Wednesday, 30 January 2013

Find Out RHEL 6 / CentOS 6 Kernel Version

How do I find out my RHEL (Red Hat Enterprise Linux) 6 Linux kernel version number running on HP server?

You need to use the uname command to find name and information about current kernel. It can provide the following information

The kernel name (-s)
The Network node hostname (-n)
The kernel release (-r)
The kernel version (-v)
The machine hardware name (-m)
The processor type (-p)
The hardware platform (-i)
The operating system (-o)
RHEL 6 Kernel Version Command

Open a command-line terminal (select Applications > Accessories > Terminal), OR login to remote server using the ssh command and then type:

$ uname -r

 Sample outputs:
2.6.32-220.2.1.el6.x86_6

The following provides a little more information:

$ uname -mrs

 Sample outputs:
Linux 2.6.32-220.2.1.el6.x86_64 x86_64

You can see the complete information with the following command:

$ uname -a

 Sample outputs:
Linux example.cyberciti.biz 2.6.32-220.2.1.el6.x86_64 #1 SMP Tue Dec 13 16:21:34 EST 2011 x86_64 x86_64 x86_64 GNU/Linux
Find Red Hat Linux Distribution Version

Type the following cat command:
$ cat /etc/redhat-release

 Sample outputs:
Red Hat Enterprise Linux Server release 6.2 (Santiago)

You can also view the manual page on uname using the following command:
$ man uname

Sunday, 27 January 2013

File Permissions

In the interests of keeping WordPress as locked down as is reasonably possible, directory and file permissions should be set accordingly:
find ~/public_html -type d -exec chmod 755 {} ;
find ~/public_html -type f -exec chmod 644 {} ;

Pay special attention to wp-config as a special case, lock this down as much as possible.   If possible, move it to a directory outside of the DocumentRoot.

http://codex.wordpress.org/Hardening_WordPress

Saturday, 19 January 2013

How to stop syn attack on linux server

The SYN (TCP connection request) attack is a common denial of service (DoS) technique.

A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target’s system

When a client attempts to start a TCP connection to a server, the client and server exchange a series of messages which normally runs like this:
The client requests a connection by sending a SYN (synchronize) message to the server.
The server acknowledges this request by sending SYN-ACK back to the client.
The client responds with an ACK, and the connection is established.

How to check the SYN attack on the server.

A quick and useful command for checking if a server is under ddos:
netstat -anp |grep ‘tcp|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

That will list the IPs taking the most amounts of connections to a server. It is important to remember that ddos is becoming more sophisticated and they are using fewer connections with more attacking ips. If this is the case you will still get low number of connections even while you are under a DDOS.

Another very important thing to look at is how many active connections your server is currently processing.

netstat -n | grep :80 |wc -l

netstat -n | grep :80 | grep SYN |wc -l

The first command will show the number of active connections that are open to your server. Many of the attacks typically seen work by starting a connection to the server and then not sending any reply making the server wait for it to time out. The number of active connections from the first command is going to vary widely but if you are much above 500 you are probably having problems. If the second command is over 100 you are having trouble with a syn attack.

Solution:

First go with

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

and then

Try with all these IPtables rule , there may other attacks too.

iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP

then,

service iptables save
service iptables restart

it should resolve your issue.

Warning: shell_exec() has been disabled for security reasons in

Warning: shell_exec() has been disabled for security reasons in

You would receive the above warning message while accessing Fantastico through cPanel.

Please check if the below options are selected in WHM (you need to access WHM as root)

Login to your WHM control panel as root scroll down to the PHP section and make sure the
IONCUBE PHP Loader option is selected.

Then log into your server as root using SSH and execute the following command:
#/scripts/makecpphp

Above command will check the php config files and will make the changes if required.

Exception printing is disabled by default for security reasons - Magento

Error :

Exception printing is disabled by default for security reasons.
Error log record number: XXXXXXXXXXXXXXX

 

Solution :

After installation of magento then some of pages shows this error.

Exception printing is disabled by default for security reasons.
Error log record number: XXXXXXXXXXXXXXX

In this case you need to check following steps.

1) Go to folder /home/username/public_html/errors/
2) cp -p local.xml.sample local.xml
3) vi /home/username/public_html/lib/Zend/Cache/Backend/File.php

and search

protected $_options = array(
'cache_dir' => 'null',

and Change it to:

protected $_options = array(
'cache_dir' => 'tmp/',
Save the changes.

Create “tmp” folder under “/home/username/public_html/” folder.

done

Sunday, 6 January 2013

Back Up MySQL Databases From The Command Line

While automated backups are important on Linux server, sometimes you just want to take a quick and dirty snapshot before making a change to your data. When changing files in Linux, you can simply copy a file to another name, and c0py it back if your change does not work out. With MySQL, it is not quite that simple, but it is by no means difficult.

Creating A Backup

The mysqldump command is used to create textfile “dumps” of databases managed by MySQL. These dumps are just files with all the SQL commands needed to recreate the database from scratch.

If you want to back up a single database, you merely create the dump and send the output into a file, like so:

mysqldump database_name > database_name.sql


Multiple databases can be backed up at the same time:

mysqldump --databases database_one database_two > two_databases.sql


It is also simple to back up all of the databases on a server:

mysqldump --all-databases > all_databases.sql


Restoring a Backup

Since the dump files are just SQL commands, you can restore the database backup by telling mysql to run the commands in it and put the data into the proper database.

mysql database_name < database_name.sql


If you are trying to restore a single database from dump of all the databases, you have to let mysql know like this:

mysql --one-database database_name < all_databases.sql

Restoring Databases From cPanel Backups

Enable Ioncube cPanel

Overview



The following guide will show you enable Ioncube in cPanel.

Enabling Ioncube




  • Login to WHM (root)

  • Go to Server Configuration -> Tweak Settings -> PHP

  • Select ioncube from the radio-button for cPanel PHP loader.

  • Click on Save button.

  • That's it. This will enable Ioncube for you in 3rd party PHP binary.



EnableIoncube

Thursday, 3 January 2013

How to install Git on CentOS running cPanel

Recently when working on creating a new bash script to calculate inode usage I attempted to install Git on a CentOS 5 cPanel server and got a lot of Perl errors. After running the install command from Yum as you can see in the output below it was complaining about dependencies.

Here's a few of the errors that I received when trying to install

# yum install git-core
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* addons: mirror.team-cymru.org
* base: yum.singlehop.com
* epel: mirrors.servercentral.net
* extras: mirror.steadfast.net
* rpmforge: fr2.rpmfind.net
* updates: pubmirrors.reflected.net
Excluding Packages in global exclude list
Finished
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package git.i386 0:1.7.3-1.el4.rf set to be updated
--> Processing Dependency: perl-Git = 1.7.3-1.el4.rf for package: git
--> Processing Dependency: libcrypto.so.4 for package: git
--> Processing Dependency: perl(DBI) for package: git
--> Processing Dependency: libssl.so.4 for package: git
--> Processing Dependency: perl(Git) for package: git
--> Running transaction check
---> Package git.i386 0:1.7.3-1.el4.rf set to be updated
--> Processing Dependency: perl-Git = 1.7.3-1.el4.rf for package: git
--> Processing Dependency: perl(DBI) for package: git
--> Processing Dependency: perl(Git) for package: git
---> Package openssl097a.i386 0:0.9.7a-9.el5_4.2 set to be updated
--> Finished Dependency Resolution
git-1.7.3-1.el4.rf.i386 from rpmforge has depsolving problems
--> Missing Dependency: perl(DBI) is needed by package git-1.7.3-1.el4.rf.i386 (rpmforge)
git-1.7.3-1.el4.rf.i386 from rpmforge has depsolving problems
--> Missing Dependency: perl(Git) is needed by package git-1.7.3-1.el4.rf.i386 (rpmforge)
git-1.7.3-1.el4.rf.i386 from rpmforge has depsolving problems
--> Missing Dependency: perl-Git = 1.7.3-1.el4.rf is needed by package git-1.7.3-1.el4.rf.i386 (rpmforge)
Error: Missing Dependency: perl(DBI) is needed by package git-1.7.3-1.el4.rf.i386 (rpmforge)
Error: Missing Dependency: perl(Git) is needed by package git-1.7.3-1.el4.rf.i386 (rpmforge)
Error: Missing Dependency: perl-Git = 1.7.3-1.el4.rf is needed by package git-1.7.3-1.el4.rf.i386 (rpmforge)
You could try using --skip-broken to work around the problem
You could try running: package-cleanup --problems
package-cleanup --dupes
rpm -Va --nofiles --nodigest

After searching around and doing a little bit of research I figured out the problem was related to cPanel itself. cPanel was blocking the installation of any Perl modules to prevent it from conflicting with their packages.

Thankfully though there is a really simple way through Yum to install Git and bypass this block from cPanel.

# yum --disableexcludes=main install git

We add in the --disableexcludes=main and you should be able to install Git without any problems.

If you end up having problems with cPanel afterwards (which I have not experienced), you can run this script from cPanel to check the Perl modules installed.

# /scripts/checkperlmodules