for user in $(cut -f1 -d: /etc/passwd); do crontab -u $user -l; donedisplay cronjob of all users
3 02 2010Comments : Leave a Comment »
Categories : Scripts
Resize /tmp
10 01 2010service chkservd stop
service httpd stop
service mysql stop
service postgresql stop
lsof | grep /tmp
kill the process
umount /var/tmp
umount /tmp
replace “256000″ “512000″ — /scripts/securetmp
rm -rf /usr/tmpDSK
/scripts/securetmp –auto
cd /tmp
ln -s /var/lib/mysql/mysql.sock
service postgresql start
service mysql start
service httpd start
service chkservd start
Comments : Leave a Comment »
Categories : Cpanel, Issues, Server Setup
Plesk Tutorial
27 12 2009I just found a great tutorial of plesk control panel.
Here is the link:
Comments : Leave a Comment »
Categories : Plesk
Upgrade Python to 3.1
18 11 2009cd /usr/local/src
wget http://www.python.org/ftp/python/3.1.1/Python-3.1.1.tar.bz2
tar -jxvf Python-3.1.1.tar.bz2
cd Python-3.1.1
./configure
make
make install
Now move /usr/bin/python /usr/bin/python.bk
then create symlink :
ln -s /usr/local/bin/python3 /usr/bin/python
check python -V
Comments : Leave a Comment »
Categories : Issues, Server Setup, Third party softwares, linux
Drop Sync/DDOS Attack
25 10 20091. Find.. to which IP address in the server is targeted by the ddos attack
netstat -plan | grep :80 | awk ‘{print $4}’ | cut -d: -f1 |sort |uniq -c
2. Find… from which IPs, the attack is coming
netstat -plan | grep :80 | awk ‘{print $5}’ | cut -d: -f1 |sort |uniq -c
In csf:
vi /etc/csf/csf.conf
SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit strict, like
SYNFLOOD_RATE = “5/s”
SYNFLOOD_BURST = “3″
my eg:
SYNFLOOD = “1″
SYNFLOOD_RATE = “30/s”
SYNFLOOD_BURST = “10″
SYNFLOOD
SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit strict, like
SYNFLOOD = “1″
SYNFLOOD_RATE = “30/s”
SYNFLOOD_BURST = “10″
i.e. if 30 connections are received from an IP/sec for 10 times, block it. Make sure don’t keep it too strict if you are not receiving an attack else it will generate false positives and will block legit connections.
PORTFLOOD
PORTFLOOD = 80;tcp;100;5,22;tcp;5;300
ie, If an IP makes 100 connections in 5 sec to port 80 (tcp), then it will be blocked from the server and if 5 connections in 300 sec to 22 port.
In /etc/sysctl.conf
Paste the following into the file, you can overwrite the current information.
#Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Disables packet forwarding
net.ipv4.ip_forward=0
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Disables the magic-sysrq key
kernel.sysrq = 0
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800
# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0
# Turn off the tcp_sack
net.ipv4.tcp_sack = 0
# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024
# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000
# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536
Run /sbin/sysctl -p and sysctl -w net.ipv4.route.flush=1 to enable the changes without a reboot.
TCP Syncookies
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
Some IPTABLES Rules:
iptables -A INPUT -p tcp –syn -m limit –limit 1/s –limit-burst 3 -j RETURN
iptables -A INPUT -p tcp –syn -m state –state ESTABLISHED,RELATED –dport 80 -m limit –limit 1/s –limit-burst 2 -j ACCEPT
Comments : 1 Comment »
Categories : Issues, Scripts, Server Security, linux
Script for replacing a string in multiple files
24 10 2009for y in `ls | grep .html`;
do sed “s/abc/xyz/g” $y > temp; mv -f temp $y;
done
Comments : Leave a Comment »
Categories : Issues, Scripts, linux
How to Boot second kernel if first fails
6 10 2009Reference : http://www.linux-noob.com/forums/index.php?/topic/2928-grub-single-boot-and-kernel-panic-reboot/
If for example your grub.conf looks like the one i have below. This boots into the 2.6.20-1.2944 by default.
default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title Fedora Core (2.6.20-1.2944.fc6) root (hd0,0) kernel /vmlinuz-2.6.20-1.2944.fc6 ro root=LABEL=/ acpi=off initrd /initrd-2.6.20-1.2944.fc6.img title Fedora Core root (hd0,0) kernel /vmlinuz-2.6.20 ro root=LABEL=/ acpi=off initrd /initrd-2.6.20.img
If you want to have it so that 2.6.20 boots on next boot, run the following command from the console before rebooting.
echo “savedefault –default=1 –once” | grub –batch
then
reboot
Now, if you have a kernel that panics and need it to reboot if it panics. change your config and add the panic=# (# being seconds before auto reboot) to the kernel line. Example file below
default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title Fedora Core (2.6.20-1.2944.fc6) root (hd0,0) kernel /vmlinuz-2.6.20-1.2944.fc6 ro root=LABEL=/ acpi=off panic=5 initrd /initrd-2.6.20-1.2944.fc6.img title Fedora Core (2.6.20) root (hd0,0) kernel /vmlinuz-2.6.20 ro root=LABEL=/ acpi=off panic=5 initrd /initrd-2.6.20.img
so the order of operations on this are as follows.
1.) Add new kernel to grub.conf
2.) set default=# in grub.conf to the failsafe kernel (the one you want it to try if the other fails)
3.) run the following:
echo “savedefault –default=1 –once” | grub –batch
4.) reboot
Copied from : http://www.linux-noob.com/forums/index.php?/topic/2928-grub-single-boot-and-kernel-panic-reboot/
Comments : 1 Comment »
Categories : Issues, Server Setup, linux
Difference between Xen and Open VZ
16 09 2009I just found a great article that discussed about the difference between xen and open vz. Here is the link.
Comments : Leave a Comment »
Categories : General discussions, VPS
Sender verify defer + host lookup did not complete
7 09 2009Login to WHM >> Main >> Service Configuration >> Exim Configuration Editor .
Uncheck the option:
Sender Verification
If it doesn’t help, reset ALL EXIM configuration to default and try again.
Comments : Leave a Comment »
Categories : Cpanel, Issues, Mail
Install Zend Optimizer
7 09 2009cd /usr/local/src
check latest zendoptimizer
wget http://www.eth0.us/files/ZendOptimizer-3.0.1-linux-glibc21-i386.tar.gz
tar -zxf ZendOptimizer-3.0.1-linux-glibc21-i386.tar.gz
cd ZendOptimizer-3.0.1-linux-glibc21-i386
./install
If u still receiving “Zend Optimizer Not Installed” error page, then
SELinux is interfering with Apache’s attempt to access the .so file.
So do this commands
#chcon -t texrel_shlib_t path_of_ZendOptimizer.so (/usr/local/Zend/ZendOptimizer.so)
#execstack -c path_of_ZendOptimizer.so (/usr/local/Zend/ZendOptimizer.so)
#setenforce 0
#getenforce
then restart httpd and check.
If the issue still persist,
vi /etc/selinux/config
SELINUX=disabled
then reboot the server
cd /usr/local/src
check latest zendoptimizer
wget http://www.eth0.us/files/ZendOptimizer-3.0.1-linux-glibc21-i386.tar.gz
tar -zxf ZendOptimizer-3.0.1-linux-glibc21-i386.tar.gz
cd ZendOptimizer-3.0.1-linux-glibc21-i386
./install
If u still receiving “Zend Optimizer Not Installed” error page, then
SELinux is interfering with Apache’s attempt to access the .so file.
So do this commands
#chcon -t texrel_shlib_t path_of_ZendOptimizer.so (/usr/local/Zend/ZendOptimizer.so)
#execstack -c path_of_ZendOptimizer.so (/usr/local/Zend/ZendOptimizer.so)
#setenforce 0
#getenforce
then restart httpd and check.
If the issue still persist,
vi /etc/selinux/config
SELINUX=disabled
then reboot the server
Comments : Leave a Comment »
Categories : Apache, Issues, Php
Recent Comments