range of IPs on a CentOS server:
1 ) Change directory to /etc/sysconfig/network-scripts/ using the ‘cd’ command:
cd /etc/sysconfig/network-scripts/ (this directory contains Interface configuration files)
2) Create a file ifcfg-eth0-range0 using your favorite text editor like ‘pico’
pico ifcfg-eth0-range0
3) Add the following lines to the file:
IPADDR_START=1.1.1.10
IPADDR_END=1.1.1.20
CLONENUM_START=1
where,
IPADDR_START is the first IP in the range.
IPADDR_END is the last IP in the range.
CLONENUM_START=1, where 1 will start adding IPs from eth0:1
4) Save and exit the file.
5) You now need to execute “ifup-aliases” script for the range of IPs to take affect. Execute the following command:
./ifup-aliases eth0
This will add the IPs on eth0 and will bring all the virtual interfaces up. You can view all the interfaces using the “ifconfig” command.
HowTo: Increase /tmp partition size
How to increase /tmp partition? In case your server isn’t built with a /tmp partition OR you need to increase the disk space of the partition for some reason, you will have to create a virtual partition and have to mount it on /tmp.
The following steps will guide you to create a virtual partition:
1) To create a partition of 2GB, use the below dd command:
dd if=/dev/zero of=/home/tmp-dir bs=1024M count=2
2) Once the partition is created, you need to create the file system on it using the mke2fs command
mke2fs -j /home/tmp-dir
3) Now, the partition is ready to be used but you need to mount it on /tmp directory.
mount -t ext3 -o loop /home/tmp-dir /tmp
Here, we have used ‘loop’ while mounting /home/tmp-dir partition because we are not mounting an actual block device but to make a file accessible as a block device.
4) To verify the partition, execute
mount
5) To make sure this partition is mounted automatically after every reboot, edit the /etc/fstab file and replace the /tmp line with the following one:
/home/tmp-dir /tmp ext3 defaults,loop 0 0
Hope, this helps.
The following steps will guide you to create a virtual partition:
1) To create a partition of 2GB, use the below dd command:
dd if=/dev/zero of=/home/tmp-dir bs=1024M count=2
2) Once the partition is created, you need to create the file system on it using the mke2fs command
mke2fs -j /home/tmp-dir
3) Now, the partition is ready to be used but you need to mount it on /tmp directory.
mount -t ext3 -o loop /home/tmp-dir /tmp
Here, we have used ‘loop’ while mounting /home/tmp-dir partition because we are not mounting an actual block device but to make a file accessible as a block device.
4) To verify the partition, execute
mount
5) To make sure this partition is mounted automatically after every reboot, edit the /etc/fstab file and replace the /tmp line with the following one:
/home/tmp-dir /tmp ext3 defaults,loop 0 0
Hope, this helps.
PAE-Kernel extenstion: 4GB of RAM not showing
Why do server not showing up 4GB of RAM? By default a server supports up to a 4GB of RAM i.e. on a non-PAE kernel. If you wish to add 4GB RAM or more, you will have to install kernel-PAE package which addresses upto 64GB of RAM. Once you install the kernel with the PAE module, the server will show you the correct amount of installed RAM.
Use yum to install the module:
yum install kernel-PAE
Once the module is installed, you will have to edit the grub configuration file to make sure the new kernel is picked up on reboot. Edit the file using your favrioute editor:
pico /etc/grub/grub.conf
and change the line
default = 1
to
default = 0
Save and Exit the file. Once done, reboot the server for the changes to take effect.
Use yum to install the module:
yum install kernel-PAE
Once the module is installed, you will have to edit the grub configuration file to make sure the new kernel is picked up on reboot. Edit the file using your favrioute editor:
pico /etc/grub/grub.conf
and change the line
default = 1
to
default = 0
Save and Exit the file. Once done, reboot the server for the changes to take effect.
make_sock: could not bind to address 0.0.0.0:80
You may come across the following error while restarting Apache:
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
The reason is, some Apache processes are still running though the service is stopped and the port 80 is still binded to some processes.
In this case, you need to search out for the running Apache processes and have to kill them in order to start the service properly. To search the processes, execute:
fuser -n tcp 80
this will list all the PIDs of the running processes that are binded to port 80. To kill them, execute:
kill -9 PID
where, PID are the ones you retrieved from the previous command. Once you kill the PIDs, you can start the Apache service safely. The same is applied for port 443.
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
The reason is, some Apache processes are still running though the service is stopped and the port 80 is still binded to some processes.
In this case, you need to search out for the running Apache processes and have to kill them in order to start the service properly. To search the processes, execute:
fuser -n tcp 80
this will list all the PIDs of the running processes that are binded to port 80. To kill them, execute:
kill -9 PID
where, PID are the ones you retrieved from the previous command. Once you kill the PIDs, you can start the Apache service safely. The same is applied for port 443.
Howto: disable root login
How to disable root login and secure SSH server? In order to disable root access on your server, make sure you create a user who have privileges to gain root access. Create a user say, ‘admin’ (you need to add the user ‘admin’ to the wheel group in case you are on a cPanel server) and follow the steps to disable root access and secure SSH:
1) Edit the SSHD configuration file:
pico /etc/ssh/sshd_config
2) Search the line
PermitRootLogin yes
and change it to
PermitRootLogin no
3) To change the default SSH port, search for the line
#Port 22
and change it to
Port 2233
4) To make SSH work on a secure protocol, search the line
#Protocol 2, 1
and change it to
Protocol 2
5) In order to make SSHD service listen to a specific IP, searcg the line
#ListenAddress ::
change it to
ListenAddress AdditionalIPofServer
Once you are complete with the above changes, save the file and exit. You will have to restart the sshd service for the changes to take effect. Now, you will have to login to your server as user ‘admin’ and then su to root as follows:
Hostname: Server IP
User: admin
SSH Port: 2233
Pass: password of user ‘admin’
Once logged in, execute su -and it will prompt you for the root password.
1) Edit the SSHD configuration file:
pico /etc/ssh/sshd_config
2) Search the line
PermitRootLogin yes
and change it to
PermitRootLogin no
3) To change the default SSH port, search for the line
#Port 22
and change it to
Port 2233
4) To make SSH work on a secure protocol, search the line
#Protocol 2, 1
and change it to
Protocol 2
5) In order to make SSHD service listen to a specific IP, searcg the line
#ListenAddress ::
change it to
ListenAddress AdditionalIPofServer
Once you are complete with the above changes, save the file and exit. You will have to restart the sshd service for the changes to take effect. Now, you will have to login to your server as user ‘admin’ and then su to root as follows:
Hostname: Server IP
User: admin
SSH Port: 2233
Pass: password of user ‘admin’
Once logged in, execute su -and it will prompt you for the root password.
Howto: Password Protect a directory using .htaccess
How to Password Protect a Directory using .htaccess?
You may need to password protect a directory in order to limit the sharing of files under it OR may need to protect a private area. You can password protect a directory using a .htaccess file which has to be placed under a directory which needs to be protected.
Create a .htaccess file
vi /home/username/.htaccess
Once created, add the following lines to it:
AuthUserFile /home/username/.htpasswd
AuthName “Private Area”
AuthType Basic
require valid-user
where, ‘username’ is the actual username of your domain. Now, create a .htpasswd file under the /home/username/ directory.
vi /home/username/.htpasswd
In order to grant access to the directory for specific users, you need to place all the users along with their passwords in the below format:
username1:encryptedpassword
username2:encryptedpassword
There is no limit in adding users to this file, just make sure each user should be on a separate line and you can encrypt passwords using any available tool on the internet.
You may need to password protect a directory in order to limit the sharing of files under it OR may need to protect a private area. You can password protect a directory using a .htaccess file which has to be placed under a directory which needs to be protected.
Create a .htaccess file
vi /home/username/.htaccess
Once created, add the following lines to it:
AuthUserFile /home/username/.htpasswd
AuthName “Private Area”
AuthType Basic
require valid-user
where, ‘username’ is the actual username of your domain. Now, create a .htpasswd file under the /home/username/ directory.
vi /home/username/.htpasswd
In order to grant access to the directory for specific users, you need to place all the users along with their passwords in the below format:
username1:encryptedpassword
username2:encryptedpassword
There is no limit in adding users to this file, just make sure each user should be on a separate line and you can encrypt passwords using any available tool on the internet.
rpmdb: unable to join the environment
If your rpm database gets corrupt, you receive the following message on working on packages using rpm:
rpmdb: unable to join the environment
rpmdb: write: 0xbf91a7d0, 8192: Invalid argument
error: db4 error(22) from dbenv->open: Invalid argument
error: cannot open Packages index
You can try out any of the following two solutions:
1.
rm -f /var/lib/rpm/__db*
rpm –rebuilddb
OR
2. you need to add the following ‘export’ line in /etc/profile file and rebuild the database.
export LD_ASSUME_KERNEL=2.2.5 (2.2.5 is the base kernel)
rpm –rebuilddb
With the second solution, the changes will take effect on the next session.
rpmdb: unable to join the environment
rpmdb: write: 0xbf91a7d0, 8192: Invalid argument
error: db4 error(22) from dbenv->open: Invalid argument
error: cannot open Packages index
You can try out any of the following two solutions:
1.
rm -f /var/lib/rpm/__db*
rpm –rebuilddb
OR
2. you need to add the following ‘export’ line in /etc/profile file and rebuild the database.
export LD_ASSUME_KERNEL=2.2.5 (2.2.5 is the base kernel)
rpm –rebuilddb
With the second solution, the changes will take effect on the next session.
Sending emails using a different IP address
You can send emails of your server from an additional IP of your server instead of the main IP using iptables. Here is the iptable command:
iptables -t nat -A POSTROUTING -o eth0 -p tcp -j SNAT –dport 25 –to-source IPAddress
where, “IPAddress” is the additional IP of your server. To save the rule, execute
service iptables save
This will make the settings permanent and you can check the rule using
iptables -L -t nat
iptables -t nat -A POSTROUTING -o eth0 -p tcp -j SNAT –dport 25 –to-source IPAddress
where, “IPAddress” is the additional IP of your server. To save the rule, execute
service iptables save
This will make the settings permanent and you can check the rule using
iptables -L -t nat
Turn on allow_url_fopen
In order to turn ON allow_url_fopen for a single account on a phpsuexec server, edit the file
vi /usr/local/apache/conf/httpd.conf
scroll down to the VirtualHost entry of the domain and insert the following lines
php_admin_value allow_url_fopen On
php_admin_value allow_url_include On
Save the file and restart the Apache service.
vi /usr/local/apache/conf/httpd.conf
scroll down to the VirtualHost entry of the domain and insert the following lines
php_admin_value allow_url_fopen On
php_admin_value allow_url_include On
Save the file and restart the Apache service.
Delete Frozen Emails
Howto check number of emails in the mail queue:
exim -bpc
To check the email ID, sender and receiver of the each email:
exim -bp | more
To delete frozen emails from the mail queue, execute:
exim -bp | grep ‘frozen’ | awk ‘{print $3}’ | xargs exim -Mrm
similarly, to delete emails sent using a script’
exim -bp | grep ‘<>’ | awk ‘{print $3}’ | xargs exim -Mrm
exim -bpc
To check the email ID, sender and receiver of the each email:
exim -bp | more
To delete frozen emails from the mail queue, execute:
exim -bp | grep ‘frozen’ | awk ‘{print $3}’ | xargs exim -Mrm
similarly, to delete emails sent using a script’
exim -bp | grep ‘<>’ | awk ‘{print $3}’ | xargs exim -Mrm
error: ‘PIX_FMT_RGBA32′ undeclared
The below error is common while installing FFMPEG-PHP on the server and where people run out of ideas
/root/ffmpeg-php-0.5.0/ffmpeg_frame.c:495: error: ‘PIX_FMT_RGBA32′ undeclared (first use in this function)
make: *** [ffmpeg_frame.lo] Error 1
The error occurs because of incorrect function declared in ffmpeg_frame.c file which can be resolved by either of the methods mentioned below:
1) Edit the file ffmpeg_frame.c and replace all the instanaces of “PIX_FMT_RGBA32″ with “PIX_FMT_RGB32″ and save the file
OR
2) Execute the replace command:
replace “PIX_FMT_RGBA32″ “PIX_FMT_RGB32″ — ffmpeg_frame.c
Once done, recompile ffmpeg-php once again.
/root/ffmpeg-php-0.5.0/ffmpeg_frame.c:495: error: ‘PIX_FMT_RGBA32′ undeclared (first use in this function)
make: *** [ffmpeg_frame.lo] Error 1
The error occurs because of incorrect function declared in ffmpeg_frame.c file which can be resolved by either of the methods mentioned below:
1) Edit the file ffmpeg_frame.c and replace all the instanaces of “PIX_FMT_RGBA32″ with “PIX_FMT_RGB32″ and save the file
OR
2) Execute the replace command:
replace “PIX_FMT_RGBA32″ “PIX_FMT_RGB32″ — ffmpeg_frame.c
Once done, recompile ffmpeg-php once again.
Got a packet bigger than ‘max_allowed_packet’ bytes
“Got a packet bigger than ‘max_allowed_packet’ bytes”
The message is displayed when you try to restore a database and the packet size if more than the default one OR the one defined in the my.cnf file.You can check the existing bytes with the following command
root@server [~]# mysqladmin variables | grep max_allowed_packet
| max_allowed_packet | 1048576 |
To overcome the issue, add the following parameter in the my.cnf file
max_allowed_packet = 2097152
The value should be more than the default one. Save the file and restart the mysql service.
The message is displayed when you try to restore a database and the packet size if more than the default one OR the one defined in the my.cnf file.You can check the existing bytes with the following command
root@server [~]# mysqladmin variables | grep max_allowed_packet
| max_allowed_packet | 1048576 |
To overcome the issue, add the following parameter in the my.cnf file
max_allowed_packet = 2097152
The value should be more than the default one. Save the file and restart the mysql service.
Howto: Check Apache Connections
How to check number of connections to the Apache server?
netstat command will show you the accurate connections to each of your service. In order to check the number of connections to port 80, use the netstat command and grep the Apache port.
List the connections to port 80:
netstat -alntp | grep :80
To check the number of connections to port 80:
netstat -alntp | grep :80 | wc -l
List the remote IPs connecting to your server on port 80:
netstat -alntp | grep :80 | awk ‘{print $5}’ | cut -d: -f1 | sort
List the uniq remote IPs and the number of connections from each IP:
netstat -alntp | grep :80 | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
Please note: If you copy paste the above commands on your server, the single quote around the {} brackets may change to dots (.) and the command will fail, so make sure you replace those dots with the singe quote and execute the command.
netstat command will show you the accurate connections to each of your service. In order to check the number of connections to port 80, use the netstat command and grep the Apache port.
List the connections to port 80:
netstat -alntp | grep :80
To check the number of connections to port 80:
netstat -alntp | grep :80 | wc -l
List the remote IPs connecting to your server on port 80:
netstat -alntp | grep :80 | awk ‘{print $5}’ | cut -d: -f1 | sort
List the uniq remote IPs and the number of connections from each IP:
netstat -alntp | grep :80 | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
Please note: If you copy paste the above commands on your server, the single quote around the {} brackets may change to dots (.) and the command will fail, so make sure you replace those dots with the singe quote and execute the command.
Howto: enable HTTP Compression
How to enable HTTP Compression? In order to enable compression, you will need compression modules compiled with Apache. Apache 1.x needs mod_gzip and Apache 2.x need mod_deflate compiled with it.
If you have these module installed, you need to edit your Apache configuration file locate at “/etc/httpd/conf/httpd.conf” file and add the following lines to it:
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary
Save the file and restart the httpd service. This will compress all the files except the .gif, .jpe, .jpeg and .png files.
If you have these module installed, you need to edit your Apache configuration file locate at “/etc/httpd/conf/httpd.conf” file and add the following lines to it:
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary
Save the file and restart the httpd service. This will compress all the files except the .gif, .jpe, .jpeg and .png files.
PHP script to send emails
Use the following PHP code to send emails from your server:
$mail_to=”destination@address.com”;
$mail_subject=”Hello”;
$mail_from=”yourname@yourdomain.com”;
$mail_body_client=”Hello”;
mail($mail_to,$mail_subject,$mail_body_client,”FROM:”. $mail_from);
where,
$mail_to is the receipent.
$mail_from is the sender.
$mail_to=”destination@address.com”;
$mail_subject=”Hello”;
$mail_from=”yourname@yourdomain.com”;
$mail_body_client=”Hello”;
mail($mail_to,$mail_subject,$mail_body_client,”FROM:”. $mail_from);
where,
$mail_to is the receipent.
$mail_from is the sender.
PHP pages asking for download
If your .php files are prompting for download on browsing, make sure PHP is compiled with Apache and you have following lines in your Apache configuration file
AddHandler application/x-httpd-php .php .html
You can also add the above line in your .htaccess file of the domain.
AddHandler application/x-httpd-php .php .html
You can also add the above line in your .htaccess file of the domain.
Howto: deny/allow IP using iptables
How to block an IP using iptables?
iptables -A INPUT -s xx.xx.xx.xx -j DROP
How to block an IP for a specific port:
iptables -A INPUT -p tcp -s xx.xx.xx.xx –dport PORT -j DROP
How to allow access to an IP?
iptables -A INPUT -s xx.xx.xx.xx -j ACCEPT
How to allow access to an IP to a specific port using iptables?
iptables -A INPUT -p tcp -s xx.xx.xx.xx –dport PORT -j ACCEPT
where, xx.xx.xx.xx is the remote IP address and PORT is the port number you wish to allow/deny access to.
How to block a scanner on your server for example “w00tw00t.at.ISC.SANS” using iptables?
iptables -I INPUT -p tcp –dport 80 -m string –string ‘GET /w00tw00t.at.ISC.SANS.’ -j DROP
iptables -A INPUT -s xx.xx.xx.xx -j DROP
How to block an IP for a specific port:
iptables -A INPUT -p tcp -s xx.xx.xx.xx –dport PORT -j DROP
How to allow access to an IP?
iptables -A INPUT -s xx.xx.xx.xx -j ACCEPT
How to allow access to an IP to a specific port using iptables?
iptables -A INPUT -p tcp -s xx.xx.xx.xx –dport PORT -j ACCEPT
where, xx.xx.xx.xx is the remote IP address and PORT is the port number you wish to allow/deny access to.
How to block a scanner on your server for example “w00tw00t.at.ISC.SANS” using iptables?
iptables -I INPUT -p tcp –dport 80 -m string –string ‘GET /w00tw00t.at.ISC.SANS.’ -j DROP
Ftp: 425 Unable to build data connection
Error Message:
LIST
425 Unable to build data connection: Connection timed out
PASV
227 Entering Passive Mode (xx,xx,xx,xx,xx,xxx).
connecting data channel to xx.xxx.xx.xxx:54963
The above error message is received while you Ftp to an account successfully but it does not list the files and directories within it. The reason for the error message is, the kernel modules that are required for Ftp “i.e. to keep track of every Ftp connection and carry out the data transfer of it on another port” is not loaded.
The modules are “ip_conntrack” and “ip_conntrack_ftp” which has to be loaded using the ‘modprobe’ command. Login to your server as user root and execute the following commands:
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
Once done, restart the ftp service and re-connect to your account via Ftp. This time it will list the files and directories.
LIST
425 Unable to build data connection: Connection timed out
PASV
227 Entering Passive Mode (xx,xx,xx,xx,xx,xxx).
connecting data channel to xx.xxx.xx.xxx:54963
The above error message is received while you Ftp to an account successfully but it does not list the files and directories within it. The reason for the error message is, the kernel modules that are required for Ftp “i.e. to keep track of every Ftp connection and carry out the data transfer of it on another port” is not loaded.
The modules are “ip_conntrack” and “ip_conntrack_ftp” which has to be loaded using the ‘modprobe’ command. Login to your server as user root and execute the following commands:
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
Once done, restart the ftp service and re-connect to your account via Ftp. This time it will list the files and directories.
-bash: locate: command not found
Error Message:
[root@server ~]# locate filename
-bash: locate: command not found
You may receive the above error message while searching a file using locate command and the error indicates that the package “slocate” required for the locate command is not installed. To install the package, execute:
yum -y install slocate
You will now be able to use the locate command but before that, execute the command “updatedb” so that the locate database is updated.
[root@server ~]# locate filename
-bash: locate: command not found
You may receive the above error message while searching a file using locate command and the error indicates that the package “slocate” required for the locate command is not installed. To install the package, execute:
yum -y install slocate
You will now be able to use the locate command but before that, execute the command “updatedb” so that the locate database is updated.
/usr/bin/phpize /bin/sh: bad interpreter: Permission denied
Error Message:
/usr/bin/phpize: /tmp/tmpjMvBZg/package.x.x/build/shtool: /bin/sh: bad interpreter: Permission denied
If you receive the above error message while installing a package using “pecl”, it meant that the /tmp partition is mounted in “noexec” mode and that you do not have permissions to execute anything under /tmp partition.
Execute the “mount” command and you will see something like:
root@server [~]# mount /dev/sdax on /tmp type ext3 (rw,noexec,nosuid)
To mount the /tmp partition in rw mode, execute:
root@server [~]# mount -o remount rw /tmp
Now, you can execute the “pecl” command to install the package you like. Once done, you can remount /tmp with noexec mode again:
root@server [~]# mount -o remount rw,noexec,nosuid /tmp
/usr/bin/phpize: /tmp/tmpjMvBZg/package.x.x/build/shtool: /bin/sh: bad interpreter: Permission denied
If you receive the above error message while installing a package using “pecl”, it meant that the /tmp partition is mounted in “noexec” mode and that you do not have permissions to execute anything under /tmp partition.
Execute the “mount” command and you will see something like:
root@server [~]# mount /dev/sdax on /tmp type ext3 (rw,noexec,nosuid)
To mount the /tmp partition in rw mode, execute:
root@server [~]# mount -o remount rw /tmp
Now, you can execute the “pecl” command to install the package you like. Once done, you can remount /tmp with noexec mode again:
root@server [~]# mount -o remount rw,noexec,nosuid /tmp
PureFtp + Not able to list more than 2000 files
Problem: Not able to list more than 2000 files in a directory using Ftp.
Solution:
The pure-ftp by default limit maximum number of # files to be displayed to 2000.
So edit your pureftpd configuration file which is at /etc/pure-ftpd.conf and change the line
LimitRecursion 2000 8
to
LimitRecursion 5000 8
Save the file and restart the service.
service pure-ftpd restart
It will display 5000 files from a directory now.
Solution:
The pure-ftp by default limit maximum number of # files to be displayed to 2000.
So edit your pureftpd configuration file which is at /etc/pure-ftpd.conf and change the line
LimitRecursion 2000 8
to
LimitRecursion 5000 8
Save the file and restart the service.
service pure-ftpd restart
It will display 5000 files from a directory now.
Howto: Secure /tmp and /dev/shm partitions
How to secure /tmp and /dev/shm partitions?
It is highly recommended to mount /tmp and /dev/shm partitions in noexec,nosuid mode in order to prevent files been executed under those partitions. To mount /tmp and /dev/shm in noexec,nosuid more, edit the /etc/fstab file and
search for the word
“defaults”
in front of the 2 partitions and replace them with
rw,noexec,nosuid
The entry should look like the following:
tmpfs /dev/shm tmpfs rw,noexec,nosuid 0 0
and same for /tmp partition as well.
Save the /etc/fstab file. You now need to remount the partitions for the changes to take effect. Execute the following remount commands:
root@host [~]#mount -o remount /tmp
root@host [~]#mount -o remount /dev/shm
You can now check the mounted partitions using the command:
root@host [~]#mount
It is highly recommended to mount /tmp and /dev/shm partitions in noexec,nosuid mode in order to prevent files been executed under those partitions. To mount /tmp and /dev/shm in noexec,nosuid more, edit the /etc/fstab file and
search for the word
“defaults”
in front of the 2 partitions and replace them with
rw,noexec,nosuid
The entry should look like the following:
tmpfs /dev/shm tmpfs rw,noexec,nosuid 0 0
and same for /tmp partition as well.
Save the /etc/fstab file. You now need to remount the partitions for the changes to take effect. Execute the following remount commands:
root@host [~]#mount -o remount /tmp
root@host [~]#mount -o remount /dev/shm
You can now check the mounted partitions using the command:
root@host [~]#mount
Vcards and mime types
How to make a .vcf file down loadable?
Problem: If you link a .vcf file on a page, it shows as a text file instead of asking for a download.
Solution: In order to make the .vcf file download-able, you need to add the AddTye directive in the .htaccess file as follows:
AddType text/x-vcard .vcf
Save the file and that’s it.
Problem: If you link a .vcf file on a page, it shows as a text file instead of asking for a download.
Solution: In order to make the .vcf file download-able, you need to add the AddTye directive in the .htaccess file as follows:
AddType text/x-vcard .vcf
Save the file and that’s it.
How to read core.xxx files in linux
How to view core.xx files in Linux?
The core.xxx files are created on Linux servers and holds the current state of a process working memory when a process is crashed. To view the core.xx files in Linux, execute the command:
root@host [~]# strings core.xxx
It will list different state of a process on each line.
The core.xxx files are created on Linux servers and holds the current state of a process working memory when a process is crashed. To view the core.xx files in Linux, execute the command:
root@host [~]# strings core.xxx
It will list different state of a process on each line.
PHP Warning: POST Content-Length exceeds the limit
Error:
PHP Warning: POST Content-Length of xxxxx bytes exceeds the limit of xxxxxx bytes in Unknown on line 0
You receive the POST Content-Length error message if you exceed the size of the file that is
defined in php.ini file. The file you are uploading from a browser using POST should
havesize less than the post_max_size value defined in the PHP configuration file.
Solution:
In order to upload a larger size file, increase the value of post_max_size variable.
1) Edit the php.ini file. You ca retrieve the path to php.ini using “php -i | grep php.ini”
pico /usr/local/lib/php.ini
2) Search the variable post_max_size. Suppose you need to upload a file of 50M, set the value to 60M.
post_max_size = 60M
upload_max_filesize = 60M
3) Save the file and restart the Apache service.
service httpd restart
That is it. You will now be able to upload the file using POST method.
PHP Warning: POST Content-Length of xxxxx bytes exceeds the limit of xxxxxx bytes in Unknown on line 0
You receive the POST Content-Length error message if you exceed the size of the file that is
defined in php.ini file. The file you are uploading from a browser using POST should
havesize less than the post_max_size value defined in the PHP configuration file.
Solution:
In order to upload a larger size file, increase the value of post_max_size variable.
1) Edit the php.ini file. You ca retrieve the path to php.ini using “php -i | grep php.ini”
pico /usr/local/lib/php.ini
2) Search the variable post_max_size. Suppose you need to upload a file of 50M, set the value to 60M.
post_max_size = 60M
upload_max_filesize = 60M
3) Save the file and restart the Apache service.
service httpd restart
That is it. You will now be able to upload the file using POST method.
How to turn off Innodb engine?
How to turn off Innodb Engine in Mysql?
When Mysql is installed, Innodb Engine is set to ON by default. You can verify whether Innodb is set to On or Off by using ‘mysqladmin variables’. Login to the server as root and execute:
root@host [~]# mysqladmin variables | grep have_innodb
| have_innodb | ENABLED
To turn off Innodb, you need to edit the Mysql Configuration file at /etc/my.cnf and add the following line:
skip-innodb
Save the file and restart the mysql service. You now execute the ‘mysqladmin variables’ to check the status of Innodb engine.
When Mysql is installed, Innodb Engine is set to ON by default. You can verify whether Innodb is set to On or Off by using ‘mysqladmin variables’. Login to the server as root and execute:
root@host [~]# mysqladmin variables | grep have_innodb
| have_innodb | ENABLED
To turn off Innodb, you need to edit the Mysql Configuration file at /etc/my.cnf and add the following line:
skip-innodb
Save the file and restart the mysql service. You now execute the ‘mysqladmin variables’ to check the status of Innodb engine.
How to recompile kernel?
How to compile a kernel on a CentOS server?
Compiling a kernel on a CentOS server is probably easy than other Operating Systems but still you should take care while selecting modules else the server won’t boot up on the new kernel. New System admins find it difficult to compile a kernel, however, the following steps should help them a bit.
1) Download the kernel:
cd /usr/local/src/
wget http://www.kernel.org/pub/linux/kern…x.xx.xx.tar.gz
2) Extract the kernel:
tar -zxf linux-2.xx.xx.tar.gz
3) Here you can use previous config during compilation and select the new required modules:
cd linux-*
cp /boot/config-`uname -r` .config
This will copy the current kernel config in the extracted directory of the new kernel.
4) Now configure the kernel using “make menuconfig”. It will present a graphical display with all the available modules.
make menuconfig
Most of them are already selected since you are using the previous config. You need to make sure you select the new modules for example, the ones related to iptables. Each module provides a HELP module which will help you to understand what the module is all about.
5) Compile the kernel:
make
6) Compile the modules:
make modules
7) Install the modules:
make modules_install
8 ) Install the kernel:
make install
This will place the required files of the new kernel under the /boot directory.
Now, the /etc/grub/grub.conf file will have “default=1″ where, ‘1′ is the old kernel. You now need to change “default” value to ‘0′ i.e. from
default=1
to
default=0
Save the file and reboot the server. The server will boot up with the new kernel. However, if the kernel is not compiled properly, your server won’t come online and you will have to change the “default” value back to ‘1′ to boot the server using a single usermode and investigate the issue further.
To overcome this issue, you can use the following steps to test the new kernel. Once you complete the kernel installation using the “make install” command, execute the command:
root@server[#]# grub
At the grub prompt, execute:
savedefault –default=0 –once
quit
You now need to reboot the server to pick up the new kernel just once i.e. even if the server won’t boot up on the new kernel, you just need another reboot and the server will come online on the old kernel. This will save time and will allow you to work immediately on the issue.
Compiling a kernel on a CentOS server is probably easy than other Operating Systems but still you should take care while selecting modules else the server won’t boot up on the new kernel. New System admins find it difficult to compile a kernel, however, the following steps should help them a bit.
1) Download the kernel:
cd /usr/local/src/
wget http://www.kernel.org/pub/linux/kern…x.xx.xx.tar.gz
2) Extract the kernel:
tar -zxf linux-2.xx.xx.tar.gz
3) Here you can use previous config during compilation and select the new required modules:
cd linux-*
cp /boot/config-`uname -r` .config
This will copy the current kernel config in the extracted directory of the new kernel.
4) Now configure the kernel using “make menuconfig”. It will present a graphical display with all the available modules.
make menuconfig
Most of them are already selected since you are using the previous config. You need to make sure you select the new modules for example, the ones related to iptables. Each module provides a HELP module which will help you to understand what the module is all about.
5) Compile the kernel:
make
6) Compile the modules:
make modules
7) Install the modules:
make modules_install
8 ) Install the kernel:
make install
This will place the required files of the new kernel under the /boot directory.
Now, the /etc/grub/grub.conf file will have “default=1″ where, ‘1′ is the old kernel. You now need to change “default” value to ‘0′ i.e. from
default=1
to
default=0
Save the file and reboot the server. The server will boot up with the new kernel. However, if the kernel is not compiled properly, your server won’t come online and you will have to change the “default” value back to ‘1′ to boot the server using a single usermode and investigate the issue further.
To overcome this issue, you can use the following steps to test the new kernel. Once you complete the kernel installation using the “make install” command, execute the command:
root@server[#]# grub
At the grub prompt, execute:
savedefault –default=0 –once
quit
You now need to reboot the server to pick up the new kernel just once i.e. even if the server won’t boot up on the new kernel, you just need another reboot and the server will come online on the old kernel. This will save time and will allow you to work immediately on the issue.
Howto: change Port OR Network Interface Speed?
How to change Port speed OR Network Interface Speed?
To set a specific speed limit on a Network Interface say 10mbps, edit the file network interface file and set the limit which will make the changes permanent even after a reboot.
Edit the file:
root@server [~]# pico /etc/sysconfig/network-scripts/ifcfg-eth0
Add the following line at the end of the file:
ETHTOOL_OPTS=”speed 10 duplex full autoneg off”
Save the file and restart the network service.
root@server [~]# service network restart
This way you can set the duplex or auto negotiation as well. Once done, you can check the network speed using the ethtool command
root@server [~]# ethtool eth0
To set a specific speed limit on a Network Interface say 10mbps, edit the file network interface file and set the limit which will make the changes permanent even after a reboot.
Edit the file:
root@server [~]# pico /etc/sysconfig/network-scripts/ifcfg-eth0
Add the following line at the end of the file:
ETHTOOL_OPTS=”speed 10 duplex full autoneg off”
Save the file and restart the network service.
root@server [~]# service network restart
This way you can set the duplex or auto negotiation as well. Once done, you can check the network speed using the ethtool command
root@server [~]# ethtool eth0
Howto: Disable Directory Listing
Howto: Disable Directory Listing
Posted by: admin : Category: Linux Administration
=======================
How to Disable Directory Listing? You may want to hide directory listings because by default Webservers look for an index file under every directory and if not found, they list the files and directories under it on browsing the directory.
To disable Directory Listing for an account recursively:
1) Create a .htaccess file under the directory
vi .htaccess
2) Add Options directive as follows:
Options -Indexes
3) Save the file.
You now will see a Forbidden message on accessing a directory that do not include an index file.
Posted by: admin : Category: Linux Administration
=======================
How to Disable Directory Listing? You may want to hide directory listings because by default Webservers look for an index file under every directory and if not found, they list the files and directories under it on browsing the directory.
To disable Directory Listing for an account recursively:
1) Create a .htaccess file under the directory
vi .htaccess
2) Add Options directive as follows:
Options -Indexes
3) Save the file.
You now will see a Forbidden message on accessing a directory that do not include an index file.
Howto: disable Mod Security for an account
How to Turn off Mod Security OR How to disable Mod Security for an account?
Mod_Security for an account is turned off/disabled on depending upon the version of Mod_Security i.e. it can be disabled in .htaccess file in modsecurity1 and have to disable it in VirtualHost entry of a domain in modsecurity2. Apache 1.x supports Mod Security1 and Apache 2.x supports Mod Securiry2. To find out the version of Apache, execute
httpd -v
Mod Security1:
Create a .htaccess file in an account
vi .htaccess
and insert the following:
SecFilterEngine Off
SecFilterScanPOST Off
Mod Security2:
You cannot disable mod security in a .htaccess file here (it’s setup this way to enhance security). You have to turn off mod security in the VirtualHost of the domain in the Apache configuration file. Edit the configuration file:
vi /etc/httpd/conf/httpd.conf
scroll down to the VirtualHost of the domain and place the following lines:
SecRuleEngine Off
Save the configuration file and restart the Apache service.
service httpd restart
Mod_Security for an account is turned off/disabled on depending upon the version of Mod_Security i.e. it can be disabled in .htaccess file in modsecurity1 and have to disable it in VirtualHost entry of a domain in modsecurity2. Apache 1.x supports Mod Security1 and Apache 2.x supports Mod Securiry2. To find out the version of Apache, execute
httpd -v
Mod Security1:
Create a .htaccess file in an account
vi .htaccess
and insert the following:
SecFilterEngine Off
SecFilterScanPOST Off
Mod Security2:
You cannot disable mod security in a .htaccess file here (it’s setup this way to enhance security). You have to turn off mod security in the VirtualHost of the domain in the Apache configuration file. Edit the configuration file:
vi /etc/httpd/conf/httpd.conf
scroll down to the VirtualHost of the domain and place the following lines:
SecRuleEngine Off
Save the configuration file and restart the Apache service.
service httpd restart
Id “c1″ respawning too fast: disabled for 5 minutes
You may see the tty device error messages like ‘/dev/tty1: cannot open as standard input: Permission denied’ in the server logs and many more like
Jan 10 xx:xx:xx [agetty] /dev/tty1: cannot open as standard input: Permission denied
Jan 10 xx:xx:xx [agetty] /dev/tty2: cannot open as standard input: Permission denied
Jan 10 xx:xx:xx [agetty] /dev/tty3: cannot open as standard input: Permission denied
Jan 10 xx:xx:xx [init] Id “c1″ respawning too fast: disabled for 5 minutes
Jan 10 xx:xx:xx [init] Id “c2″ respawning too fast: disabled for 5 minutes
Jan 10 xx:xx:xx [init] Id “c3″ respawning too fast: disabled for 5 minutes
The tty “Permission denied” error message is because of the misconfiguration in your /etc/inittab file in which case you have to edit the file and comment the agetty/getty lines. Login to your server as root and edit the file:
pico /etc/inittab
Search for the lines
c1:12345:respawn:/sbin/agetty 38400 tty1 linux
and comment the lines by placing a # in front of them.
Save the file and you won’t see the messages.
OR
you may try re-creating the terminals again from shell as root. Login to your server as root and execute the command:
/dev/makedev /dev/tty1
and replace 1 with 2,3,4,5,6,7 for other terminals and reboot the server.
Jan 10 xx:xx:xx [agetty] /dev/tty1: cannot open as standard input: Permission denied
Jan 10 xx:xx:xx [agetty] /dev/tty2: cannot open as standard input: Permission denied
Jan 10 xx:xx:xx [agetty] /dev/tty3: cannot open as standard input: Permission denied
Jan 10 xx:xx:xx [init] Id “c1″ respawning too fast: disabled for 5 minutes
Jan 10 xx:xx:xx [init] Id “c2″ respawning too fast: disabled for 5 minutes
Jan 10 xx:xx:xx [init] Id “c3″ respawning too fast: disabled for 5 minutes
The tty “Permission denied” error message is because of the misconfiguration in your /etc/inittab file in which case you have to edit the file and comment the agetty/getty lines. Login to your server as root and edit the file:
pico /etc/inittab
Search for the lines
c1:12345:respawn:/sbin/agetty 38400 tty1 linux
and comment the lines by placing a # in front of them.
Save the file and you won’t see the messages.
OR
you may try re-creating the terminals again from shell as root. Login to your server as root and execute the command:
/dev/makedev /dev/tty1
and replace 1 with 2,3,4,5,6,7 for other terminals and reboot the server.
How to create archives and compressed files?
How to create a .tar, .tar.gz and .tar.bz2 file?
# tar -cf example.tar example
# tar -zcf example.tar.gz example
# tar -jcf example.tar.bz2 example
root@server [~]# ll
drwxr-xr-x 2 root root 4096 Dec 6 07:02 example/
-rw-r–r– 1 root root 30720 Dec 6 08:11 example.tar
-rw-r–r– 1 root root 912 Dec 6 08:11 example.tar.bz2
-rw-r–r– 1 root root 659 Dec 6 08:11 example.tar.gz
How to extract a .tar, .tar.gz and .tar.bz2 file?
# tar -xf example.tar
# tar -zxf example.tar.gz
# tar -jxf example.tar.bz2
If you use ‘v’ switch in the above examples, it will display detail message during the command execution.
How to compress a file using zip, gzip and bzip2?
# zip file.zip file
# gzip file
# bzip2 file
root@server [~]# ll
-rw-r–r– 1 root root 14 Dec 6 08:16 file.bz2
-rw-r–r– 1 root root 25 Dec 6 08:15 file.gz
-rw-r–r– 1 root root 140 Dec 6 08:15 file.zip
How to extract zip, gzip and bzip2 compressed files?
# unzip file.zip
# gunzip file.gz
# bzip2 -d file.bz2
With gunzip and bzip2, the files will be extracted but you will no longer have the compressed file.
# tar -cf example.tar example
# tar -zcf example.tar.gz example
# tar -jcf example.tar.bz2 example
root@server [~]# ll
drwxr-xr-x 2 root root 4096 Dec 6 07:02 example/
-rw-r–r– 1 root root 30720 Dec 6 08:11 example.tar
-rw-r–r– 1 root root 912 Dec 6 08:11 example.tar.bz2
-rw-r–r– 1 root root 659 Dec 6 08:11 example.tar.gz
How to extract a .tar, .tar.gz and .tar.bz2 file?
# tar -xf example.tar
# tar -zxf example.tar.gz
# tar -jxf example.tar.bz2
If you use ‘v’ switch in the above examples, it will display detail message during the command execution.
How to compress a file using zip, gzip and bzip2?
# zip file.zip file
# gzip file
# bzip2 file
root@server [~]# ll
-rw-r–r– 1 root root 14 Dec 6 08:16 file.bz2
-rw-r–r– 1 root root 25 Dec 6 08:15 file.gz
-rw-r–r– 1 root root 140 Dec 6 08:15 file.zip
How to extract zip, gzip and bzip2 compressed files?
# unzip file.zip
# gunzip file.gz
# bzip2 -d file.bz2
With gunzip and bzip2, the files will be extracted but you will no longer have the compressed file.
How to check the version of Debian or Ubuntu OS?
How to check the version of Debian or Ubuntu OS?
To find out the version of Debian OS you are running, execute
# cat /etc/debian_version
There are 2 ways to find out the version of Ubuntu OS you are running.
1. Check the file /etc/issue and the output will be something like:
# cat /etc/issue
Debian GNU/Linux 5.x
2. Execute the lsb_release command:
# lsb_release -a
Distributor ID: Debian
Description: Debian GNU/Linux 5.x (lenny)
Release: 5.x
Codename: lenny
To find out the version of Debian OS you are running, execute
# cat /etc/debian_version
There are 2 ways to find out the version of Ubuntu OS you are running.
1. Check the file /etc/issue and the output will be something like:
# cat /etc/issue
Debian GNU/Linux 5.x
2. Execute the lsb_release command:
# lsb_release -a
Distributor ID: Debian
Description: Debian GNU/Linux 5.x (lenny)
Release: 5.x
Codename: lenny
What is .htaccess and how to disable .htaccess?
.htaccess is use to modify the way Apache behaves for a directory and it’s sub-directories. It gives you an extra control on your server, like setting up custom error messages, password protect a directory, writing rewrite rules, blocking IPs etc.
However, it can be a potentially dangerous file. For example, a hacker can redirect your website to an external website say a malware website.
In order to disable .htaccess server wide, edit the Apache configuration file
pico /etc/httpd/conf/httpd.conf
Search for
AllowOverride All
replace it with
AllowOverride None
Save the file and restart the Apache service.
service httpd restart
However, it can be a potentially dangerous file. For example, a hacker can redirect your website to an external website say a malware website.
In order to disable .htaccess server wide, edit the Apache configuration file
pico /etc/httpd/conf/httpd.conf
Search for
AllowOverride All
replace it with
AllowOverride None
Save the file and restart the Apache service.
service httpd restart
1 How to redirect a website using .htaccess?
=====================================================
How to redirect a website using .htaccess?
Redirect website http://mydomain.com to http://www.mynewdomain.com
RewriteEngine on
RewriteCond %{HTTP_HOST} ^mydomain\.com$
RewriteRule ^(.*)$ http://www.mynewdomain.com [R=301,L]
=====================================================
Redirect website mydomain.com with and without www requests to http://www.mynewdomain.com
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.mydomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^mydomain\.com$
RewriteRule ^(.*)$ http://www.mynewdomain.com [R=301,L]
=======================================================
Redirect requests from http://mydomain.com to http://mydomain.com/subdirectory i.e. redirecting requests from main domain to a sub-directory.
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.mydomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^mydomain\.com$
RewriteRule ^(.*)$ http://www.mydomain.com/subdirectory/ [R=301,L]
====================================================
Redirect all http (80) requests of a domain to https (443) i.e. redirecting requests from non-secure port to a secure port.
RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://mydomain.com/$1 [R,L]
===================================================
How to redirect a website using .htaccess?
Redirect website http://mydomain.com to http://www.mynewdomain.com
RewriteEngine on
RewriteCond %{HTTP_HOST} ^mydomain\.com$
RewriteRule ^(.*)$ http://www.mynewdomain.com [R=301,L]
=====================================================
Redirect website mydomain.com with and without www requests to http://www.mynewdomain.com
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.mydomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^mydomain\.com$
RewriteRule ^(.*)$ http://www.mynewdomain.com [R=301,L]
=======================================================
Redirect requests from http://mydomain.com to http://mydomain.com/subdirectory i.e. redirecting requests from main domain to a sub-directory.
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.mydomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^mydomain\.com$
RewriteRule ^(.*)$ http://www.mydomain.com/subdirectory/ [R=301,L]
====================================================
Redirect all http (80) requests of a domain to https (443) i.e. redirecting requests from non-secure port to a secure port.
RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://mydomain.com/$1 [R,L]
===================================================
Informative websites
http://www.hostv.com/tutorials.shtml
http://www.crucialp.com/site/help.php
http://linuxhostingsupport.net/blog/?cat=3
http://www.crucialp.com/site/help.php
http://linuxhostingsupport.net/blog/?cat=3
csf installation error
[root@server22 csf]# sh install.sh
Configuring for OS
Checking for perl modulesfailed
You need to install the LWP perl module (libwww-perl) and then install csf
[root@server22 csf]#
To fix the error, install libwww-perl
yum install perl-libwww-perl
Configuring for OS
Checking for perl modulesfailed
You need to install the LWP perl module (libwww-perl) and then install csf
[root@server22 csf]#
To fix the error, install libwww-perl
yum install perl-libwww-perl
Sunday, January 24, 2010
wordpress permalinks empty
In wordpress admin permalinks shows empty
==================
Solution:
There was an issue with the pdo_sqlite PHP module, it does not properly work with PHP 5.3. There is still a bug report open at php.net for this issue.
===============
So disable pdo_sqlite.so i.e
vi /usr/local/lib/php.ini
disable ollowing line
;extension=pdo_sqlite.so
==================
Solution:
There was an issue with the pdo_sqlite PHP module, it does not properly work with PHP 5.3. There is still a bug report open at php.net for this issue.
===============
So disable pdo_sqlite.so i.e
vi /usr/local/lib/php.ini
disable ollowing line
;extension=pdo_sqlite.so
Tuesday, January 19, 2010
Connecting to pop3 via konsole
ibin@114:~$ telnet 74.81.173.125 110
Trying 74.81.173.125...
Connected to 74.81.173.125.
Escape character is '^]'.
+OK Dovecot ready.
USER test@123anddone.com
+OK
PASS test
+OK Logged in.
quit
+OK Logging out.
Connection closed by foreign host.
jibin@114:~$
Trying 74.81.173.125...
Connected to 74.81.173.125.
Escape character is '^]'.
+OK Dovecot ready.
USER test@123anddone.com
+OK
PASS test
+OK Logged in.
quit
+OK Logging out.
Connection closed by foreign host.
jibin@114:~$
Unable to add email forwarder
got this error when we are trying to add email forwarder
Fatal! Write Failure: /etc/valiases/sinfullbakery.com. Ignore any messages of success this can only result in failure!
solution:
Generally the ownership and/or permissions on the file "/etc/valiases/domain.com" are INCORRECT. You can fix this by running following simple command or cPanel script.
root@firefly [~]#cd /etc/valiases/
root@Server [~]#chown username:mail /etc/valiases/domain.com
Fatal! Write Failure: /etc/valiases/sinfullbakery.com. Ignore any messages of success this can only result in failure!
solution:
Generally the ownership and/or permissions on the file "/etc/valiases/domain.com" are INCORRECT. You can fix this by running following simple command or cPanel script.
root@firefly [~]#cd /etc/valiases/
root@Server [~]#chown username:mail /etc/valiases/domain.com
Unable to enter into vps node
Unable to open pty: No such file or directory
You may receive the following message on entering a VPS:
# vzctl enter 101
enter into VE 101 failed
Unable to open pty: No such file or directory
The reason behind this is the missing tty/pty files . You can create it using the MAKEDEV program, execute the following commands on the host server ( main node ).
# vzctl exec VEID /sbin/MAKEDEV tty
# vzctl exec VEID /sbin/MAKEDEV pty
Replace VEID with your actual vps id . In our example its 101 .
Restart vps .
#vzctl restart VEID
Thats a temporary fix. To Fix this issue permanently follow the below steps after entering to your vps client node (101 in our case) .
1) #vzctl enter VEID
2) Edit the file /etc/rc.sysinit
3) Comment the line
#/sbin/start_udev
4) Add the following lines after /sbin/start_udev:
/sbin/MAKEDEV tty
/sbin/MAKEDEV pty
5) Reboot your VPS client node .
vzctl restart VEID
You can also access the file /etc/rc.sysinit for the node 101 from the main VPS node . It should be from /vz/private/VEID/etc/rc.sysinit .
You can also try the below steps by updating the startup files
# vzctl exec VEID update-rc.d -f udev remove
# vzctl restart veid
Above fixes may not work for ubuntu servers . In that case you can try the below command
# vzctl exec VEID ‘dpkg –force-depends –purge udev’
You may receive the following message on entering a VPS:
# vzctl enter 101
enter into VE 101 failed
Unable to open pty: No such file or directory
The reason behind this is the missing tty/pty files . You can create it using the MAKEDEV program, execute the following commands on the host server ( main node ).
# vzctl exec VEID /sbin/MAKEDEV tty
# vzctl exec VEID /sbin/MAKEDEV pty
Replace VEID with your actual vps id . In our example its 101 .
Restart vps .
#vzctl restart VEID
Thats a temporary fix. To Fix this issue permanently follow the below steps after entering to your vps client node (101 in our case) .
1) #vzctl enter VEID
2) Edit the file /etc/rc.sysinit
3) Comment the line
#/sbin/start_udev
4) Add the following lines after /sbin/start_udev:
/sbin/MAKEDEV tty
/sbin/MAKEDEV pty
5) Reboot your VPS client node .
vzctl restart VEID
You can also access the file /etc/rc.sysinit for the node 101 from the main VPS node . It should be from /vz/private/VEID/etc/rc.sysinit .
You can also try the below steps by updating the startup files
# vzctl exec VEID update-rc.d -f udev remove
# vzctl restart veid
Above fixes may not work for ubuntu servers . In that case you can try the below command
# vzctl exec VEID ‘dpkg –force-depends –purge udev’
Thursday, January 7, 2010
Addon domain creation problem
ERROR:
============
Error from park wrapper: Using nameservers with the following IPs: xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx. Sorry, the domain is already pointed to an IP address that does not appear to use DNS servers associated with this server. Please transfer the domain to this servers nameservers or have your administrator add one of its nameservers to /etc/ips.remotedns and make the proper A entries on that remote nameserver.
============
Solution:
go to whm>> twaek settings >> Allow Creation of Parked/Addon Domains that resolve to other servers (i.e. domain transfers) [This can be a major security problem. If you must have it enabled, be sure to not allow users to park common internet domains.]
Check this option this will fix your problem
============
Error from park wrapper: Using nameservers with the following IPs: xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx. Sorry, the domain is already pointed to an IP address that does not appear to use DNS servers associated with this server. Please transfer the domain to this servers nameservers or have your administrator add one of its nameservers to /etc/ips.remotedns and make the proper A entries on that remote nameserver.
============
Solution:
go to whm>> twaek settings >> Allow Creation of Parked/Addon Domains that resolve to other servers (i.e. domain transfers) [This can be a major security problem. If you must have it enabled, be sure to not allow users to park common internet domains.]
Check this option this will fix your problem
Subscribe to:
Posts (Atom)