Monday, 31 August 2009

Shell script to copy all files recursively and upload them to remote FTP server

#!/bin/bash
# Shell script to copy all files recursively and upload them to
# remote FTP server (copy local all directories/tree to remote ftp server)

# If you want to use this script in cron then make sure you have
# file pointed by $AUTHFILE (see below) and add lines to it:
# host ftp.myxyz.com
# user myftpuser
# pass mypassword
#
#!/bin/bash
# Shell script to copy all files recursively and upload them to
# remote FTP server (copy local all directories/tree to remote ftp server)
#
# If you want to use this script in cron then make sure you have
# file pointed by $AUTHFILE (see below) and add lines to it:
# host ftp.mycorp.com
# user myftpuser
# pass mypassword
#
# This is a free shell script under GNU GPL version 2.0 or above
# Copyright (C) 2005 nixCraft
# Feedback/comment/suggestions : http://cyberciti.biz/fb/
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------

FTP="/usr/bin/ncftpput"
CMD=""
AUTHFILE="/root/.myupload"

if [ -f $AUTHFILE ] ; then
# use the file for auth
CMD="$FTP -m -R -f $AUTHFILE $myf $remotedir $localdir"
else
echo "*** To terminate at any point hit [ CTRL + C ] ***"
read -p "Enter ftpserver name : " myf
read -p "Enter ftp username : " myu
read -s -p "Enter ftp password : " myp
echo ""
read -p "Enter ftp remote directory [/] : " remotedir
read -p "Enter local directory to upload path [.] : " localdir
[ "$remotedir" == "" ] && remotedir="/" || :
[ "$localdir" == "" ] && localdir="." || :
CMD="$FTP -m -R -u $myu -p $myp $myf $remotedir $localdir"
fi

$CMD

HOw to install MySQL Performance Tuning Primer Script

using the performance of MySQL can be a really hard job to do.
There are many thinks to consider and no two servers are identical so there is no universal solution.
Tuning Primer is a script that will help you tune your mysql installation by providing very healthy recommendations based on past mysql records.
For the script to be efficient you must run the mysql server for at least 48 hours.

Installation is extremely simple:

Download The Script

wget http://day32.com/MySQL/tuning-primer.sh

Change the permissions for the file

chmod 755 tuning-primer.sh

Run It
./tuning-primer.sh

# Apply the sugesttions

How to configure Sundry MySQL Scripts and Docs

Found This Script Works Perfect!

How to install & use Flash, Java, Real Player 32 bit plugins under 64 bit Firefox

Recently I found nspluginwrapper which allows to use 32bit plugins on a 64bit Firefox browser using nspluginwrapper.


It is an Open Source compatibility plugin for Netscape 4 (NPAPI) plugins. That is, it enables you to use plugins on platforms they were not built for. For example, you can following plugin on Linux/x86_64 , NetBSD and FreeBSD platforms:
=> Acrobat Reader (v5.0.9, v7.0.1)
=> DejaVu Libre (v3.5.14)
=> Flash Player (v7.0, v9.0)
=> Linux JPEG 2000 (v0.0.2)
=> Mplayerplug-in (v2.80, v3.25)
=> Real Player (v10.0.5)


Note that following instruction are tested on 64 bit Fedora Core and RHEL 5 only. See below for Debian/Ubuntu Linux specific instructions.



Download link


You can download this software from official site.



Installation


Use wget command to download software:
$ wget http://gwenole.beauchesne.info/projects/nspluginwrapper/files/nspluginwrapper-0.9.91.3-1.x86_64.rpm
$ wget http://gwenole.beauchesne.info/projects/nspluginwrapper/files/nspluginwrapper-i386-0.9.91.3-1.x86_64.rpm



Requirements


a) Make sure Firefox is not running.
b) Make sure you have downloaded and installed required 32 bit plugins such as Flash, Acrobat etc


You need to install gtk2.i386 using yum command:
# yum gtk2.i386


Use rpm command to install package:
# rpm -ivh nspluginwrapper-i386-0.9.91.3-1.x86_64.rpm nspluginwrapper-0.9.91.3-1.x86_64.rpm


Note that you need to install both the Plugin and the Viewer for correct operation.



How do I use this software?


Once installed simply run nspluginwrapper command. For example install wrapper for Flash player 9:
# nspluginwrapper -i /usr/lib/mozilla/plugins/libflashplayer.so


You can remove wrapper using –r switch:
# nspluginwrapper -r /usr/lib64/mozilla/plugins/npwrapper.libflashplayer.so


Under Fedora Core and RHEL 5/Debian/Ubuntu Linux you will find all 64 bit libs under /usr/lib64 and 32 bit under /usr/lib directory.


You can also update all plugins
# nspluginwrapper -v -a -u

rpm command cheat sheet for Linux

rpm is a powerful Package Manager for Red Hat, Suse and Fedora Linux. It can be used to build, install, query, verify, update, and remove/erase individual software packages. A Package consists of an archive of files, and package information, including name, version, and description:






























































SyntaxDescriptionExample(s)
rpm -ivh {rpm-file}Install the packagerpm -ivh mozilla-mail-1.7.5-17.i586.rpm
rpm -ivh --test mozilla-mail-1.7.5-17.i586.rpm
rpm -Uvh {rpm-file}Upgrade packagerpm -Uvh mozilla-mail-1.7.6-12.i586.rpm
rpm -Uvh --test mozilla-mail-1.7.6-12.i586.rpm
rpm -ev {package}Erase/remove/ an installed packagerpm -ev mozilla-mail
rpm -ev --nodeps {package}Erase/remove/ an installed package without checking for dependenciesrpm -ev --nodeps mozilla-mail
rpm -qaDisplay list all installed packagesrpm -qa
rpm -qa | less
rpm -qi {package}Display installed information along with package version and short descriptionrpm -qi mozilla-mail
rpm -qf {/path/to/file}Find out what package a file belongs to i.e. find what package owns the filerpm -qf /etc/passwd
rpm -qf /bin/bash
rpm -qc {pacakge-name}Display list of configuration file(s) for a packagerpm -qc httpd
rpm -qcf {/path/to/file}Display list of configuration files for a commandrpm -qcf /usr/X11R6/bin/xeyes
rpm -qa --lastDisplay list of all recently installed RPMsrpm -qa --last
rpm -qa --last | less
rpm -qpR {.rpm-file}
rpm -qR {package}
Find out what dependencies a rpm file hasrpm -qpR mediawiki-1.4rc1-4.i586.rpm
rpm -qR bash

{package} - Replace with actual package name

How to install Flash on Linux 64 bit

You can easily install Flash on 64 bit Firefox and 64 bit Linux desktop operating systems. Adobe does not provides native 64 bit edition for Linux. Please use following links to install Flash on Linux 64 bit system


a] Install Flash 10 Under Ubuntu Linux 64 bit Edition


b] Install Flash 10 under Fedora Core, CentOS and RHEL 5 64 bit edition

how to install Yum

yum is software installation tool for Red hat linux and Fedora Linux. It is a complete software management system. Other option is to use up2date utility. yum is designed to use over network/internet.

If you don't have yum then download it from project home page yum - Trac

To install fire the command

# rpm -ivh yup*

Step # 1: Configure yum

You need to edit /etc/yum.conf and modify/add following code to it:

vi /etc/yum.conf

Append or edit code as follows:

[base]

name=Fedora Core $releasever - $basearch - Base

baseurl=http://apt.sw.be/fedora/$releasever/en/$basearch/dag

baseurl=http://mirrors.kernel.org/fedora/core/$releasever/$basearch/os

Save the file

Install GPG signature key with rpm command:

# rpm --import http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt

and other keys too (if any using above command)

Step # 2 Update your package list:

# yum check-update

Step # 3 start to use yum

Install a new package called foo

# yum install foo

To update packages

# yum update

To update a single package called bar

# yum update bar

To remove a package called telnet

# yum remove telnet

To list all packages

# yum list installed

You can search using grep command

# yum list installed | grep samba

Display information on a package called foo

# yum info foo

To display list of packages for which updates are available

# yum list updates

How to backup the Plesk server

The following procedure makes a complete backup of Plesk. The backup includes the domain and account structures, domain names, email accounts.1. You would need to log into the server through ssh.

2. Change into a directory were you would like the backup of Plesk to be saved. In this example I have made a directory called backup and changed into this directory

# mkdir home/backup

# cd home/backup/

3. Type the following the command to start the Plesk backup procedure. This would make a complete backup (-F), to the directory location /home/backup (-f)


# /usr/local/psa/bin/psadump -F -f /home/backup/

You will see the messages that the backup is in progress. After you will see the message

“Server backup is successfully completed”

4. After the backup is complete you can check the archive file which looks similar to;

1 root root 7568786 Oct 11 12:14 psa-7.1.4-p15160828.pureserver.info-20041011.12.archive

You may now save this file to another server via FTP if you wish.

NOTE: A ftp backup of Plesk can also be done using the following format

: @ storing the backup file on remote ftp server.

5. To restore the backup you would need to change back into the home/backup directory and run the following command

/usr/local/psa/bin/psarestore -f psa-7.1.4-p15160828.pureserver.info-20041011.12.archive -m map_ip -s shell_ma

NOTE:

The restore backup might fail on the 1st run. The reason for this is Plesk looks for the map_ip and shell_map files which may not be located, so on the first run it creates the files. If you run the restore command again the procedure would now start to restore Plesk on the system. If you do not get the following message then run the command again for the third time;

“Server restoration is completed”

You can also review the psadump and psarestore logs located at /var/log/ on the server.

Additional options that can be used for making the backup

Options:

* -h – This help.

* -F – Make (f)ull dump(it is default option, -C option is not supported now).

* -z – Enable gzip compression for result dump file.

* -f

* /fullpath/filename – regular file,

* /fullpath/ – dir for dumpfile with default name,

* – – use stdout for output,

* : @

I prefer not to do it this way because the file is too large, making a daily backup very tedious. Most importantly, you cannot roll back your plesk server to an earlier version this way unless you keep the old backup as well. It is a matter of preference and the users ability.

I recomend tar’ing your backups separately.

Create Cron jobs that back up each of the following directory’s

/boot: Files important for boot process

/etc: System configuration files

/home: Domains and home directories of users

/root: Homedirectory of root

/var/lib/mysql: MySQL-Databases

/var/logs: Log-files

/var/spool/mail: User-mailboxes

/var/spool/cron: Cron-Jobs

/usr/lib/python2.1/site-packages: PLESK Configuration

Here is an example:

15 1 * * * tar czvf /home/backup/sql.tar.gz /var/lib/mysql

This will run at 1:15am everyday of every week and of every month and back up the /var/lib/mysql directory naming it sql.tar.gz and storing it in the /home/backup directory.

I store my backups in a newly created directory under my home directory because of space. *Please note*: if you do the same, you must not backup the whole /home directory because if you do you will create an infinite loop, backing up your backup, over and over.

I also recomend you backup domains individually so you are not stuck with a huge tar file. Restoration depends on how fast you can upload your data and set-up the server, that is why I choose the later because I can easily reconfigure plesk and individually upload the tars 10 times faster then uploading a 2 gig file that takes a long time to execute.

# /usr/local/psa/bin/psadump -F -f /home/backup/

You will see the messages that the backup is in progress. After you will see the message

“Server backup is successfully completed”

4. After the backup is complete you can check the archive file which looks similar to;

1 root root 7568786 Oct 11 12:14 psa-7.1.4-p15160828.pureserver.info-20041011.12.archive

You may now save this file to another server via FTP if you wish.

NOTE: A ftp backup of Plesk can also be done using the following format

: @ storing the backup file on remote ftp server.

5. To restore the backup you would need to change back into the home/backup directory and run the following command

/usr/local/psa/bin/psarestore -f psa-7.1.4-p15160828.pureserver.info-20041011.12.archive -m map_ip -s shell_ma

NOTE:

The restore backup might fail on the 1st run. The reason for this is Plesk looks for the map_ip and shell_map files which may not be located, so on the first run it creates the files. If you run the restore command again the procedure would now start to restore Plesk on the system. If you do not get the following message then run the command again for the third time;

“Server restoration is completed”

You can also review the psadump and psarestore logs located at /var/log/ on the server.

Additional options that can be used for making the backup

Options:

* -h – This help.

* -F – Make (f)ull dump(it is default option, -C option is not supported now).

* -z – Enable gzip compression for result dump file.

* -f

* /fullpath/filename – regular file,

* /fullpath/ – dir for dumpfile with default name,

* – – use stdout for output,

* : @

I prefer not to do it this way because the file is too large, making a daily backup very tedious. Most importantly, you cannot roll back your plesk server to an earlier version this way unless you keep the old backup as well. It is a matter of preference and the users ability.

I recomend tar’ing your backups separately.

Create Cron jobs that back up each of the following directory’s

/boot: Files important for boot process

/etc: System configuration files

/home: Domains and home directories of users

/root: Homedirectory of root

/var/lib/mysql: MySQL-Databases

/var/logs: Log-files

/var/spool/mail: User-mailboxes

/var/spool/cron: Cron-Jobs

/usr/lib/python2.1/site-packages: PLESK Configuration

Here is an example:

15 1 * * * tar czvf /home/backup/sql.tar.gz /var/lib/mysql

This will run at 1:15am everyday of every week and of every month and back up the /var/lib/mysql directory naming it sql.tar.gz and storing it in the /home/backup directory.

I store my backups in a newly created directory under my home directory because of space. *Please note*: if you do the same, you must not backup the whole /home directory because if you do you will create an infinite loop, backing up your backup, over and over.

I also recomend you backup domains individually so you are not stuck with a huge tar file. Restoration depends on how fast you can upload your data and set-up the server, that is why I choose the later because I can easily reconfigure plesk and individually upload the tars 10 times faster then uploading a 2 gig file that takes a long time to execute.

Linux wget your ultimate command line downloader

It is a common practice to manage UNIX/Linux/BSD server remotely over ssh session. As you manage servers, you need to download the software or other files for installation or even download latest ISO of Linux distribution (or even MP3s). These days we have lots of GUI downloaders for X window such as:




  • d4x: http://www.krasu.ru/soft/chuchelo

  • kget: KDE download manager

  • gwget2 - GNOME 2 wget front-end


However, when it comes to command line (shell prompt) wget the non-interactive downloader rules. It supports http, ftp, https protocols along with authentication facility, and tons of options. Here are some tips to get most out of it:



Download a single file using wget


$ wget http://www.cyberciti.biz/here/lsst.tar.gz
$ wget ftp://ftp.freebsd.org/pub/sys.tar.gz



Download multiple files on command line using wget


$ wget http://www.cyberciti.biz/download/lsst.tar.gz ftp://ftp.freebsd.org/pub/sys.tar.gz ftp://ftp.redhat.com/pub/xyz-1rc-i386.rpmOR


i) Create variable that holds all urls and later use 'BASH for loop' to download all files:
$ URLS=”http://www.cyberciti.biz/download/lsst.tar.gz ftp://ftp.freebsd.org/pub/sys.tar.gz ftp://ftp.redhat.com/pub/xyz-1rc-i386.rpm http://xyz.com/abc.iso"ii) Use for loop as follows:
$ for u in $URLS; do wget $u; doneiii) However, a better way is to put all urls in text file and use -i option to wget to download all files:


(a) Create text file using vi
$ vi /tmp/download.txtAdd list of urls:
http://www.cyberciti.biz/download/lsst.tar.gz
ftp://ftp.freebsd.org/pub/sys.tar.gz
ftp://ftp.redhat.com/pub/xyz-1rc-i386.rpm
http://xyz.com/abc.iso
(b) Run wget as follows:
$ wget -i /tmp/download.txt(c) Force wget to resume download
You can use -c option to wget. This is useful when you want to finish up a download started by a previous instance of wget and the net connection was lost. In such case you can add -c option as follows:
$ wget -c http://www.cyberciti.biz/download/lsst.tar.gz
$ wget -c -i /tmp/download.txt
Please note that all ftp/http server does not supports the download resume feature.



Force wget to download all files in background, and log the activity in a file:


$ wget -cb -o /tmp/download.log -i /tmp/download.txtOR$ nohup wget -c -o /tmp/download.log -i /tmp/download.txt &nohup runs the given COMMAND (in this example wget) with hangup signals ignored, so that the command can continue running in the background after you log out.



Limit the download speed to amount bytes/kilobytes per seconds.


This is useful when you download a large file file, such as an ISO image. Recently one of admin started to download SuSe Linux DVD on one of production server for evaluation purpose. Soon wget started to eat up all bandwidth. No need to predict end result of such a disaster.
$ wget -c -o /tmp/susedvd.log --limit-rate=50k ftp://ftp.novell.com/pub/suse/dvd1.isoUse m suffix for megabytes (--limit-rate=1m). Above command will limit the retrieval rate to 50KB/s. It is also possible to specify disk quota for automatic retrievals to avoid disk DoS attack. Following command will be aborted when the quota is
(100MB+) exceeded.
$ wget -cb -o /tmp/download.log -i /tmp/download.txt --quota=100mF) Use http username/password on an HTTP server:
$ wget –http-user=foo –http-password=bar http://cyberciti.biz/vivek/csits.tar.gzG) Download all mp3 or pdf file from remote FTP server:
Generally you can use shell special character aka wildcards such as *, ?, [] to specify selection criteria for files. Same can be use with FTP servers while downloading files.
$ wget ftp://somedom.com/pub/downloads/*.pdf
$ wget ftp://somedom.com/pub/downloads/*.pdf
OR$ wget -g on ftp://somedom.com/pub/downloads/*.pdfH) Use aget when you need multithreaded http download:
aget fetches HTTP URLs in a manner similar to wget, but segments the retrieval into multiple parts to increase download speed. It can be many times as fast as wget in some circumstances( it is just like Flashget under MS Windows but with CLI):
$ aget -n=5 http://download.soft.com/soft1.tar.gzAbove command will download soft1.tar.gz in 5 segments.


Please note that wget command is available on Linux and UNIX/BSD like oses.


See man page of wget(1) for more advanced options.

Install Flash 10 Under Ubuntu Linux 64 bit Edition

I've already written about installing Flash player 10 under 32 bit version. But, couple of our readers asked about installing Flash player 10 final version under Ubuntu Linux 64 bit edition. This small post will cover flash 10 Ubuntu Linux 64 bit installation.

Alejandro has published a shell script to automate entire process. Open terminal and type the following command to install Flash 10 under 64 bit edition (please exit any browsers you may have running):
$ wget http://queleimporta.com/downloads/flash10_en.sh
$ sudo bash ./flash10_en.sh
Fig.01: Ubuntu Linux flash 10 in action

'Fatal error: Cannot redeclare JConfig::$password

Error : cannot redeclare JConfig::$password in /home/username/public_html/configuration.php on line 51'

Nothing to worry, just need to comment the line as you can see is the "var $password " entry was already present under the configuration at line no 36 and assigned the user name for your database.

Now all should work fine.

phpMyAdmin : Error

phpMyAdmin - Error
#2002 - The server is not responding (or the local MySQL server's socket is not correctly configured)

Your need to just check the MySQL services are up and running fine.

How to check JSP and Tomcat version

You can easily check the JSP version. You need to create test.jsp page under your account and add the following code into that file and access the test.jsp page by using browser " http://yourdomainname/test.jsp " then it shows the tomcat version ,JSP version and servlet version.
Working with server: 

Servlet Specification: .

JSP version:

How to setup a Teamspeak on a Dedicated Server

** Please do't install this on a VPS system, as it may strain the system recourses.

** Sufficient linux shell knowledge required. The contents of this article are deemed to be correct, but we cannot garuntee it is error free, and therefore accept no responsibility for any damage it may cause to your server. INSTALL AT YOUR OWN RISK.

If you are interested in setting up Teamspeak on your  dedicated server, simple follow following  instructions:

First Login to SSH as root

# useradd ts

This should of automatically created a directory called /ts in /home (/home/ts) - if it hasn’t, run

#mkdir /home/ts

# chown -R ts /home/ts

# passwd ts

# su ts

# cd /home/ts/

# wget ftp://ftp.freenet.de/pub/4players/teamspeak.org/releases/ts2_server_rc2_202319.tar.bz2

# tar -jxvf ts2_server_rc2_202319.tar.bz2

# cd tss2_rc2

# mv * ../

# cd ../

# rm -rfv tss2_rc2 (BE CAREFUL WITH THIS COMMAND!)

# ./teamspeak2-server_startscript start

If you have any firewalls installed, you will need to open ports 8767, and possibly 14534.

Li9nks IMP

http://www.ezlinuxadmin.com/page/2/

How to change default Linux VI text editor to Pico

If only for the session just run this: export EDITOR=/usr/bin/pico


If you want to change it so every time it will use Pico do this:


Open the server command line


Run:



  1. export EDITOR=/usr/bin/pico

  2. pico ~/.bashrc


Add this line at the bottom of the file:



  1. export EDITOR=/usr/bin/pico


Save the file and your done.


This changes the server to always use Pico no matter when it’s being used.

Sunday, 30 August 2009

The way to find and Replace script for Linux

screensaver

Shell Script to Recursively Search and Replace on Linux

Save the file in the directory you want to search and call it replace.

—->>>do not add this line

#!/bin/bash
# This script will search and replace all regular files for a string
# supplied by the user and replace it with another string.
#
#
function usage {
echo “”
echo “Search/replace script revised by dwhs.net and ezliuxadmin.com”
echo “”
echo “Not enough parameters provided.”
echo “Usage: ./$0 searchstring replacestring”
echo “Remember to escape any special characters in the searchstring or the replacestring”
echo “”
}

#check for required parameters
if  [ ${#1} -gt 0  ]  &&  [ ${#2} -gt 0  ];
then
for f in `find  -type f`;
do
if grep -q $1 $f;
then
cp $f $f.bak
echo “The string $1 will be replaced with $2 in $f”
sed s/$1/$2/g $f
rm $f.bak
fi
done

else
#print usage informamtion
usage
fi

—->>>do not add this line

When you add the script make the permissions to 755

Then run the command string to set the variables.

./replace oldtext newtext

How to change the default email server wide (cpanel compatable)

replace :blackhole: :fail: — /etc/valiases/*
replace :blackhole :fail: — /etc/valiases/*
replace blackhole: :fail: — /etc/valiases/*
replace blackhole :fail: — /etc/valiases/*
replace ” fail:” ” :fail:” — /etc/valiases/*
replace /dev/null :fail: — /etc/valiases/*
cd /etc/valiases/

grep fail * | grep -v ” :fail:”

Horde webmail fatal error

If you are receiving the following error code while Horde webmail login.

Error: Horde "A fatal error has occurred Could not connect to database for SQLSessionHandler. Details have been logged for the administrator"
Code:

#vi /usr/local/cpanel/base/horde/config/conf.php

How to install the APF Firewall

This guide will show you how to install and configure APF firewall, one of the better known Linux firewalls available.10

1. cd /root/downloads or another temporary folder where you store your files.

2. wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

3. tar -xvzf apf-current.tar.gz



4. cd apf-0.9.5-1/ or whatever the latest version is.

5. Run the install file: ./install.sh
You will receive a message saying it has been installed

Installing APF 0.9.5-1: Completed.
Installation Details:
Install path: /etc/apf/
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf
AntiDos install path: /etc/apf/ad/
AntiDos config path: /etc/apf/ad/conf.antidos
DShield Client Parser: /etc/apf/extras/dshield/
Other Details:
Listening TCP ports: 1,21,22,25,53,80,110,111,143,443,465,993,995,2082, 2083,2086,2087,2095,2096,3306
Listening UDP ports: 53,55880
Note: These ports are not auto-configured; they are simply presented for information purposes. You must manually configure all port options.


6. Lets configure the firewall: pico /etc/apf/conf.apf
We will go over the general configuration to get your firewall running. This isn't a complete detailed guide of every feature the firewall has. Look through the README and the configuration for an explanation of each feature.We like to use DShield.org's "block" list of top networks that have exhibited
suspicious activity.
FIND: USE_DS="0"
CHANGE TO: USE_DS="1"


7. Configuring Firewall Ports:

Cpanel Servers
We like to use the following on our Cpanel Servers


Common ingress (inbound) ports
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2082,208 3, 2086,2087, 2095, 2096,3000_3500"
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53"

Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="1"


# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43,2089"
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"

Ensim Servers

We have found the following can be used on Ensim Servers - although we have not tried these ourselves as I don't run Ensim boxes.

Common ingress (inbound) ports
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,19638"
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53"


Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="1"

# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43"
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"


Save the changes: Ctrl+X then Y

8. Starting the firewall
/usr/local/sbin/apf -s

Other commands:
usage ./apf [OPTION]
-s|--start ......................... load firewall policies
-r|--restart ....................... flush & load firewall
-f|--flush|--stop .................. flush firewall
-l|--list .......................... list chain rules
-st|--status ....................... firewall status
-a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and
immediately load new rule into firewall
-d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and
immediately load new rule into firewall


9. After everything is fine, change the DEV option
Stop the firewall from automatically clearing itself every 5 minutes from cron.
We recommend changing this back to "0" after you've had a chance to ensure everything is working well and tested the server out.


pico /etc/apf/conf.apf

FIND: DEVM="1"
CHANGE TO: DEVM="0"


10. Configure AntiDOS for APF
Relatively new to APF is the new AntiDOS feature which can be found in: /etc/apf/ad
The log file will be located at /var/log/apfados_log so you might want to make note of it and watch it!


pico /etc/apf/ad/conf.antidos

There are various things you might want to fiddle with but I'll get the ones that will alert you by email.
# [E-Mail Alerts]
Under this heading we have the following:

# Organization name to display on outgoing alert emails
CONAME="Your Company"
Enter your company information name or server name..

# Send out user defined attack alerts [0=off,1=on]
USR_ALERT="0"
Change this to 1 to get email alerts

# User for alerts to be mailed to
USR="your@email.com"
Enter your email address to receive the alerts

Save your changes! Ctrl+X then press Y
Restart the firewall: /usr/local/sbin/apf -r

11. Checking the APF Log

Will show any changes to allow and deny hosts among other things.
tail -f /var/log/apf_log

Example output:
Aug 23 01:25:55 ocean apf(31448): (insert) deny all to/from 185.14.157.123
Aug 23 01:39:43 ocean apf(32172): (insert) allow all to/from 185.14.157.123

12. New - Make APF Start automatically at boot time
To autostart apf on reboot, run this:
chkconfig --level 2345 apf on
To remove it from autostart, run this:
chkconfig --del apf


13. Denying IPs with APF Firewall (Blocking)
Now that you have your shiny new firewall you probably want to block a host right, of course you do! With this new version APF now supports comments as well. There are a few ways you can block an IP, I'll show you 2 of the easier methods.
A) /etc/apf/apf -d IPHERE COMMENTHERENOSPACES
> The -d flag means DENY the IP address
> IPHERE is the IP address you wish to block
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being blocked
These rules are loaded right away into the firewall, so they're instantly active.
Example:


./apf -d 185.14.157.123 TESTING



pico /etc/apf/deny_hosts.rules

Shows the following:

# added 185.14.157.123 on 08/23/05 01:25:55
# TESTING
185.14.157.123

B) pico /etc/apf/deny_hosts.rules
You can then just add a new line and enter the IP you wish to block. Before this becomes active though you'll need to reload the APF ruleset.

/etc/apf/apf -r

14. Allowing IPs with APF Firewall (Unblocking)

I know I know, you added an IP now you need it removed right away! You need to manually remove IPs that are blocked from deny_hosts.rules.
A)
pico /etc/apf/deny_hosts.rules

Find where the IP is listed and remove the line that has the IP.
After this is done save the file and reload apf to make the new changes active.

/etc/apf/apf -r

B) If the IP isn't already listed in deny_hosts.rules and you wish to allow it, this method adds the entry to allow_hosts.rules

/etc/apf/apf -a IPHERE COMMENTHERENOSPACES
> The -a flag means ALLOW the IP address
> IPHERE is the IP address you wish to allow
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being removed These rules are loaded right away into the firewall, so they're instantly active.
Example:

./apf -a 185.14.157.123 UNBLOCKING

pico /etc/apf/allow_hosts.rules

# added 185.14.157.123 on 08/23/05 01:39:43
# UNBLOCKING
185.14.157.123

How to add a Symlink

Pelase use the below steps for adding a a Symlink


# ln -s linktext linkname


linktext is the location of the actual file. linkname is the redirect path


# ln -s /backup/logs /var/logs


# ln -s /home/cpanel /var/cpanel

How to fix the error : 401 errors

find . -name “.htaccess” -type f -print | xargs grep -e ‘.*401.*http’ /dev/null

How to install the FFmpeg

# yum -y install dialog


# cd /usr/src


# wget http://scriptmantra.info/scripts/AAST_ffmpeg_installer_5.0.3b


#chmod +x AAST_ffmpeg_installer_5.0.3b


#./AAST_ffmpeg_installer_5.0.3b


FFmpeg-PHP

How to install image magik on cpanel

Get Image Magik install :- keep rocking

# mkdir /usr/local/src

#cd /usr/local/src

# wget http://www.downloadspot.com/downloads/ImageMagick-6.3.4-7.tar.gz

# tar xvzf ImageMagick-6.3.4-7.tar.gz
# cd ImageMagick-6.3.4


# ./configure

# make

#make install

#cd PerlMagick

#perl Makefile.PL

#make

#make install

How to install zend optimizer

32 Bit and 64 Bit Linux servers.

For 32 Bit

cd /usr/local/src
wget http://downloads.zend.com/optimizer/3.3.0/ ZendOptimizer-3.3.0-linux-glibc21-i386.tar.gz


tar -zxvf ZendOptimizer-3.3.0-linux-glibc21-i386.tar.gz
cd ZendOptimizer-3.3.0-linux-glibc21-i386
./install


For 64 Bit

cd /usr/local/src
wget http://downloads.zend.com/optimizer/3.3.0/ ZendOptimizer-3.3.0-linux-glibc23-x86_64.tar.gz


tar -zxvf ZendOptimizer-3.3.0-linux-glibc23-x86_64.tar.gz
cd ZendOptimizer-3.3.0-linux-glibc23-x86_64.tar.gz
./install.sh


One of our Sysadmin Mr. Mayur recommends to add the following extenstions in the php.ini file.

zend.ini section looks like this,
[Zend]
zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.3.0
zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.0
zend_optimizer.version=3.3.0a
zend_extension=/usr/local/Zend/lib/ZendExtensionManager.s

Protected: Iprotect (iprot) step by step

This post is password protected. To view it please enter your password below:


Password:

Mod bandwidth

/scripts/setbwlimit


8000000 – 8 mps


5000000 – 5 mps


3000000 – 3 mps

Cpanel fix it scripts

/scripts/securetmp – secures tmp folders
/scripts/fixcommonproblems – cleans up common issues
/scripts/fixeverything – cleans up the server
/scripts/runlogsnow – Force a webalizer/analog update
/scripts/upcp – Update Cpanel
/scripts/quicksecure – Shuts down ovious security holes
/scripts/remdefssl – Delete Nasty SSL entry in apache default httpd.conf
/scripts/updateuserdomains – If a domain is missing in the cpanel list run this mayneed to clean the /var/cpanel/usr file as well.

Cpanel manual backup

/scripts/pkgacct username


Instantly runs a backup for any account.

Cpanel install

Follow these steps to install cPanel on a Linux box.

1) Login to your Linux machine via SSH as root.

2) Run the following commands:

# mkdir /home/cpins

# cd /home/cpins

# wget http://layer1.cpanel.net/latest

# sh latest

After that you will need to leave it for around 90 minutes so that cPanel can install.

Cpanel restart services

/scripts/restartsrv mysql
/scripts/restartsrv httpd
/scripts/restartsrv bind
(proftpd,exim,sshd,cppop,bind,mysql)


/etc/rc.d/init.d/cpanel restart
/scripts/reswhostmgr
/etc/rc.d/init.d/portsentry start
/etc/rc.d/init.d/network restart
/etc/sysconfig/network-scripts (where ip’s are stored)


/etc/init.d/exim restart


services exim stop

How to change a cPanel server hostname

pico /etc/sysconfig/network


pico /etc/hosts


pico /etc/resolv.conf


pico /var/named/your.dns.zone.com.db (add A record for host)


pico /usr/local/apache/conf/httpd.conf

cd /usr/local/cpanel
then run
./cpkeyclt


also might help license


/scripts/upcp

SSH server to server

ssh -l root 12.123.123.12

How to install CSF on cPanel

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh


sh disable_apf_bfd.sh


/usr/sbin/csf -u


/usr/sbin/csf -f


Usage: /usr/sbin/csf [option] [value]


Option Meaning
-h, –help Show this message
-l, –status List/Show iptables configuration
-s, –start Start firewall rules
-f, –stop Flush/Stop firewall rules
-r, –restart Restart firewall rules
-a, –add [ip] Add an IP address to be whitelisted to /etc/csf.allow
-d, –deny [ip] Add an IP address to be blocked to /etc/csf.deny
-u, –update Checks for updates to csf+lfd and performs an upgrade if available
-x, –disable Disable csf and lfd
-e, –enable Enable csf and lfd if previously disabled
-v, –version Show csf version


If you would like to disable APF+BFD (which you will need to do if you have
them installed otherwise they will conflict horribly):


sh disable_apf_bfd.sh


That’s it. You can then configure csf and lfd in WHM, or edit the files
directly in /etc/csf/*


csf is preconfigured to work on a cPanel server with all the standard cPanel
ports open. It also auto-configures your SSH port if it’s non-standard on
installation.


You should ensure that kernel logging daemon (klogd) is enabled. Typically, VPS
servers have this disabled and you should check /etc/init.d/syslog and make
sure that any klogd lines are not commented out. If you change the file,
remember to restart syslog.


See the readme.txt file for more information.


Uninstallation
==============
Removing csf and lfd is even more simple:


cd /etc/csf
sh uninstall.sh

Iptables services

service iptables start
service iptables stop
service iptables restart

Iframe hack remover

iframe hack find and remover


uses all memory:


#!/usr/bin/perl


#This code is intended to be used to find injected iframes or javascript in user’s home directories
#You will most certainly have to adjust the pattern matching based on the current “hot” injected code
#Free software licensed under the GPL.
#USE AT YOUR OWN RISK, THIS MODIFIES PAGE CONTENT!


use strict;
use warnings;
use File::Listing;
use File::Find;


##### Search strings (injected code)


my $jsinject=”[=a-zA-z ]+function+[dc()x ]+.+“;
my $iframeexp=”[IFRAMEiframe]“;


##### What to replace the iframe with
my $replace = ”;


##### Log found files? (0 = No, 1 = Yes)
my $logfiles = 1;


##### Where to log?


my $logpath = “/home/injection.log”;


##### Backup files just in case?


my $backup = 1;


#################Let’s Go ####################


find(&wanted, ‘/home’);


sub wanted {
my $fullname = $File::Find::name;
next if (stat $fullname)[7] >= 1_000_000;
open(FILE, “< $fullname") or warn "cannot open $fullname";
my @readin = ;
close(FILE);
my @backup = @readin;


my $matched = 0;


foreach (@readin){
if( $_ =~ /$jsinject/) {
print “Found Match in $fullnamen”;
$_ =~ s/$jsinject/$replace/g;
$matched = 1;
if ($logfiles == 1) {
open(LOG, “>>$logpath”) or warn “cannot open $logpath”;
print LOG “Javascript injection found in $fullnamen”;
close(LOG);
}
}
if( $_ =~ /$iframeexp/) {
print “Found Match in $fullnamen”;
$_ =~ s/$iframeexp/$replace/g;
$matched = 1;
if ($logfiles == 1) {
open(LOG, “>>$logpath”) or warn “cannot open $logpath”;
print LOG “IFRAME found in $fullnamen”;
close(LOG);
}
}
}
if ($matched == 1){
my $backupfile = $fullname . “.bck”;
open(FILE, “>$backupfile”) or warn “cannot open file”;
foreach(@backup){
print FILE $_;
}
close(FILE);
open(FILE, “>$fullname”) or warn “cannot open file”;
foreach (@readin){
print FILE $_;
}
close(FILE);
}
}


—-


my $fullname = $File::Find::name;
next if ( $fullname !~ m{ . ( php | htm | html ) z }ixms );
next if (stat $fullname)[7] >= 1_000_000;
open(FILE, “<$fullname") or warn "cannot open $fullname";

Log watch and root emailed

—-Server e-mail every time someone logs in as root


To have the server e-mail you everytime someone logs in as root, SSH into server and login as root.


At command prompt type: pico .bash_profile


Scroll down to the end of the file and add the following line:


echo ‘ALERT – Root Shell Access on:’ `date` `who` | mail -s “Alert: Root Access from `who | awk ‘{print $6}’`” support@dwhs.net


Save and exit.


—-


Modify LogWatch


Logwatch is a customizable log analysis system. It parses through your system’s logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. Logwatch is already installed on most CPanel servers.


To modify LogWatch, SSH into server and login as root.


At command prompt type: pico -w /etc/log.d/conf/logwatch.conf


Scroll down to


MailTo = root


and change to


Mailto = support@dwhs.net


Note: Set the e-mail address to an offsite account incase you get hacked.


Now scroll down to


Detail = Low


Change that to Medium, or High…


Detail = 5 or Detail = 10


Note: High will give you more detailed logs with all actions.


Save and exit.

Port listening check

nmap localhost (checks listening ports)
lsof -i :1980 (checks what running on that port)
kill -15 (kills what’s running on that port)


—-check open ports—-


check for open ports: ‘netstat -a’

Root check

Install chkrootkit


To install chrootkit, SSH into server and login as root.


At command prompt type: cd /root/


At command prompt type: wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz


At command prompt type: tar xvzf chkrootkit.tar.gz


At command prompt type: cd chkrootkit-0.47


At command prompt type: make sense


To run chkrootkit


At command prompt type: /root/chkrootkit-0.47/chkrootkit


Make sure you run it on a regular basis, perhaps including it in a cron job.

skdetect

wget http://tsd.student.utwente.nl/skdetect/skdetect-1.0pre4cvs


./skdetect-1.0pre4cvs

Rsync

rsync –delete –stats -vae ssh 66.249.137.130:/backup/cpbackup/daily/ /backup/cpbackup/daily/ –exclude-from ‘/root/exclude.txt’


I added the file exclude.txt because with this code you can have certain files not be transferred. In this case I added pending and spam emails.


So my exclude.txt file has this in it:


*.*.dwhs1234.dwhs.net


*.*.dwhs1234.dwhs.net:2,


*.*.dwhs1234.dwhs.net:2,*


*.msg”
core.*
*.*.mbox:2,


This is for a cpanel based server.

Friday, 28 August 2009

How to update the exim.conf

To make use of the newest exim settings and enhancements, you can update the exim.conf by running the following as root::

wget -O /etc/exim.conf http://files.directadmin.com/services/exim.conf
wget -O /etc/exim.pl http://files.directadmin.com/services/exim.pl
chmod 755 /etc/exim.pl
cd /etc/virtual
touch blacklist_domains whitelist_from use_rbl_domains bad_sender_hosts blacklist_senders whitelist_domains whitelist_hosts whitelist_senders
echo 0 > limit
mkdir usage
chown mail:mail blacklist_domains whitelist_from use_rbl_domains bad_sender_hosts blacklist_senders whitelist_domains whitelist_hosts whitelist_senders limit usage


If you are running dovecot, you will need to re-patch your exim.conf:

patch -p0 < /usr/local/directadmin/customapache/exim.conf.dovecot.patch
patch -p0 < /usr/local/directadmin/custombuild/exim.conf.dovecot.patch

one thing you need to note that you only need to run the patch appropriate to the build system you have. If you have custombuild, run the 2nd one. If you don't know what you have, then run them both, as it won't hurt anything if you patch twice.

Restart the Exim now :

/etc/init.d/exim restart

How to update the exim.conf

To make use of the newest exim settings and enhancements, you can update the exim.conf by running the following as root::

wget -O /etc/exim.conf http://files.directadmin.com/services/exim.conf
wget -O /etc/exim.pl http://files.directadmin.com/services/exim.pl
chmod 755 /etc/exim.pl
cd /etc/virtual
touch blacklist_domains whitelist_from use_rbl_domains bad_sender_hosts blacklist_senders whitelist_domains whitelist_hosts whitelist_senders
echo 0 > limit
mkdir usage
chown mail:mail blacklist_domains whitelist_from use_rbl_domains bad_sender_hosts blacklist_senders whitelist_domains whitelist_hosts whitelist_senders limit usage


If you are running dovecot, you will need to re-patch your exim.conf:

patch -p0 < /usr/local/directadmin/customapache/exim.conf.dovecot.patch
patch -p0 < /usr/local/directadmin/custombuild/exim.conf.dovecot.patch

one thing you need to note that you only need to run the patch appropriate to the build system you have. If you have custombuild, run the 2nd one. If you don't know what you have, then run them both, as it won't hurt anything if you patch twice.

Restart the Exim now :

/etc/init.d/exim restart

Thursday, 27 August 2009

Linux / UNIX List User Dot-Files

How do I list only user dot-files from $HOME under UNIX and Linux operating systems? How do I ensure that user Dot-Files are not World-writable?

Use the ls command and shell GLOB characters to list only user Dot-Files, enter:

# ls -ld /root/.[A-Za-z0-9]*

# ls -ld $HOME/.[A-Za-z0-9]*

Sample Outputs:

-rw-r--r--  2 root  wheel  1455 Jun 12 18:47 /root/.cshrc

-rw-------  1 root  wheel  2650 Jul 28 06:26 /root/.history

-rw-r--r--  1 root  wheel   299 Jun 12 18:40 /root/.login

-rw-------  1 root  wheel    57 Jun 12 22:07 /root/.mysql_history

-rw-r--r--  2 root  wheel   260 Jun 12 18:40 /root/.profile

Run chmod command on misconfigured file to remove group- or world-writable permissions, enter:

# chmod go-w $HOME/.dot-file-name

Owners can run the same command to fix permission issue.

Wednesday, 26 August 2009

How to Enable PHP function for a one account ?

IF you disable PHP function in php.ini file and if you want to enable any particular function only one account .Then You can however use suhosin to enable a function for one domain only.

How can you do that ?

After installing suhosin, remove all functions from disable_functions in php.ini and add inphp.ini suhosin.executor.func.blacklist = “exec,passthru,shell_exec” and all the functions that you want to disable globally.

After that for each domain in the virtual host section you can addsuhosin.executor.func.blacklist again but without the function that you need to enable. And so you will enable that function only for one domain.

Example:

………..
………..

php_admin_value open_basedir “/usr/lib/php”


php_admin_value open_basedir “/usr/lib/php”
php_admin_value suhosin.executor.func.blacklist = “passthru,shell_exec”

…….
……


In this example exec has been enabled for the VirtualHost. This way it will be better as you do not neet to modify all the virtual hosts only the ones that you need to enable one or more functions.

What is DNS Propagation?

Once you make changes to your domain with the registrar you purchased your domain from, the changes will take anywhere from 1 to 72 hours for propagation to occur depending on your ISP and how often they update the DNS records.

Domain propagation is the process of your registrar handing off the changes of your domain to root DNS servers, ISPs acquire records from the root servers, ISPs to other ISPs and so on until you see the changes reflect on your computer with your internet service provider. Some service providers update their records more often than others and receive changes faster. As a result of this, often you will not be able to get to your website by its' domain name but a friend can. Simply wait out until the changes propagate to your ISP. In the meantime we provide you an IP and temporary address in your welcome email which allow you to start working on your site immediately!

How to install subversion client on Linux server?

Svn(subversion) is used to maintain current and historical versions of files such as source code, web pages, and documentation. Its goal is to be a mostly-compatible successor to the widely used Concurrent Versions System (CVS).

It is very easy to install subversion client on linux OS using yum. You can us following command to install subversion client.

root@server [~]# yum install subversion

while installing subversion if you are getting following error  then it seem sot be perl-URI package is not installed on your server so you will have to install first before installing subversion client.

Please follow the following steps to install perl-URI package

You’ll login via SSH as root and run this command:
root@server [~]# yum install subversion

and then you may get this error:
Error: Missing Dependency: perl(URI) >= 1.17 is needed by package subversion

Here’s what you do next (copy/paste):

root@server [~]# wget ftp://ftp.pbone.net/mirror/archive.fedoraproject.org/
fedora/linux/releases/7/Everything/i386/os/Fedora/
perl-URI-1.35-3.noarch.rpm


root@server [~]# rpm -i perl-URI-1.35-3.noarch.rpm

root@server [~]# yum install subversion

Installed: subversion.x86_64 0:1.4.2-4.el5 subversion.i386 0:1.4.2-4.el5

Dependency Installed: neon.x86_64 0:0.25.5-10.el5 neon.i386 0:0.25.5-10.el5

Complete! 

That’s it subversion client is successfully installed on your server you can check it using following command.
root@server [~]#svn --version
svn, version 1.1.4 (r13838)
compiled Aug 21 2005, 20:56:55

Copyright (C) 2000-2004 CollabNet.
Subversion is open source software, see http://subversion.tigris.org/
This product includes software developed by CollabNet (http://www.Collab.Net/).

The following repository access (RA) modules are available:

* ra_dav : Module for accessing a repository via WebDAV (DeltaV) protocol.
- handles 'http' schema
- handles 'https' schema
* ra_local : Module for accessing a repository on local disk.
- handles 'file' schema
* ra_svn : Module for accessing a repository using the svn network protocol.
- handles 'svn' schema

What is FTP?

FTP is an acronym for File Transfer Protocol. As the name suggests, FTP is used to transfer files between computers on a network, such as the Internet. You can use FTP to exchange files between computer accounts, to transfer files between an account and a desktop computer, or to access software archives on the Internet. Keep in mind, however, that many FTP sites are heavily used and require several attempts before connecting.

An FTP address looks a lot like an HTTP, or Website, address except it uses the prefix ftp:// instead of http://.

An FTP Client is software that is designed to transfer files back-and-forth between two computers over the Internet. It needs to be installed on your computer and can only be used with a live connection to the Internet.

What is bandwidth?

In terms of webhosting, limiting bandwidth is basically limiting the amount of data that your website is allocated per month. So, lets say you have a download on your website that is 1 MB. Lets also say that you are only allowed 5 GB of bandwidth. So, if this 1 MB file is downloaded about 5000 times, your website will be disabled, unless you buy more bandwidth.

Bandwidth is the amount of data you can use though your account during a given time.

How to fix Error HTTP on Wordpress 2.6 Flash Uploader

Whenever you are trying to upload an image using the flash uploader in Wordpress and received a “HTTP error”? and uploading images status stuck in crunching ……..

Solutions: The problem has something to do with mod_security, which is basically a web application firewall that protects your website from a range of attacks. So you shouldn’t turn off this module as it protects your site from such malicious attack , You can add a special rule in .htaccess file which can be found in the root folder of your Wordpress installation to get work the flash uploader.

Open the .htaccess file in your website document root and add the following lines:

  • For Apache 1.X



    SecFilterEngine Off
    SecFilterScanPOST Off



  • For Apache 2.X



    SecRuleEngine Off
    SecAuditEngine Off




Then try to upload the images it should be work like charm D:

How to install memcache on linux server?

memcached is a high-performance memory object caching system intended to speed up dynamic web applications by alleviating database load.


memcached is meant to work in concert with something like the MySQL query cache, not replace it. The two implementations excel at vastly different things: memcached is an object cache, while MySQL provides a query cache.


memcached is extremely fast. It uses libevent, which provides a mechanism to execute a callback function when a specific event occurs on a file descriptor, to scale to any number of open connections. On a modern Linux system memcached utilizes epoll, is completely non-blocking for network I/O, ensures memory never gets fragmented, and uses its own slab allocator and hash table to achieve 0(1) virtual memory allocation.


How it install it on Linux server ?


Install dependency software (Libevent)



#curl -O http://monkey.org/~provos/libevent-1.4.9-stable.tar.gz
#tar -xzvf libevent-1.4.9-stable.tar.gz
#cd libevent*
#./configure
#make
#make install 


  • Now let’s download the newest Memcached source


#curl -O http://www.danga.com/memcached/dist/memcached-1.3.0.tar.gz
#tar zxf memcached-1.3.0.tar.gz
#cd memcached-1.3.0
#./configure
#make
#make install


  • Then add /usr/local/lib to LD_LIBRARY_PATH in your .bash_profile


LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib
export LD_LIBRARY_PATH

How it Works


First, you start up the memcached daemon on as many spare machines as you have. The daemon has no configuration file, just a few command line options, only 3 or 4 of which you’ll likely use:


Run Memcached as a daemon (d = daemon, m = memory, u = user, l = IP to listen to, p = port)



#memcached -d -m 1024 -u root -l 127.0.0.1 -p 11211 –u nobody

This starts memcached as a daemon (-d) on the IP address and port specified with -l and -p, respectively, running as the user nobody (-u), allocating 1024  for object storage (-m). You should adjust the amount of storage to suit your needs; many memcached installs run with 4 GB. Once you are comfortable with your startup options, add the appropriate command to your startup scripts.


Create a /etc/init.d/memcached file and add above line to start memcached when the server boots


With memcached installed and running, it’s time to get PHP talking to the object cache. While multiple PHP API exists, the one in the PECL repository is recommended. If you are running a newer version of PHP, installation is as simple as:



# pecl install memcache

Or you can use following steps to install PECL memcache manually.



#cd /usr/local/src
#curl -O http://pecl.php.net/get/memcache
#tar zxvf memcache*
#cd memcache-*
#phpize
#./configure
#make && make install

Now we have to make sure PHP loads the newly built memcache.so library by adding the following line to php.ini:


extension=memcache.so


Now restart Apache:



Service httpd restart

Once it sucussfully install you can create phpinfo() on your webserver should now confirm that memcache is installed.


I can not send outgoing email (Error Number: 0x800CCC0B)


If you can not send email using mail.yourdomainname.com as your SMTP server, it may be because your ISP is blocking port 25 on their network, used for sending outoing mail via the SMTP protocol. In this instance, we recommend using your ISPs outgoing mail server, which can be obtained from your ISP. This practice has been put in place in an effort to stop spam.

Please check with your ISP for their outgoing mail server settings (SMTP) and adjust in your email program under email account setup. Relaying mail through your ISP will not change the look and appearance of email you send. It will simply use your ISPs outgoing mail server to relay your message, which will appear from your email address, etc.

I can not send outgoing email (Error Number: 0x800CCC0B)


If you can not send email using mail.yourdomainname.com as your SMTP server, it may be because your ISP is blocking port 25 on their network, used for sending outoing mail via the SMTP protocol. In this instance, we recommend using your ISPs outgoing mail server, which can be obtained from your ISP. This practice has been put in place in an effort to stop spam.

Please check with your ISP for their outgoing mail server settings (SMTP) and adjust in your email program under email account setup. Relaying mail through your ISP will not change the look and appearance of email you send. It will simply use your ISPs outgoing mail server to relay your message, which will appear from your email address, etc.

Enable Wildcard for Account

Hello Friends,


If you want to access your account with anything.domain.com like abcd.domain.com


first check DNS report for the domain if it resolve from our server then only


1.edit your zone file for the domain in question with *.domain.com A entry


*.domainname.com. 14400 IN A IP address of server


2 .vi /usr/local/apache/conf/httpd.conf


edit your virtual host container for the domain in question to look like this


search for domain.com



ServerAlias domain.com *.domain.com
ServerAdmin webmaster@domain.com
DocumentRoot /home/user/public_html
BytesLog domlogs/domain.com-bytes_log
User user
Group user
ServerName www.domain.com


User user
Group user
CustomLog /usr/local/apache/domlogs/domain.com combined
ScriptAlias /cgi-bin/ /home/user/public_html/cgi-bin/

Then finally restart Apache..

Tuesday, 25 August 2009

Cpanel Scripts

cPanel and WHM has a large number of predefined scripts available in the /scripts folder. The available scripts are as follows:


adddns – Adds a DNS zone.


addfpmail – Add frontpage mail extensions to all domains without them.


addfpmail2 -Add frontpage mail extensions to all domains without them.


addnetmaskips – Add the netmask 255.255.255.0 to all IPs that have no netmask.


addnobodygrp – Adds the group nobody and activates security.


addpop – Add a Pop Account.


addservlets – Add JSP support to an account (requires tomcat).


addstatus – (Internal use never called by user).


adduser – Add a user to the system.


admin – Run WHM Lite.


apachelimits – Add rlimits to Apache.


bandwidth – (OLD)


betaexim – Installs the latest version of exim.


biglogcheck – looks for logs nearing 2 gigabytes in size


bitstest -


bsdcryptoinstall – Installs crypto on FreeBSD.


bsdldconfig – Configures the proper lib directories in FreeBSD.


bsdpkgpingtest – Tests the connection speed for downloading FreeBSD packages.


buildbsdexpect – Install expect on FreeBSD.


builddomainaddr – (OLD)


buildeximconf – Rebuilds exim.conf.


buildpostgrebsd-dev – Installs postgresql on FreeBSD.


buildpureftproot -


bupcp – (OLD)


chcpass – (Internal use)


checkallowoverride -


checkbadconf – Checks /usr/local/apache/conf/httpd.conf for bad users.


checkbashshell -


checkbsdgroups – Checks and repairs proftpd ownership on FreeBSD.


checkccompiler – Checks to make sure the C compiler works on your system.


checkdeadperlso -


checkerrorlogsafe -


checkfpkey – Checks for the FrontPage suid key


checkgd – Checks to see if GD is built.


checkgentoousers -


checkhttpd -


checkinterchange – (Internal use).


checklibssl – Checks to make sure the proper libssl symlinks exist.


checklink -


checklog – (OLD)


checkmakeconf -


checkmaxclients – Checks to see if apache has reached the maximum clients allowed.


checkoldperl -  Checks to see if the version of Perl on your system is old.


checkoldrpm -


checkrsync – Checks to make sure rsync is up to date.


checksuexecpatch – Checks to see if mailman has been patched for suexec.


checksuspendpages – Checks to see if suspend pages are properly named.


checkswup – (OLD)


checkup2date – Makes sure up2date is set up properly (RedHat)


checkyum – Makes sure yum is set up properly.


chkpaths – Makes sure /usr/sbin/chown has a symlink to /bin/chown


chownpublichtmls – Change ownership of all users web space to them, which is useful for converting to suexec. Files owned by nobody are deleted.


chpass – Change password.


ckillall – Allows you to kill a process (used like killall).


ckillall2 – Allows you to kill a process.


cleanandmailformmaillog -


cleanbw – Cleans up old bandwidth logs.


cleandns – (OLD)


cleandns8 – Clean up named.conf.


cleangd – Cleans up old GD installs and reinstalls GD


cleanmd5 – Fix CPAN md5 problems.


cleanmsglog – cleans exim’s msglog


cleanopenwebmail – (OLD)


cleanupcheck -


cleanupmysqlprivs – Cleans up improper mySQL privileges.


compilers – Disables the usage of compilers for unprivileged users.


configips – (OLD)


.cgi – (INTERNAL)


.c – (INTERNAL)


convert2maildir – Converts mail from mbox to maildir format and installs courier impap and pop (cpimap is removed).


convertemails -


convertemails2 – (INTERNAL)


convertemails5 – (INTERNAL)


courierup – Updates/Installs Courier


cpanelsync -


cpbackup – Runs backups.


cpbackup2 – (INTERNAL)


cptheme – (NOT USED)


dialog – (NOT USED)


distupgrade – Upgrades RedHat to the newest version (for testing only)


dnscluster – Enables DNS clustering.


dnsqueuecron – Adds a cron job to dump the DNS queue.


dns_setup – (OLD)


dnstransfer – Only if the server has a DNS master (sync with DNS master).


doomhttpd -


dotbuffer – (INTERNAL)


downgradefp – Downgrades FrontPage Extensions (to 5.0-0)


dropmysqldb – Drops a mySQL database.


easyapache – Upgrade Apache


editquota – Change a users quota.


enablechkservdwebmail – Enable service checking of webmaild.


enablefileprotect – Protects home directories if file protection is built in apache.


ensurepkg – Installs a FreeBSD package.


ensurerpm – Installs a rpm.


ensurerpm2 – (INTERNAL)


exchangeacctdb – (OLD)


exim3 – Installs exim 3.


exim4 – Installs exim 4.


exim4-rh73test – Installs exim release #260. (RedHat only)


eximcron – Creates a cron job for exim_tidy_db.


eximlocalsend – Enables/Disables exim local sending.


exim_tidydb – Cleans the exim message log.


eximup – Installs/Updates exim.


eximup~ – (INTERNAL)


expectperlinstaller – (INTERNAL)


fetchfile – (INTERNAL)


fetchfpexec -


fetchgd – Includes libg.so.


finddev – (INTERNAL)


findhacks – Search for common Trojan Horses.


findoddrootprocesses – Lists root processes that may need to be checked out.


findphpversion – Check to see if your php version file is up to date.


findtrojans – Exhaustive Trojan Horse search.


fixadmin – (OLD)


fixallcartswithsuexec – Fixes permissions on carts when using suexec.


fixallinterchangeperm – Fixes permissions on all users’ Interchange Shopping Carts.


fixbinpath – Makes sure all bin file paths are correct.


fixbuggynamed – Updates bind to solve any problems with bugs.


fixcartwithsuexec – (INTERNAL) – Can be used to fix a cart with suexec.


fixcgiwrap – (OLD)


fixcommonproblems – Attempt to fix the most common problems.


fixetchosts – Fixes problems with /etc/hosts


fixeverything – Fix common problems and quotas.


fixfpwml – Fix for .wml errors with frontpage.


fixheaders – Run if nothing compiles errors with .h files on compile.


fixhome – (NOT USED) – Unsymlink items.


fixinterchange – Reinstall interchange Perl modules.


fixinterchangeperm – fix permissions on a user’s interchange cart.


fixipsnm – Same as addnetmask ips, but Perl though.


fixlibnet – Reinstall Bundle::libnet (Perl).


fixlocalhostwithphp – Change /etc/hosts to work better with PHP 4.2.0 + MySQL.


fixmailandakopia – (NOT USED)


fixmailman – Updates and restarts mailman.


fixmailmanwithsuexec -


fixmuse – Reinstalls muse.


fixmysql – Fixes problems with mySQL.


fixmysqlbsd – Fixes problesm with mySQL on FreeBSD.


fixnamed – Updates bind to handle many DNS zones (more than 512).


fixndc – Repair redhat’s broken named.conf on 7.2.


fixndc.new – (INTERNAL)


fixoldlistswithsuexec – Run after enabling suexec on the server to change the URLs that Mailman gives out to ones that don’t give a 500 internal server error.


fixperl – Symlink /usr/local/bin/perl /usr/bin/perl.


fixperlscript – Makes sure a perlscript includes all corresponding modules.


fixpop – Fix a POP account and reset password.


fixproftpdconf – Fixes problems with /usr/local/etc/proftpd.conf


fixproftpdconf~ – (INTERNAL)


fixproftpddupes – Updates proftpd.


fixquotas – Fix quotas.


fixrelayd – (OLD)


fixrh72ndckey – (INTERNAL)


fixrndc – Fixes named.conf to prevent rndc staus failed.


fixspamassassinfailedupdate – Reinstalls a failed spamassassin update.


fixsubconf -


fixsubdomainlogs – Run if subdomain logs don’t show up in cPanel.


fixsuexeccgiscripts – Fix CGI scripts that are broken after suexec installed.


fixtrojans – (NOT USED)


fixvaliases – Fix permisions on valiases.


fixwebalizer – Repair a Webalizer that has stopped updating.


fixwebmail – (OLD)


fixwwwdir – (OLD)


fp3 – Updates the fpexe3 patch.


fpanonuserpatch – Updates FrontPage extensions to include the anonymous user patch.


fp-auth -


fpbtr – (OLD)


fpsuexec – (INTERNAL)


fpsuexec2 – (INTERNAL)


fpsuexec3 – (INTERNAL)


fpupgrade – (INTERNAL)


ftpcheck – Checks for FTPSSL.


ftpfetch – (INTERNAL)


ftpput -  (INTERNAL)


ftpquaotacheck – Runs quota checking for all ftp users.


ftpsfetch – (INTERNAL)


ftpup – Updates your ftp server.


ftpupdate – (INTERNAL)


fullhordereset – Resets Horde and displays the current Horde password.


futexfix – Fixes problesm with futex.


futexstartup – Starts futex.


gcc3 – Installs gcc-3.3.3


gencrt – Generate a .crt and .csr file.


gencrt2 – (NOT USED)


gentomcatlist – (INTERNAL)


gentooportsup -


gethomedir – (INTERNAL)


getpasswd – (INTERNAL)


getremotecpmove – (INTERNAL)


getrpmfor -


grabemails – (INTERNAL)


grabhttp – (INTERNAL)


grabhttp2 – (INTERNAL)


grabmysqlprivs – (INTERNAL)


grpck – Checks to see if grpck is working properly.


hackcheck – (INTERNAL)


hdparmify – Enable dma/irq/32bit HD access, which speeds up IDE drives.


hdparmon – Turns on hdparm.


HTTPreq.pm – (INTERNAL)


httpspamdetect -


icpanel – (OLD)


initacls – Mounts your file systems with ACL support (make sure your kernel supports ACLs)


initbyteslog – (INTERNAL)


initfpsuexec – Enable FrontPage suexec support.


initquotas – Turn on quota support on new drives.


initsslhttpd – Make sure HTTP starts with SSL.


initsuexec – Turn on suexec support if suexec is installed.


installaimicq – (INTERNAL)


installcgipm – Installs CGI.pm


installcpbsdpkg -


installcpgentoopkg -


installdbi – Install Bundle::DBD::mysql.


installfpfreebsd – Installs FrontPage 5 Extensions on FreeBSD.


installfpgentoo – Installs FrontPage on Gentoo.


installgd – Builds GD.


installipc – (INTERNAL)


installpkg – Installs a FreeBSD package.


installpostgres – Installs PostrgeSQL.


installrmmods – (OLD)


installrpm – Installs a rpm.


installrpm2 – (INTERNAL)


installspam – Install SpamAssassin.


installssl – Add a SSL vhost.


installtree -


installzendopt – Install zend optimzer.


installzendopt-freebsd – Install zend optimizer on a freebsd machine.


ipcheck – (INTERNAL)


ipusage – (INTERNAL)


isdedicatedip – Checks an ip to see if it is dedicated.


kernelcheck – (INTERNAL)


killacct – Delete an account.


killbadrpms – Security script that kills insecure RPMs from the server.


killdns – Delete a DNS zone.


killdns-dnsadmin -


killdrrootvhost – Removes the document root for a virtual host.


killndbm – Remove the broken NDBM_File module from 7.2.


killpvhost – Removes a virtual host from proftpd.conf.


killspamkeys – Removes a spam key.


killsslvhost – Removes a SSL entry for a virtual host.


killvhost – Delete a vhost.


listcheck – Checks mailing lists for issues.


listproblems – Lists common problems.


listsubdomains – List subdomains.


mailadmin – (DEAD, OLD)


maildirmenu – (INTERNAL)


mailman212 – (INTERNAL)


mailperm – Fix almost any mail permission problem.


mailscannerupdate – Updates MailScanner


mailtroubleshoot – Guided mail fix.


makecpphp – Installs php.


makesecondary – Part of DNS transfer.


manualupcp – Updates cPanel manually.


md5crypt – Encrypts a password into MD5.


mkquotas – OLD


mkwwwacctconf – (INTERNAL)


mrusersscpcmd -


mseclocal – Sets up Mandrake’s msec to allow exim to run as mailnull.


mysqladduserdb – Create a MySQL databse and user.


mysqlconnectioncheck – Attempts to connect to MySQL, restarts SQL if necessary.


mysqldeluserdb – Delete a MySQL database and user.


mysqlinfo – (OLD)


mysqlpasswd – Change MySQL password.


mysqlrpmpingtest – Checks your connection speed for downloading mySQL rpms.


mysqlup – Updates mySQL.


mysqlup~ – (INTERNAL)


ndbmcheck – Checks to see if the nbdm module is loaded (kills in RedHat 7.2)


netftpsslpatch – Patches FTPSSL.pm.


newdomains – (OLD)


newdomains-sendmail – (OLD)


newexim – Installs the latest version of exim.


newftpuser – (NOT USED)


newpop – (NOT USED)


nofsck – Make fsck always use -y


nomodattach – Removes mod_attach from httpd.conf.


nomodauthmysql -Removes mod_auth_mysql from httpd.conf.


nomodbwprotect – Removes mod_bwportect from httpd.conf.


nomodgzipconfmods – Removes mod_gzip from httpd.conf.


nomodperl – Removes mod_perl from httpd.conf.


oldaddoncgi2xaddon – Updates old addons to X addons.


oldaddonconverter-(INTERNAL)


oopcheck – (INTERNAL)


park – Parks a domain.


patcheximconf – Fixes exim.conf.


patchposixtypes -


patchtypes -


patchtypesizes -


pedquota – (INTERNAL) – Part of editquota (for editting quota).


perlinstaller – Installs perl.


phpini – Create a php.ini file.


phpopenbasectl -


pingtest – Checks your download time from cPanel mirrors.


pkgacct – (INTERNAL)


pkgacct~ -(INTERNAL)


pkgacct2 – (INTERNAL)


pkgaccount-ala – backs up an Alabnza account for transfer.


pkgacct-ciXost – backs up a ciost account for transfer.


pkgacct-dXm – backs up a dm account for transfer.


pkgacct-enXim – backs up an enim account for transfer.


pkgacct-ng -


pkgacctn-ng.orig -


pkgacct-pXa – backs up a pa account for transfer.


popftpuse – (OLD)


portsup – (FREEBSD BETA)


postsuexecinstall – (INTERNAL)


proftpd128 – Installs proftpd-1.2.8.


pscan – (OLD)


ptycheck – Fixes permissoins on /dev/ptmx.


pwck -Verifies the integrity of system authentication information.


quickfixmysqlbsd – (NOT USED)


quickkernel – Updates your kernel.


quicksecure – Quickly kill useless services.


quotacheck – (INTERNAL)


rasetup – (OLD)


rawchpass – (INTERNAL)


realadduser – (INTERNAL)


realchpass – (INTERNAL)


realperlinstaller – (INTERNAL)


realrawchpass – (INTERNAL)


rebuildcpanelsslcrt – Rebuilds the cPanel SSL Certificate.


rebuildcpusers – Rebuilds /var/cpanel/users.


rebuildetcpasswd – Rebuilds /etc/passwd.


rebuildeximbsd – Rebuilds exim on FreeBSD.


rebuildhttpdconffromproftpd – Rebuild httpd.conf from the proftpd.conf file.


rebuildinterchangecfg – Used after moving a domain with Interchange to the server.


rebuildippool – (INTERNAL)


rebuildnamedconf – Restore named.conf from files in /var/named.


rebuildproftpd – Restore proftpd.conf from httpd.conf.


reinstallmailman – Reinstalls mailman.


relocatevartousr – Relocates files from /var to /usr in case of disk space issues.


remdefssl – Remove default SSL vhost.


reseteximtodefaults – Resets exim’s default settings.


resethorde -


resetimappasswds – Resets all imap passwords.


resetmailmanurls -


resetquotas – Change quotas to what they should be .


restartsrv – Restart a service.


restartsrv_apache – Restart apache.


restartsrv_bind – Restart bind.


restartsrv_clamd – Restart clamd.


restartsrv_courier – Restart courier imap.


restartsrv_cppop – Restart cppop.


restartsrv_entropychat – Restart entropy chat.


restartsrv_exim – Restart exim.


restartsrv_eximstats – Restart exim statistics.


restartsrv_ftpserver – Restart your ftp server.


restartsrv_ftpserver~ – (INTERNAL)


restartsrv_httpd – Restart httpd.


restartsrv_imap – Restart impad.


restartsrv_inetd – Restart inetd.


restartsrv_interchange – Restart Interchange Shopping Cart.


restartsrv_melange – Restart melange chat.


restartsrv_mysql – Restart mysqld.


restartsrv_named – Restart named.


restartsrv_postgres – Restart postgresql.


restartsrv_postgresql – Restart postgresql.


restartsrv_proftpd – Restart proftpd.


restartsrv_pureftpd – Restart pure-ftpd.


restartsrv_spamd – Restart spamd.


restartsrv_sshd – Restart sshd.


restartsrv_syslogd – Restart syslogd.


restartsrv_tomcat – Restart tomcat.


restartsrv_xinetd – Restart xinetd.


restoremail – Restores a user’s mail.


restorepkg -


reswhostmgr – Restart whostmgr.


rhlupdate – (OLD)


rpmpreinstall – (INTERNAL)


rpmup – Upgrade redhat/mandrake errata/security.


rpmup2 – (INTERNAL)


rpmup3 – (INTERNAL)


rrdtoolinstall – Installs RRD Tool.


rscpmd -


runlogsnow – (OLD)


runstatsonce – Runs statistics (should be used from the crontab).


runweblogs – Run analog/webalizer/etc. for a user.


ruserssscpcmd – (INTERNAL)


safeperlinstaller – Installs perl safely.


safeup2date – Runs up2date safely.


safeyum – Runs yum safely.


scpcmd – (INTERNAL)


searchbadgroups -


searchreplace – (NOT USED)


secureit – Remove unnecessary suid binaries.


securemysql – Attempts to secure the MySQL configuration.


securetmp – Adds securetmp to system startup.


selinux_custom_contexts -


selinuxsetup -


sendaim – (INTERNAL)


sendicq – (INTERNAL)


setupfp – Install FrontPage 3 on an account.


setupfp4 – Install FrontPage 4 (2000) installer on an account.


setupfp5 – Install FrontPage 5 (2002) installer on an account.


setupfp5.nosueuxec – Install FrontPage 5 (2002) installer on an account when not using suexec.


setupmakeconf -


showexelist – Shows exe processes.


simpleps – Display the process list.


simplesshcmd – (INTERNAL)


smartcheck – Checks hard drive integrity.


smtpmailgdionly – Enables SMTP Mail Protection.


snarf – (INTERNAL)


spamasssassin-cpanel – (NOT USED)


spamboxdisable – Disables SpamAssassin’s spambox delivery for all accounts.


sscpcmd – (INTERNAL)


ssh2.expect – (INTERNAL)


sshcmd -


sshcontrol – (INTERNAL)


ssh.expect – (INTERNAL)


stage2fpmail – (INTERNAL)


supportvoidcheck -


suspendacct – Suspends an account.


symlinktodir – (INTERNAL)


sysup – update cPanel RPMs.


telentcrt – (OLD)


testinf – (OLD)


trustme – (INTERNAL)


typocheck -


uf – (OLD)


unlimitnamed – Installs the latest version of bind patched to support greater than 512 ips on the server.


unblockip – Unblocks an IP blocked by portsentry.


unpkgacct – (INTERNAL)


unsetupfp4 – Removes FrontPage 4 or 5 from an account.


unslavenamedconf – If the user accidentally sets a DNS master as local server, this will repair named.conf after the loop.


unsuspendacct – Unsuspends an account.


upcp – Updates cPanel.


updated – Updates /scripts.


updatedomainips – (INTERNAL)


updatefrontpage – Updates FrontPage


updatemysqlquota -


updatenow – Updates /scripts NOW.


updatephpconf – Updates PHP configuration files.


updateuserdomains – (INTERNAL)


updateuserdomains2 – (INTERNAL)


userdirctl -


userps – (OLD)


usersscpcmd – (INTERNAL)


usersscpcmd1 – (INTERNAL)


usersshcmd – (INTERNAL)


verify – (OLD)


verifyzone – (INTERNAL)


whichrpm – (INTERNAL)


whoowns – Finds out who owns a domain.


whostmgrkey – (OLD)


wwwacct – Creates an account.


wwwacct2 – (INTERNAL)


x – (OLD)


xaddonreport – Reports the current addon scripts installed.


zoneexists – (INTERNAL)