display cronjob of all users

3 02 2010 
for user in $(cut -f1 -d: /etc/passwd); do crontab -u $user -l; done

Comments : 1 Comment »

Categories : Scripts

Drop Sync/DDOS Attack

25 10 2009

1. Find.. to which IP address in the server is targeted by the ddos attack

netstat -plan  | grep  :80 | awk ‘{print $4}’ | cut -d: -f1 |sort |uniq -c

2. Find… from which IPs, the attack is coming

netstat -plan  | grep  :80 | awk ‘{print $5}’ | cut -d: -f1 |sort |uniq -c

In csf:

vi /etc/csf/csf.conf

SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit strict, like
SYNFLOOD_RATE = “5/s”
SYNFLOOD_BURST = “3″
my eg:
SYNFLOOD = “1″
SYNFLOOD_RATE = “30/s”
SYNFLOOD_BURST = “10″

SYNFLOOD

SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit strict, like

SYNFLOOD = “1″

SYNFLOOD_RATE = “30/s”

SYNFLOOD_BURST = “10″

i.e. if 30 connections are received from an IP/sec for 10 times, block it. Make sure don’t keep it too strict if you are not receiving an attack else it will generate false positives and will block legit connections.

PORTFLOOD

PORTFLOOD = 80;tcp;100;5,22;tcp;5;300

ie, If an IP makes 100 connections in 5 sec to port 80 (tcp), then it will be blocked from the server and if 5 connections in 300 sec to 22 port.


In /etc/sysctl.conf

Paste the following into the file, you can overwrite the current information.

#Kernel sysctl configuration file for Red Hat Linux

#

# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and

# sysctl.conf(5) for more details.


# Disables packet forwarding

net.ipv4.ip_forward=0


# Disables IP source routing

net.ipv4.conf.all.accept_source_route = 0

net.ipv4.conf.lo.accept_source_route = 0

net.ipv4.conf.eth0.accept_source_route = 0

net.ipv4.conf.default.accept_source_route = 0


# Enable IP spoofing protection, turn on source route verification

net.ipv4.conf.all.rp_filter = 1

net.ipv4.conf.lo.rp_filter = 1

net.ipv4.conf.eth0.rp_filter = 1

net.ipv4.conf.default.rp_filter = 1


# Disable ICMP Redirect Acceptance

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.lo.accept_redirects = 0

net.ipv4.conf.eth0.accept_redirects = 0

net.ipv4.conf.default.accept_redirects = 0


# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets

net.ipv4.conf.all.log_martians = 0

net.ipv4.conf.lo.log_martians = 0

net.ipv4.conf.eth0.log_martians = 0


# Disables IP source routing

net.ipv4.conf.all.accept_source_route = 0

net.ipv4.conf.lo.accept_source_route = 0

net.ipv4.conf.eth0.accept_source_route = 0

net.ipv4.conf.default.accept_source_route = 0


# Enable IP spoofing protection, turn on source route verification

net.ipv4.conf.all.rp_filter = 1

net.ipv4.conf.lo.rp_filter = 1

net.ipv4.conf.eth0.rp_filter = 1

net.ipv4.conf.default.rp_filter = 1


# Disable ICMP Redirect Acceptance

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.lo.accept_redirects = 0

net.ipv4.conf.eth0.accept_redirects = 0

net.ipv4.conf.default.accept_redirects = 0


# Disables the magic-sysrq key

kernel.sysrq = 0


# Decrease the time default value for tcp_fin_timeout connection

net.ipv4.tcp_fin_timeout = 15


# Decrease the time default value for tcp_keepalive_time connection

net.ipv4.tcp_keepalive_time = 1800


# Turn off the tcp_window_scaling

net.ipv4.tcp_window_scaling = 0


# Turn off the tcp_sack

net.ipv4.tcp_sack = 0


# Turn off the tcp_timestamps

net.ipv4.tcp_timestamps = 0


# Enable TCP SYN Cookie Protection

net.ipv4.tcp_syncookies = 1


# Enable ignoring broadcasts request

net.ipv4.icmp_echo_ignore_broadcasts = 1


# Enable bad error message Protection

net.ipv4.icmp_ignore_bogus_error_responses = 1


# Log Spoofed Packets, Source Routed Packets, Redirect Packets

net.ipv4.conf.all.log_martians = 1


# Increases the size of the socket queue (effectively, q0).

net.ipv4.tcp_max_syn_backlog = 1024


# Increase the tcp-time-wait buckets pool size

net.ipv4.tcp_max_tw_buckets = 1440000


# Allowed local port range

net.ipv4.ip_local_port_range = 16384 65536


Run /sbin/sysctl -p and sysctl -w net.ipv4.route.flush=1 to enable the changes without a reboot.


TCP Syncookies

echo 1 > /proc/sys/net/ipv4/tcp_syncookies


Some IPTABLES Rules:

iptables -A INPUT -p tcp –syn -m limit –limit 1/s –limit-burst 3 -j RETURN


iptables -A INPUT -p tcp –syn -m state –state ESTABLISHED,RELATED –dport 80 -m limit –limit 1/s –limit-burst 2 -j ACCEPT


Comments : 3 Comments »

Categories : Issues, linux, Scripts, Server Security

Script for replacing a string in multiple files

24 10 2009

for y in `ls | grep .html`;
do sed “s/abc/xyz/g” $y > temp; mv -f temp $y;
done


Comments : 1 Comment »

Categories : Issues, linux, Scripts

Hiding redirect url

8 07 2009

Create an index.html file :

<frameset rows=”100%”>
<frame src=”http://linuxstuffs.wordpress.com/”&gt;
</frameset>
<noframes>
<body>Please follow <a href=”http://linuxstuffs.wordpress.com/”>link</a&gt;!</body>
</noframes>


Comments : Leave a Comment »

Categories : General discussions, Issues, Scripts

Script used to transfer account from cpanel server

3 07 2009 
#!/bin/bash

ls -1 /var/cpanel/users > /root/user_list

PORT="22"

ssh-keygen -t dsa

KEY=`cat /root/.ssh/id_dsa.pub`

ssh $1 -p$PORT "mkdir -p /root/.ssh;echo ${KEY} >> /root/.ssh/authorized_keys" 2>&1
scp /var/cpanel/packages/* $1:/var/cpanel/packages/

for user in $(cat /root/user_list);do /scripts/pkgacct $user;done
scp /home/user_list $1:/home
scp /home/cpmove* $1:/home

Comments : Leave a Comment »

Categories : Cpanel, Scripts, Server Setup

Script used to correct permission of files after suphp

29 06 2009

#!/bin/bash

# For some stupid reason, cPanel screws up the directory permissions.
chmod 755 /opt/suphp
find /opt/suphp -type d -exec chmod 755 {} \;

# Ensure that the permissions are sane and won’t cause a 500 error.
for user in `/bin/ls /var/cpanel/users`; do

chown -R ${user}:${user} /home/${user}/public_html
chmod 755 /home/${user}/public_html
find /home/${user}/public_html -name “*.php” -exec chmod 644 {} \;
find /home/${user}/public_html -type d -exec chmod 755 {} \;

# Comment out Joomla-installed PHP overrides that are not compatible with suPHP.
find /home/${user}/public_html -name ‘.htaccess’ -exec sed -i -e ‘s/php_value/#php_value/’ {} \;
find /home/${user}/public_html -name ‘.htaccess’ -exec sed -i -e ‘s/php_flag/#php_flag/’ {} \;
done

# Delete former session variables due to suPHP no longer having permission to them.
rm -rf /tmp/sess_*


Comments : 1 Comment »

Categories : Cpanel, Issues, Scripts, Server Security

Script used to find vulnerable php files

29 06 2009

#!/bin/bash

shellpattern=’r0nin|m0rtix|upl0ad|r57|c99|shellbot|phpshell|void\.ru|phpremoteview|directmail|bash_history|vulnscan|spymeta|raslan58′

for user in `/bin/ls /var/cpanel/users`
do
find /home/$user/public_html \( -name ‘*.php’ -o -name ‘*.cgi’ -o -name ‘*.inc’ \) -exec \
egrep -il “$shellpattern” {} \;
done


Comments : 1 Comment »

Categories : Issues, Scripts, Server Security

Stats not working in Plesk

28 06 2009

Create the following cron:

————————————————————————————————

9,24,39,54  * * * * /usr/local/psa/admin/sbin/backupmng >/dev/null 2>&1
10 1 * * * /usr/local/psa/admin/sbin/statistics >/dev/null 2>&1
10 1 * * * /usr/local/psa/admin/sbin/statistics –calculate-one –domain-name=xxx.com

————————————————————————————————

and run the script for checking :

/usr/local/psa/admin/sbin/statistics –calculate-one –domain-name=xxx.com

where xxx.com is your domainname.com


Comments : Leave a Comment »

Categories : Issues, Plesk, Scripts, Third party softwares

Red5 installation

26 06 2009

cd /root

vi red5install

copy paste the below script

echo " "
echo "Hello ,Please choose  the RED5 version : (1,2,3 or 4)"
echo " "
echo "1.  RED5 0.7.0"
echo "2.  RED5 0.6.3"
echo "3.  RED5 0.5  "
echo "                     Press Any other key to install 1. RED5 0.7.0"
read ver
cd /usr/src
echo ""
echo ""
echo "Downloading and installing   jpackage utils rpm......."
echo ""
echo ""
wget -c --tries=inf http://mirrors.dotsrc.org/jpackage/1.7/generic/free/RPMS/jpackage-utils-1.7.5-1jpp.noarch.rpm
rpm -Uvh jpackage-utils-1.7.5-1jpp.noarch.rpm
echo ""
echo ""
echo "Downloading and installing   JDK 1.6 update 5 ..........."
echo ""
echo ""
wget -c --tries=inf http://69.72.132.53/jdk-6u5-linux-i586.rpm
rpm -Uvh jdk-6u5-linux-i586.rpm
echo ""
echo ""
echo "Downloading and installing   Apache Ant 1.7  ..........."
echo ""
echo ""
wget -c --tries=inf http://archive.apache.org/dist/ant/binaries/apache-ant-1.7.0-bin.tar.gz
tar -xzvf apache-ant-1.7.0-bin.tar.gz
mv apache-ant-1.7.0 /usr/local/ant
echo ""
echo ""
echo "Exporting Paths and Variables for Ant  ..........."
echo ""
echo ""
echo 'export PATH=$PATH:/usr/local/ant/bin'>>/etc/profile
echo 'export ANT_HOME=/usr/local/ant'>>/etc/profile
export PATH=$PATH:/usr/local/ant/bin
export ANT_HOME=/usr/local/ant
echo ""
echo ""
echo "Downloading and installing   RED 5  ..........."
echo ""
echo ""
case $ver in
2)
wget -c --tries=inf http://dl.fancycode.com/red5/0.6.3/src/red5-0.6.3.tar.gz
tar -xzvf red5-0.6.3.tar.gz
mv red5-0.6.3 /usr/local/red;;
3)
wget -c --tries=inf http://dl.fancycode.com/red5/red5-0.5.tar.gz
tar -xzvf red5-0.5.tar.gz
mv red5-0.5 /usr/local/red;;
1|*)
wget -c --tries=inf http://red5.nl/installer/red5-0.7.0.tar.gz
mkdir red5
mv red5-0.7.0.tar.gz red5/
cd red5
tar -xzvf red5-0.7.0.tar.gz
rm -rf red5-0.7.0.tar.gz
cd ..
mv red5 /usr/local/red;;
esac
wget -c --tries=inf http://linuxstuffs.net/red5
mv red5 /etc/init.d/
chmod 755 /etc/init.d/red5
cd /usr/local/red
chmod 755 red5.sh
ant -v
./red5.sh

chmod 755 red5install

./red5install

Its done !!!

—————————————————————————————————–

if  http://linuxstuffs.net/red5 doesn’t work, please use the following method.

cd /etc/init.d/
touch red5
chmod 755 red5
vi red5

----------------------------------------------------------


RED5_DIR=/opt/red5
test -x $RED5_DIR/red5.sh || exit 5

case "$1" in
    start)
        echo -n "Starting Red5 Service"
        echo -n " "
        cd $RED5_DIR
        su -s /bin/bash -c "$RED5_DIR/red5.sh &" red5
        sleep 2
        ;;
    stop)
        echo -n "Shutting down red5"
        echo -n " "
        su -s /bin/bash -c "killall -q -u red5 java" red5
        sleep 2
        ;;
    restart)
        $0 stop
        $0 start
        ;;
esac
----------------------------------------------------------

Then you can simply start, stop, and restart red5 from that script by typing:

/etc/init.d/red5 start


/etc/init.d/red5 stop
/etc/init.d/red5 restart

Comments : 3 Comments »

Categories : General discussions, Scripts, Server Setup, Third party softwares

Run CGI scripts anywhere in the server + Plesk

23 05 2009

Server wide :

cd /etc/httpd/conf/

cp -p httpd.conf httpd.conf.bak

vi httpd.conf

uncomment AddHandler cgi-script .cgi

service httpd restart

or
1. create an .htaccess file in your cgi-bin directory, that file should have the following

AddType text/x-server-parsed-html .html
AddType application/x-httpd-cgi .cgi .pl

Make sure you upload it in ASCII format, not binary.

2 set the permissions on your scripts correctly.. usually to 755


Comments : Leave a Comment »

Categories : Apache, Issues, Plesk, Scripts

« Previous Entries


Follow

Get every new post delivered to your Inbox.