Linux Windows Admin Tips

Saturday, 13 February 2016

Disable ssl via ssh (unable to login into WHM)

If you are unable to login into WHM because of ssl error (An error occurred during a connection to . Peer's Certificate has been revoked. (Error code: sec_error_revoked_certificate)

you can disable those options from the shell. SSH to the server as root.

SSH to your server as root

Open

# vi /var/cpanel/cpanel.config and set the following options to 0 (zero).

alwaysredirecttossl

requiressl

—-

alwaysredirecttossl=0

requiressl=0

—–

Save the file and exit.

Thats it :)

CPanel installation tips

Disk layout

We recommend to use logical volumes (LVM)

swap - twice the server's RAM
/ - 40G (not that large if you want to use separate /var and /home)
/boot - 200M
/tmp - 2G
somewhat more for /var/lib/mysql to store more databases
/home - grow to fill the disk

Network

Set IP address: edit /etc/sysconfig/network-scripts/ifcfg-eth?. cPanel installation guide forbids to use NAT.
Set fully qualified domain name (FQDN): edit /etc/sysconfig/network. cPanel allows to use only 3rd level domain names (cp.example.com).

Base system installation

Install minimal CentOS.
Check for package groups installed (yum grouplist). Remove (yum groupremove) all of:

FTP Server
GNOME Desktop Environment
KDE (K Desktop Environment)
Mail Server or E-mail Server
Mono
Web Server
X Window System

for minimal installation only "E-mail server" was installed by default.
Install perl (yum install perl), wget (yum install wget)
Disable SELinux: edit /etc/selinux/config, set "SELINUX=disabled"
Disable iptables: chkconfig iptables off, chkconfig ip6tables off

cPanel installation

cd /home
wget -N http://httpupdate.cpanel.net/latest
sh latest

Post-installation configuration

You can enable firewall now: the best choice is to install CSF, so you could manage firewall rules under WHM menus:
wget http://www.configserver.com/free/csf.tgz && tar -xzf csf.tgz && cd csf && sh install.sh
edit /etc/csf/csf.conf, set TESTING="0" and restart csf (csf -r)
or you can enable iptables (chkconfig iptables on, chkconfig ip6tables on) and open custom ports:

20 — FTP TCP inbound/outbound
21 — FTP TCP, UDP inbound/outbound
22 — SSH TCP inbound
25 — SMTP TCP inbound/outbound
26 — SMTP TCP inbound/outbound
37 — rdate TCP outbound
43 — whois TCP outbound
53 — DNS TCP/UDP inbound/outbound (inbound is only needed if you run your own public DNS server)
80 — HTTP TCP inbound/outbound
110 — POP3 TCP inbound
113 — ident TCP outbound
143 — IMAP4 TCP inbound
443 — HTTPS TCP inbound
465 — SMTP TLS/SSL TCP/UDP inbound/outbound
783 — SpamAssassin TCP/UDP inbound
873 — rsync TCP/UDP outbound
993 — IMAP4 SSL TCP inbound
995 — POP3 SSL TCP inbound
2077 — WebDAV TCP/UDP inbound/outbound
2078 — WebDAV SSL TCP/UDP inbound/outbound
2082 — cPanel TCP inbound
2083 — cPanel SSL TCP inbound
2086 — WHM TCP inbound
2087 — WHM SSL TCP inbound
2089 — cPanel license TCP outbound
2095 — Webmail TCP inbound
2096 — Webmail SSL TCP inbound
3306 — MySQL TCP (only if you need to connect remotely)
6666 — Chat TCP inbound

Configure WHM (https://<ip addr>:2087) and cPanel (https://<ip addr>:2083) accordingly to your needs.

You can find the most up to date installation guide at cPanel official documentation

OpenVZ Server Provisioning

Stage 1 : Server Setup
------------------------------

1 . Add the openVZ repository to yum.


===============
a. cd /etc/yum.repos.d
     b. http://download.openvz.org/openvz.repo
     c. rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
===============

2. Search Available kernels
    a.
===============
yum search vzkernel
===============

3 Install kernel
    a.
===============
yum install vzkernel
===============
         * it will install necessary packages for openvz virtualization inludes vzctl ,vzquota etc
         *

===============
rmp -qa | grep vzk*
===============
    ---> verification command

4.Configure boot loader
     a . /etc/grub.conf
     b . edit   title of   vzkernel as OpenvZ   ( Just for clarity )

5. Set Kernel parameters and disable SElinux


       a.
==============
vi /etc/sysctl.conf
==============
and set below parameter


====
Quote

    net.ipv4.ip_forward = 1
                  net.ipv6.conf.default.forwarding = 1
                  net.ipv6.conf.all.forwarding = 1
                  net.ipv4.conf.default.proxy_arp = 0
====

Quote
====
    # Enables source route verification
                   net.ipv4.conf.all.rp_filter = 1
                   # Enables the magic-sysrq key
                    kernel.sysrq = 1
                   # We do not want all our interfaces to send redirects
                     net.ipv4.conf.default.send_redirects = 1
                     net.ipv4.conf.all.send_redirects = 0
====

           b.
====
vi /etc/sysconfig/selinux
====
and set
====
SELINUX=disabled
====

6. Now rebooting to OpenVz kernel
7.Check whether Eth0 detected or not ,if no refer below link for fix .

    http://in.myloth.com/forum/index.php?topic=17.0

8. Start OpenVz

=====
/sbin/service vz start
=====

Stage 2 : Templates
--------------------------

1. Download OS templates to /vz/template/cache/
     Check http://wiki.openvz.org/Download/template/precreated

Stage 3 : Setup VMs
---------------------------

1. Create virtual machines   ( CID --> Container ID )

====
vzctl create CID --ostemplate   template --config-basic
          vzctl set CID --onboot yes --save
====
---> To start Vms on boot

2. Configure VM
        a. add ip

====
vzctl set CID --ipadd ip --save
====
         b. No of sockets

====
vzctl set CID --numothersock 150 --save
====
         c. Set name server for N/w access

====
vzctl set CID --nameserver IP --save
====
( our case 192.168.1.1 )
         d. Start VM

====
vzctl start CID
====

OpenVZ Commands

1) vzlist –a : To list all VPS.

2) vzlist : To list all Running VPS.

3) vzctl start <VPSID> : To Start a VPS.

4) vzctl stop <VPSID> : To Stop a VPS.

5) vzctl stop <VPSID> –fast : To Stop a VPS quickly and forcefully.

6) vzctl restart <VPSID> : To Restart a VPS.

7) vzctl status <VPSID> : To view the status of the particular VPS.

vzctl enter <VPSID> : To enter in a particular VPS.

9) vzcalc -v <VPSID> : To view the resources used by the VPS.

10) vzctl exec <VPSID> <COMMAND> : To execute a commands against the VPS.

12) vzdqcheck [options] <path> : To counts inodes and disk space used.

Options available to the vzdqcheck command are:

-h:-Usage info.
-V:- vzquota version info.
-v:- Verbose mode
-q:- Quiet mode.

13) vzcpucheck –v : To get the CPU usage.

14) vzmemcheck [-v] [-A] : Shows the Node memory parameters.

Options available to the vzmemcheck command are:
-v:- Display information for each Container.
-A:- Display absolute values (in megabytes).

15) vzpid <pid> : To display the ID of the Container where the process is running.

16) vzsplit -n <numve> -f <conf_name> -s <swapsize> -v <yes|no> : To generate a sample VE configuration file.

-n numv :- Specify the number of containers.
-f conf_name :- Specify the configuration sample name to write configuration
-s swapsize :-Specify the swap size in Kbytes.
-v yes|no :- Whether to generate VSwap enabled configuration.

17) vzcfgvalidate : To catch typical mistakes in the configuration.

It can be invoked as follows:

# cd /etc/vz/conf

# vzcfgvalidate <config_file>

18) vzctl set <VPSID> --hostname <HOSTNAME> --save : To set the Hostname of a VPS.

19) vzctl set <VPSID> --ipadd <IP> --save : To add a new IP to the hosting VPS

20) vzctl set <VPSID> --ipdel <IP> --save : To delete the IP from VPS

21) vzctl set <VPSID> --userpasswd root:<NEW PASSWORD> --save : To reset root password of a VPS.

22) vzctl set <VPSID> --nameserver <IP> --save : To add the nameserver IP’s to the VPS.

23) exit : log out from VPS.

24) vzctl destroy <VPSID> : To destroy the VPS.

Automated ClamAV Virus Scanning

If any client demanding us to setup an automated ClamAV Virus Scanning in the server. Please do the following

The most simple way is trying a cron job on daily basis or hourly basis according to client's wish.
First of all you need to install the clamAV >> yum install clamav clamav-db clamd
Starting it>>/etc/init.d/clamd start
Removing the test virus files>> rm -rf /usr/share/doc/clamav-0.95.3/test/
Creating the scripts
>> vi /etc/cron.daily/clamscan_daily
Past these into the file
=================================================================
#!/bin/bash

# email subject
SUBJECT="VIRUS DETECTED ON `hostname`!!!"
# Email To ?
EMAIL="me@domain.com"
# Log location
LOG=/var/log/clamav/scan.log

check_scan () {

# Check the last set of results. If there are any "Infected" counts that aren't zero, we have a problem.
if [ `tail -n 12 ${LOG} | grep Infected | grep -v 0 | wc -l` != 0 ]
then
EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
echo "To: ${EMAIL}" >> ${EMAILMESSAGE}
echo "From: alert@domain.com" >> ${EMAILMESSAGE}
echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE}
echo "Importance: High" >> ${EMAILMESSAGE}
echo "X-Priority: 1" >> ${EMAILMESSAGE}
echo "`tail -n 50 ${LOG}`" >> ${EMAILMESSAGE}
sendmail -t < ${EMAILMESSAGE}
fi

}

clamscan -r / --exclude-dir=/sys/ --quiet --infected --log=${LOG}

check_scan
===================================================================
For hourly base >> vi /etc/cron.hourly/clamscan_hourly

paste these
===================================================================
#!/bin/bash

# email subject
SUBJECT="VIRUS DETECTED ON `hostname`!!!"
# Email To ?
EMAIL="me@domain.com"
# Log location
LOG=/var/log/clamav/scan.log

check_scan () {

# Check the last set of results. If there are any "Infected" counts that aren't zero, we have a problem.
if [ `tail -n 12 ${LOG} | grep Infected | grep -v 0 | wc -l` != 0 ]
then
EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
echo "To: ${EMAIL}" >> ${EMAILMESSAGE}
echo "From: alert@domain.com" >> ${EMAILMESSAGE}
echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE}
echo "Importance: High" >> ${EMAILMESSAGE}
echo "X-Priority: 1" >> ${EMAILMESSAGE}
echo "`tail -n 50 ${LOG}`" >> ${EMAILMESSAGE}
sendmail -t < ${EMAILMESSAGE}
fi

}

find / -not -wholename '/sys/*' -and -not -wholename '/proc/*' -mmin -61 -type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/ --exclude-dir=/sys/ --quiet --infected --log=${LOG}
check_scan

find / -not -wholename '/sys/*' -and -not -wholename '/proc/*' -cmin -61 -type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/ --exclude-dir=/sys/ --quiet --infected --log=${LOG}
check_scan
===================================================================

NB>>Dont forget to give the execution permission to both the scripts>>

chmod +x script

You can customize the log file according to the client's wish but should be updated in the script along with the full path.
You are permitted to customize all the variables also but should be legible account in case of E-mail account.

If you have done these then you are all set to go...

Reset the Root password for th Xen VPS

If you face root login issue with Xen VPS.Then please do the following steps.

1)First Stop the container using command or through solusvm
2)Secondlyfind the the the Xen image location of the VPS which is /dev/mapper/xen-vm369_img(example)
3)create a directory name test and then mount the image to it using command mount /dev/mapper/xen-vm369_img /test
4)then change the root environment to test using the command chroot /test
5)Now the root environment will be same as that of Xen VPS which we have mounted
6)Then change the root password of root using passwd command.
7)Then exit from the root environment by typing the command exit and unmount the /test directory using umount /test
8)Reboot the server in solusvm

Database size not showing in cPanel

Most of you might have come across this issue before where database size show '0' in cPanel but tables, data exists in server. Here is the fix for it :

Open /var/cpanel/cpanel.config

Edit line

disk_usage_include_sqldbs=1 ( you need to set it to '1' if '0' )

And run

#/scripts/update_db_cache

That will do...