Saturday 13 February 2016

Disable ssl via ssh (unable to login into WHM)

If you are unable to login into WHM because of ssl error (An error occurred during a connection to . Peer's Certificate has been revoked. (Error code: sec_error_revoked_certificate)




 you can disable those options from the shell. SSH to the server as root.
SSH to your server as root
Open
# vi /var/cpanel/cpanel.config and set the following options to 0 (zero).
alwaysredirecttossl
requiressl
—-
alwaysredirecttossl=0
requiressl=0
—–
Save the file and exit.
 
 
Thats it :)

CPanel installation tips

Disk layout

We recommend to use logical volumes (LVM)
swap - twice the server's RAM
/ - 40G (not that large if you want to use separate /var and /home)
/boot - 200M
/tmp - 2G
somewhat more for /var/lib/mysql to store more databases
/home - grow to fill the disk

Network

Set IP address: edit /etc/sysconfig/network-scripts/ifcfg-eth?. cPanel installation guide forbids to use NAT.
Set fully qualified domain name (FQDN): edit /etc/sysconfig/network. cPanel allows to  use only 3rd level domain names (cp.example.com).

Base system installation

Install minimal CentOS.
Check for package groups installed (yum grouplist). Remove (yum groupremove) all of:
  • FTP Server
  • GNOME Desktop Environment
  • KDE (K Desktop Environment)
  • Mail Server or E-mail Server
  • Mono
  • Web Server
  • X Window System
for minimal installation only "E-mail server" was installed by default.
Install perl (yum install perl), wget (yum install wget)
Disable SELinux: edit /etc/selinux/config, set "SELINUX=disabled"
Disable iptables: chkconfig iptables off, chkconfig ip6tables off

cPanel installation

cd /home
wget -N http://httpupdate.cpanel.net/latest
sh latest

Post-installation configuration

You can enable firewall now: the best choice is to install CSF, so you could manage firewall rules under WHM menus:
wget http://www.configserver.com/free/csf.tgz && tar -xzf csf.tgz && cd csf && sh install.sh

edit /etc/csf/csf.conf, set TESTING="0" and restart csf (csf -r)
or you can enable iptables (chkconfig iptables on, chkconfig ip6tables on) and open custom ports:
  • 20 — FTP TCP inbound/outbound
  • 21 — FTP TCP, UDP inbound/outbound
  • 22 — SSH TCP inbound
  • 25 — SMTP TCP inbound/outbound
  • 26 — SMTP TCP inbound/outbound
  • 37 — rdate TCP outbound
  • 43 — whois TCP outbound
  • 53 — DNS TCP/UDP inbound/outbound (inbound is only needed if you run your own public DNS server)
  • 80 — HTTP TCP inbound/outbound
  • 110 — POP3 TCP inbound
  • 113 — ident TCP outbound
  • 143 — IMAP4 TCP inbound
  • 443 — HTTPS TCP inbound
  • 465 — SMTP TLS/SSL TCP/UDP inbound/outbound
  • 783 — SpamAssassin TCP/UDP inbound
  • 873 — rsync TCP/UDP outbound
  • 993 — IMAP4 SSL TCP inbound
  • 995 — POP3 SSL TCP inbound
  • 2077 — WebDAV TCP/UDP inbound/outbound
  • 2078 — WebDAV SSL TCP/UDP inbound/outbound
  • 2082 — cPanel TCP inbound
  • 2083 — cPanel SSL TCP inbound
  • 2086 — WHM TCP inbound
  • 2087 — WHM SSL TCP inbound
  • 2089 — cPanel license TCP outbound
  • 2095 — Webmail TCP inbound
  • 2096 — Webmail SSL TCP inbound
  • 3306 — MySQL TCP (only if you need to connect remotely)
  • 6666 — Chat TCP inbound
Configure WHM (https://<ip addr>:2087) and cPanel (https://<ip addr>:2083) accordingly to your needs.

You can find the most up to date installation guide at cPanel official documentation

OpenVZ Server Provisioning

Stage 1 :  Server Setup
------------------------------

1 . Add the openVZ repository to  yum.
  

===============
 a. cd /etc/yum.repos.d
     b. http://download.openvz.org/openvz.repo
     c. rpm --import  http://download.openvz.org/RPM-GPG-Key-OpenVZ
===============

2. Search  Available kernels
    a.
===============
yum  search vzkernel
===============

3 Install  kernel  
    a.
===============
yum  install  vzkernel
===============
         * it will  install  necessary packages for openvz virtualization inludes  vzctl ,vzquota etc
         *

===============
rmp -qa | grep  vzk*
===============
    ---> verification command

4.Configure boot loader
     a . /etc/grub.conf
     b . edit   title  of   vzkernel  as OpenvZ   ( Just for  clarity  )

5. Set Kernel  parameters and disable  SElinux

    
       a.
==============
vi  /etc/sysctl.conf
==============
  and  set below parameter  
        

====           
Quote

    net.ipv4.ip_forward = 1
                  net.ipv6.conf.default.forwarding = 1
                  net.ipv6.conf.all.forwarding = 1
                  net.ipv4.conf.default.proxy_arp = 0
====
              
Quote
====
    # Enables source route verification
                   net.ipv4.conf.all.rp_filter = 1
                   # Enables the magic-sysrq key
                    kernel.sysrq = 1
                   # We do not want all our interfaces to send redirects
                     net.ipv4.conf.default.send_redirects = 1
                     net.ipv4.conf.all.send_redirects = 0
====
    
           b.
====
vi  /etc/sysconfig/selinux
====
  and set
====
SELINUX=disabled
====

6. Now rebooting to  OpenVz kernel
7.Check whether  Eth0 detected or not  ,if no refer below link  for  fix .
  
    http://in.myloth.com/forum/index.php?topic=17.0

8. Start OpenVz
      
=====
/sbin/service vz start
=====



Stage 2 : Templates
--------------------------

1. Download OS templates to  /vz/template/cache/
     Check http://wiki.openvz.org/Download/template/precreated

Stage 3 :  Setup VMs
---------------------------
  
 1. Create virtual  machines   ( CID --> Container ID )
        
====
vzctl create  CID  --ostemplate   template  --config-basic    
          vzctl set  CID  --onboot yes --save
====
  ---> To  start Vms on boot

 2. Configure VM
        a. add ip
            
====
 vzctl set  CID --ipadd ip --save
====
         b. No of sockets
            
====
 vzctl set CID  --numothersock  150 --save
====
         c. Set name server for  N/w access
              
====
vzctl set CID  --nameserver  IP --save
====
  ( our case  192.168.1.1 )
         d. Start  VM
              
====
vzctl start  CID
====

OpenVZ Commands

1) vzlist –a                                                                                          : To list all VPS.

2) vzlist                                                                                               : To list all Running VPS.

3) vzctl start <VPSID>                                                                         : To Start a VPS.
   
4) vzctl stop <VPSID>                                                                          : To Stop a VPS.

5)  vzctl stop <VPSID> –fast                                                                : To Stop a VPS quickly and forcefully. 

6) vzctl restart <VPSID>                                                                      : To Restart a VPS.

7) vzctl status <VPSID>                                                                       : To view the status of the particular VPS.

8) vzctl enter <VPSID>                                                                        : To enter in a particular VPS.

9) vzcalc -v <VPSID>                                                                            : To view the resources used by the VPS.

10) vzctl exec <VPSID> <COMMAND>                                                  : To execute a commands against the VPS.

12) vzdqcheck [options] <path>                                                          : To counts inodes and disk space used.
 
Options available to the vzdqcheck command are:

              -h:-Usage info.
              -V:- vzquota version info.
              -v:- Verbose mode
              -q:- Quiet mode.


13) vzcpucheck –v                                                                                : To get the CPU usage.

14) vzmemcheck [-v] [-A]                                                                      : Shows the Node memory parameters.

          Options available to the vzmemcheck command are:
               -v:- Display information for each Container.
               -A:- Display absolute values (in megabytes).

15) vzpid <pid>                                                                                    : To display the ID of the Container where the process is running.

16) vzsplit -n <numve> -f <conf_name> -s <swapsize> -v <yes|no>  : To generate a sample VE configuration file.

          -n numv         :- Specify the number of containers.
          -f conf_name :- Specify the configuration sample name to write configuration
          -s swapsize   :-Specify the swap size in Kbytes.
          -v yes|no       :- Whether to generate VSwap enabled configuration.


17) vzcfgvalidate                                                                                  : To catch typical mistakes in the configuration.

                 It can be invoked as follows:

                    # cd /etc/vz/conf

                    # vzcfgvalidate <config_file>

18) vzctl set <VPSID> --hostname <HOSTNAME> --save                      : To set the Hostname of a VPS.

19) vzctl set <VPSID> --ipadd <IP> --save                                           : To add a new IP to the hosting VPS

20) vzctl set <VPSID> --ipdel <IP> --save                                            : To delete the IP from VPS

21) vzctl set <VPSID> --userpasswd root:<NEW PASSWORD> --save : To reset root password of a VPS.

22) vzctl set <VPSID> --nameserver <IP> --save                                 : To add the nameserver IP’s to the VPS.

23) exit                                                                                                 : log out from VPS.

24) vzctl destroy <VPSID>                                                                    : To destroy the VPS.

Automated ClamAV Virus Scanning

If any client demanding us to setup an automated ClamAV Virus Scanning in the server. Please do the following

The most simple way is trying a cron job on daily basis or hourly basis according to client's wish.
First of all you need to install the clamAV >> yum install clamav clamav-db clamd
Starting it>>/etc/init.d/clamd start
Removing the test virus files>> rm -rf /usr/share/doc/clamav-0.95.3/test/
Creating the scripts
>> vi /etc/cron.daily/clamscan_daily
Past these into the file
=================================================================
#!/bin/bash

# email subject
SUBJECT="VIRUS DETECTED ON `hostname`!!!"
# Email To ?
EMAIL="me@domain.com"
# Log location
LOG=/var/log/clamav/scan.log

check_scan () {

    # Check the last set of results. If there are any "Infected" counts that aren't zero, we have a problem.
    if [ `tail -n 12 ${LOG}  | grep Infected | grep -v 0 | wc -l` != 0 ]
    then
        EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
        echo "To: ${EMAIL}" >>  ${EMAILMESSAGE}
        echo "From: alert@domain.com" >>  ${EMAILMESSAGE}
        echo "Subject: ${SUBJECT}" >>  ${EMAILMESSAGE}
        echo "Importance: High" >> ${EMAILMESSAGE}
        echo "X-Priority: 1" >> ${EMAILMESSAGE}
        echo "`tail -n 50 ${LOG}`" >> ${EMAILMESSAGE}
        sendmail -t < ${EMAILMESSAGE}
    fi

}

clamscan -r / --exclude-dir=/sys/ --quiet --infected --log=${LOG}

check_scan
===================================================================
For hourly base >> vi /etc/cron.hourly/clamscan_hourly

paste these
===================================================================
#!/bin/bash

# email subject
SUBJECT="VIRUS DETECTED ON `hostname`!!!"
# Email To ?
EMAIL="me@domain.com"
# Log location
LOG=/var/log/clamav/scan.log

check_scan () {

    # Check the last set of results. If there are any "Infected" counts that aren't zero, we have a problem.
    if [ `tail -n 12 ${LOG}  | grep Infected | grep -v 0 | wc -l` != 0 ]
    then
        EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
        echo "To: ${EMAIL}" >>  ${EMAILMESSAGE}
        echo "From: alert@domain.com" >>  ${EMAILMESSAGE}
        echo "Subject: ${SUBJECT}" >>  ${EMAILMESSAGE}
        echo "Importance: High" >> ${EMAILMESSAGE}
        echo "X-Priority: 1" >> ${EMAILMESSAGE}
        echo "`tail -n 50 ${LOG}`" >> ${EMAILMESSAGE}
        sendmail -t < ${EMAILMESSAGE}
    fi

}

find / -not -wholename '/sys/*' -and -not -wholename '/proc/*' -mmin -61 -type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/ --exclude-dir=/sys/ --quiet --infected --log=${LOG}
check_scan

find / -not -wholename '/sys/*' -and -not -wholename '/proc/*' -cmin -61 -type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/ --exclude-dir=/sys/ --quiet --infected --log=${LOG}
check_scan
===================================================================

NB>>Dont forget to give the execution permission to both the scripts>>

chmod +x script

You can customize the log file according to the client's wish but should be updated in the script along with the full path.
You are permitted to customize all the variables also but should be legible account in case of E-mail account.

If you have done these then you are all set to go...  8)

Reset the Root password for th Xen VPS

 If you face root login issue with Xen VPS.Then please do the following steps.

1)First Stop the container using command or through solusvm
2)Secondlyfind the the the Xen image location  of the VPS which is /dev/mapper/xen-vm369_img(example)
3)create a directory name test and then mount the image to it using command mount /dev/mapper/xen-vm369_img /test
4)then change the root environment to test using the command chroot /test
5)Now the root environment will be same as that of Xen VPS which we have mounted
6)Then change the root password of root using passwd command.
7)Then exit from the root environment by typing the command exit and unmount the /test directory using umount /test
8)Reboot the server in solusvm

Database size not showing in cPanel

Most of you might have come across this issue before where database size show '0' in cPanel but tables, data exists in server. Here is the fix for it :

Open /var/cpanel/cpanel.config

Edit line

disk_usage_include_sqldbs=1 ( you need to set it to '1' if '0' ) 

And run

#/scripts/update_db_cache

That will do... :)