Flush ARP cache

Recently one of my vps is not responded to the out side internet. This issue was resolved after clearing my arp cache in the main node.

 Please check the commands I have issued

[root@server.ajeesh.com]# ip neigh flush all;arp -n

After this I could able to ping the server and Internet is active on my vps.

Issue with yum

Please check how i have fixed my yum issue on my vps.

[root@ldap /]# yum -y install openldap-servers openldap-clients
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Traceback (most recent call last):
  File "/usr/bin/yum", line 29, in ?
    yummain.user_main(sys.argv[1:], exit_code=True)
  File "/usr/share/yum-cli/yummain.py", line 309, in user_main
    errcode = main(args)
  File "/usr/share/yum-cli/yummain.py", line 178, in main
    result, resultmsgs = base.doCommands()
  File "/usr/share/yum-cli/cli.py", line 345, in doCommands
    self._getTs(needTsRemove)
  File "/usr/lib/python2.4/site-packages/yum/depsolve.py", line 101, in _getTs
    self._getTsInfo(remove_only)
  File "/usr/lib/python2.4/site-packages/yum/depsolve.py", line 112, in _getTsInfo
    pkgSack = self.pkgSack
  File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 662, in
    pkgSack = property(fget=lambda self: self._getSacks(),
  File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 502, in _getSacks
    self.repos.populateSack(which=repos)
  File "/usr/lib/python2.4/site-packages/yum/repos.py", line 232, in populateSack
    self.doSetup()
  File "/usr/lib/python2.4/site-packages/yum/repos.py", line 79, in doSetup
    self.ayum.plugins.run('postreposetup')
  File "/usr/lib/python2.4/site-packages/yum/plugins.py", line 179, in run
    func(conduitcls(self, self.base, conf, **kwargs))
  File "/usr/lib/yum-plugins/fastestmirror.py", line 181, in postreposetup_hook
    all_urls = FastestMirror(all_urls).get_mirrorlist()
  File "/usr/lib/yum-plugins/fastestmirror.py", line 333, in get_mirrorlist
    self._poll_mirrors()
  File "/usr/lib/yum-plugins/fastestmirror.py", line 376, in _poll_mirrors
    pollThread.start()
  File "/usr/lib64/python2.4/threading.py", line 416, in start
    _start_new_thread(self.__bootstrap, ())
thread.error: can't start new thread

I have tried with the following command but the issue was not fixed.

[root@ldap /]# yum clean all
Loaded plugins: fastestmirror
Cleaning up Everything
Cleaning up list of fastest mirrors
[root@ldap /]# rm -f /var/lib/rpm/__db*
[root@ldap /]# rpm --rebuilddb

Solution :

[root@ldap /]# rm /dev/urandom
rm: remove character special file `/dev/urandom'? y
[root@ldap /]# mknod -m 644 /dev/urandom c 1 9
[root@ldap /]# logout

exited from CT 3001
You have new mail in /var/spool/mail/root
[root@openvz ~]#
[root@openvz ~]# vzctl restart 3001

[root@ldap /]# yum update

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: ftp.iitm.ac.in
 * epel: ftp.neowiz.com
 * extras: ftp.iitm.ac.in
 * remi: remi-mirror.dedipower.com
 * updates: ftp.iitm.ac.in
base                                                                                                                                                      | 1.1 kB     00:00    
base/primary                                                                                                                                              | 1.2 MB     00:09    
base                                                                                                                                                                   3591/3591
epel                                                                                                                                                      | 3.7 kB     00:00    
epel/primary_db                                                                                                                                           | 3.8 MB     00:19

open .chm files in Linux

For reading .chm document you need xCHM  application. chm is a Microsoft compressed HTMl application.

ajeesh@tech3:~$ sudo apt-get install xchm
[sudo] password for ajeesh:

The following NEW packages will be installed:
  libchm1 xchm

After this operation, 905 kB of additional disk space will be used.
Do you want to continue [Y/n]? y


After this installation xCHM will be on your Applications => "Office"  section.

MySQL Daemon failed to start

[root@server /]# tail -f /var/log/mysqld.log

121126 22:43:33 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
121126 22:43:33 [Note] Plugin 'FEDERATED' is disabled.
121126 22:43:33 InnoDB: The InnoDB memory heap is disabled
121126 22:43:33 InnoDB: Mutexes and rw_locks use GCC atomic builtins
121126 22:43:33 InnoDB: Compressed tables use zlib 1.2.3
121126 22:43:33 InnoDB: Using Linux native AIO
121126 22:43:33 InnoDB: Initializing buffer pool, size = 128.0M
121126 22:43:33 InnoDB: Completed initialization of buffer pool

InnoDB: Error: pthread_create returned 11

121126 22:43:33 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended

I have fixed this by using the following way.

1. Increased my vps RAM from 512 to 1024MB
2. [root@server /]# ulimit -s unlimited
3. [root@server /]# service mysqld start

block web sites

we can block web sites using the following methods.

You can block web sites like facebook.com , orkut.com youtube.com etc using this way.

1. Using Anti-virus (Kaspersky)

     Step:1 Login to Parental Control
     Step:2 Seetings > Web=browsing


2. Using your Cisco Router

      ajeesh@tech3:~$ ping youtube.com
      PING youtube.com (74.125.236.38) 56(84) bytes of data.
      64 bytes from maa03s04-in-f6.1e100.net (74.125.236.38): icmp_req=1 ttl=52   time=160 ms

     ajeesh@tech3:~$ whois 74.125.236.38 | grep -E "NetRange|CIDR"
           NetRange:       74.125.0.0 - 74.125.255.255
           CIDR:           74.125.0.0/16


     Step1  : Router> enable
     Step2  : Router# configure terminal
   Step3  : Router(config)#
     Step4  :Router(config)# Ip route 74.125.0.0 255.255.0.0 Null0

Awstats Direct URL installation for cPanel

 Awstats Direct URL installation for cPanel


For illustrative purposes we are assuming the following:
server hostname: server.example.com
awstats url : http://www.example.com/aw
cPanel primary domain: www.example.com
cPanel account name: example
subfolder where we are installing awstat: aw

Installation Steps:

 root@server [~]# mkdir -p /home/example/public_html/aw

 root@server [~]# cd /home/example/public_html/

 root@server [~]# wget http://www.awstats.org/files/awstats-7.1.tar.gz

(substitute wget link with latest version)

 root@server [~]# tar -zxf  awstats-7.1.tar.gz

 root@server [~]#  rsync -avp awstats-7.1/wwwroot/cgi-bin/     /home/example/public_html/aw/

 root@server [~]# mkdir -p /home/example/public_html/images

 root@server [~]# rsync -avp awstats-7.1/wwwroot/icon/  /home/example/public_html/images/

 root@server [~]# chown -R example.example /home/example/public_html/aw

 root@server [~]# chown -R example.example /home/example/public_html/images

 root@server [~]# chmod 755 /home/example/public_html/aw/*.pl

create .htaccess file with following entries
++++++++++++++++++++++++++++
AddHandler cgi-script .cgi .pl
Options +ExecCGI
+++++++++++++++++++++++++++
 root@server [~]# chmod 755 /home/example/public_html/aw/.htaccess

 root@server [~]# cp -p /home/example/tmp/awstats/awstats.example.com.conf
 /home/example/public_html/aw/

 root@server [~]# chown example.example  /home/example/public_html/aw/awstats.example.com.conf

 root@server [~]# chmod 755  /home/panorami/public_html/aw



Now the awstat output of the domain example.com should be accessible using
the following link

 http://www.example.com/aw/awstats.pl?config=example.com

ref:
http://www.thewebhostinghero.com/tutorials/access-awstats-outside-cpanel.html

Installating vztop - openvz tools

You can install OpenVz monitoring tools and these utilities are available on OpenVz web site:

http://download.openvz.org/contrib/utils/

For example if you need to install vztop , you can done this by executing a single command.


Ajeesh~]# rpm -ivh http://download.openvz.org/contrib/utils/vzprocps-2.0.11-6.13.swsoft.i386.rpm

Retrieving http://download.openvz.org/contrib/utils/vzprocps-2.0.11-6.13.swsoft.i386.rpm
warning: /var/tmp/rpm-xfer.Z2tESG: Header V3 DSA signature: NOKEY, key ID 2425c37e
Preparing...                ########################################### [100%]
   1:vzprocps               ########################################### [100%]
You have new mail in /var/spool/mail/root

[root@Ajeesh ~]# vztop

Scripts Installation Service

We are happy to install for the following Scripts

mail to : ajeeshbkannan@yahoo.co.in  Or contact Us on 0091 - 9567994999


1. ffmpeg and its Dependant modules

2. Video Streaming

* Red5   (Live streaming) - video whisper / chat / admin panel
* Kaltura (Live Streaming)
* vidi scripts
* Vimp
* media core
* FMS
* wowza




3. Blogs / CMS /Forum / e-comerce

* wordpress
* Joomla
* phpbb
* ZenCart / PrestaShop / Open Cart / Magento
* wiki

4. Video / Picture / audio
  * Clipbucket
  * phpmotion
  * php-melody
  * avs

5 Other

 * Dolphin

cPanel Account terminate break in the middle

If your account terminate process breaks in the middle , your domain will exist in cPanel list account, terminate account, also the domain will be in /etc/localdomains , /etc/userdomains etc.

And when your try to terminate again from your cPanel/WHM you will see the following error.
==================
 Terminate an Account
Account Removal Status: failed (System user exoticca does not exist!)

System user exoticca does not exist!

==================

Solution

check the account exists on the following files
1. egrep ajeesh /etc/passwd /etc/shadow /etc/group
2. egrep -Ri ajeesh /var/cpanel/userdata/*
3.  mv /etc/named.conf.cache /etc/named.conf.cache.bak
4.  /etc/init.d/named restart

Remove SiteLock logo from your website

We can remove SiteLock logo from our web site by editing the file name called

.fastinclude


I have removed the following codes from this hidden file.

Changing Time zone in OpenVz vps

Changing Time zone in CentOS server/ Cpanel/WHM Servers

Option :1

Main >> Service Configuration >> PHP Configuration Editor [Date and Time] we can change

Changing the time in VPS via  WHM  Main >> Server Configuration >> Server Time,

Option 2:

Editing the configuration Files

#cat /etc/sysconfig/clock

date.timezone="US/Chicago"

date.timezone="America/Chicago"

 [~]# cat /etc/sysconfig/clock
ZONE="US/Central"
UTC=false
ARC=false

Option 3:

# ls -la  /etc/localtime

# cp /etc/localtime /etc/localtime.bkp

# cp /usr/share/zoneinfo/America/Chicago /etc/localtime

Or

#  ln -s /usr/share/zoneinfo/America/Chicago /etc/localtime

And then update the time zone value in your php.ini file 

date.timezone="America/Chicago" 

Restart the apache and check your server time.

Option 3:

Sometimes if your server is vps then the above options will not be work , for that time you can do the following steps.

1. Directly set the time using the date command, You can get the right time from your other server.

 date --set="2012-10-17 21:34 am"

and if it throws  "step-systime operation not permitted" error please fix this issue from your Hardware Node.

 # vzctl stop VEID

# vzctl set --capability sys_time:on --save

 # vzctl restart VEID

 date --set="2012-10-17 21:34 am"

Another fix:

 yum -y install ntp

Identify time zone from http://www.pool.ntp.org/

# vi /etc/ntp.conf

select a server.

eg: 0.centos.pool.ntp.org

# ntpdate servername
That is ntpdate clock.rethat.com


While doing the ntpupdate you may receive the following error:  "step-systime operation not permitted"

Suggested Fix

# vzctl stop VEID

# vzctl set --capability sys_time:on --save

needs to be replaced by your container’s ID
After executing the command above, your container’s configuration file needs to be reloaded. Thus, use ‘vzctl‘ to restart it.

# vzctl restart

scons running time error

Last time while installing flvtool++ i have encountered the following error.

[/usr/local/src/flvtool++]# scons
scons: Reading SConscript files ...

AMFData.h:270: error: 'dmap' was not declared in this scope
AMFData.h: In member function 'virtual std::string AMFArray::asString() const':
AMFData.h:273: error: 'dmap' was not declared in this scope
AMFData.h: In member function 'virtual void AMFArray::write(fout&) const':
AMFData.h:282: error: 'dmap' was not declared in this scope
AMFData.h:283: error: 'dmap' was not declared in this scope
AMFData.cpp: At global scope:
AMFData.cpp:10: error: expected constructor, destructor, or type conversion before '<' token
scons: *** [AMFData.o] Error 1
scons: building terminated because of errors.

Fix:
[/usr/local/src/flvtool++]# yum install wget boost-devel gcc gcc-c++

and then execute

[/usr/local/src/flvtool++]# scons
scons: Reading SConscript files ...

scons: warning: The env.TargetSignatures() method is deprecated;
        convert your build to use the env.Decider() method instead.
File "/usr/local/src/flvtool++/SConstruct", line 3, in ?
scons: done reading SConscript files.
scons: Building targets ...
g++ -o AMFData.o -c -ggdb -O3 -Wall -I. -I/usr/local/include/boost-1_33_1 AMFData.cpp
g++ -o flvtool++.o -c -ggdb -O3 -Wall -I. -I/usr/local/include/boost-1_33_1 flvtool++.cpp
g++ -o flvtool++ -ggdb flvtool++.o AMFData.o
scons: done building targets.

Iptables rule delete

Sometimes you can not remove rules using your csf commands because the rules will be added as block wise.

root@ajeesh [~]# csf -g 172.16.9.55

 Chain num pkts bytes target prot opt in out source destination 

LOCALOUTPUT 9 183 11076 DROP all -- * !lo 0.0.0.0/0 172.16.0.0/16

LOCALINPUT 9 183 11076 DROP all -- * !lo 0.0.0.0/0 172.16.0.0/16

Like this case you can not remove a particular IP from from your server firewall using the commands

csf -tr ip and csf -dr IP

You can delete the IPs using iptables command,

Here should know what is the Ip chain number for your ipblock. From my side you can see my ip chain rule number is 9.

 

root@ajeesh [~]# iptables -L LOCALINPUT -n -v --line-numbers | grep 172.16.0.0/16

Using this command also you will get the IP chain number.

To delete this rule :

root@ajeesh [~]# iptables -D LOCALINPUT 9

root@ajeesh [~]# iptables -D LOCALOUTPUT 9

OpenVz kernel upgrade

Steps:

1. [root@openvz ~]# arch
x86_64

2. [root@openvz ~]# getconf LONG_BIT
64

3. cd /usr/local/src/

4. wget http://download.openvz.org/kernel/branches/rhel5-2.6.18/028stab101.1/ovzkernel-2.6.18-308.8.2.el5.028stab101.1.x86_64.rpm

5. rpm -ivh ovzkernel-2.6.18-308.8.2.el5.028stab101.1.x86_64.rpm

6. cat /etc/grub.conf

7. shutdown -f -r now

Fatal error: Cannot redeclare date_diff()

This is normally your script is having some compatibility issues with php5.3. because i have seen this errors with scripts running in php 5.3 version.

 Fatal error: Cannot redeclare date_diff() in /home/ajeesh/public_html/video/ajaxfunc.php

I have fixed these error with replacing "date_diff" function with zen_date_diff in the particular error showing path.

Enable sar iostat on your Linux server

It is very important to enable the monitoring tools like sar,iostat etc especial when you run your server as a virtual servers.

You can not install sar as "yum install sar" . So we need to know what is the package is for these utilities to installed.

If any of your server is enabled command called "sar"  then you can trace which package is used for this utility.

[root@ajeesh ~]# yum whatprovides "/usr/bin/sar"
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* openvz-kernel-rhel5: mirror.fdcservers.net
* openvz-utils: mirror.fdcservers.net
sysstat-7.0.2-11.el5.x86_64 : The sar and iostat system monitoring commands.
Repo : base
Matched from:
Filename : /usr/bin/sar


sysstat-7.0.2-11.el5.x86_64 : The sar and iostat system monitoring commands.
Repo : installed
Matched from:
Other : Provides-match: /usr/bin/sar

OR

 [root@ajeesh ~]# rpm -qf /usr/bin/sar
sysstat-7.0.2-11.el5

So we can install all these utilities using

 [root@ajeesh ~]# yum install sysstat


Error:
 [root@ajeesh ~]# sar
Cannot open /var/log/sa/sa01: No such file or directory

Solution:




cd /etc/init.d
chmod 755 sysstat


 

upgrading ssh version

Upgrading your ssh version in cpanel centos server.


If you have a specific  CVEs from your PCI report (vulnerability scan report) you can check  this using the following method whether they have fixed that  particular vulnerability in your installed version.

# rpm -q --changelog openssh > openssh.changelog
# cat  openssl.fixlog | grep CVE-2006-5794
root@ajeesh [~]# cat openssh.changelog | grep CVE-2006-5794
- CVE-2006-5794 - properly detect failed key verify in monitor (#214642)



root@ajeesh [~]# rpm -qa | grep ssh
openssh-server-4.3p2-82.el5
openssh-clients-4.3p2-82.el5
fuse-sshfs-2.4-1.el5
openssh-4.3p2-82.el5

root@ajeesh [~]# yum upgrade openssh*
Loaded plugins: fastestmirror, rhnplugin
Loading mirror speeds from cached hostfile
 * cloudlinux-x86_64-server-5: xmlrpc.cln.cloudlinux.com
 * epel: mirrors.tummy.com
 * rpmforge: mirror.teklinks.com
Excluding Packages in global exclude list
Finished
Setting up Upgrade Process
No Packages marked for Update
root@ajeesh [~]#

We can not do this yum upgrade for ssh. Centos is not issued the latest repository for ssh.

So we can do the following steps to upgrade openssh in your centos server.

1. root@Ajeesh [/usr/src]# wgetwget http://mirror.esc7.net/pub/OpenBSD/OpenSSH/portable/openssh-6.1p1.tar.gz

2. [/usr/src]# tar -xvzf openssh-6.1p1.tar.gz

3. [/usr/src]# cd openssh-6.1p1
4. [/usr/src/openssh-6.1p1]# cp contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
5. [/usr/src/openssh-6.1p1]# cd ..
6. ]# cp openssh-6.1p1.tar.gz  /usr/src/redhat/SOURCES/
7. cd /usr/src/redhat/SPECS
8. perl -i.bak -pe 's/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/' openssh.spec
9. [/usr/src/redhat/SPECS]# rpmbuild -bb openssh.spec
10 ]# cd /usr/src/redhat/RPMS/x86_64/
11 ]# rpm -Uvh *.rpm


]# rpm -qa | grep ssh
openssh-6.1p1-1
openssh-server-6.1p1-1
openssh-clients-6.1p1-1

3ware RAID monitoring tool

Diagram of RAID 4 storage (Photo credit: Wikipedia)

If you are using a 3ware RAID hardware for your Hardware RAID , you can monitor your 3ware RAID in web panel. I have followed the following steps to install this on my server.

cd /usr/local/src

wget http://50.28.25.235/3DM2.zip 

Also we can get all the RAID hardware from this link :

http://www.lsi.com/channel/support/pages/downloads.aspx?k=* 

 unzip 3DM2.zip
 chmod +x install.sh
 ./install.sh -i
 rm 3DM2.zip

  /sbin/iptables -I INPUT -p tcp --dport 888 -j ACCEPT
 service iptables save
 service iptables restart

After this you can login to your RAID web panel using user : administrator 

and password as "3ware"

  https://your_server_ip:888/

Where ywe can configure email settings > "3DM2 Settings" button 

Next we need to change the default password for administrator and user 

Linux Commands:-

#compgen -c  => list all commands in linux
#lsblk , lsblk -f  => list block with file system

# lsb_release  , lsb_release -a  => os version , name etc..
1. To view the content of a tar file
#tar -tvf /path/to/file.tar
2. To view the content of rpm file.
#rpm -qlp /path/to/file.rpm

Find hosted domains not resolving to your cpanel server.

We can use a cpanel plugin to find out domains hosted on your server but it resolves to another IPs which is not related to your server.

cd /home
rm -f latest-accountdnscheck
wget http://www.ndchost.com/cpanel-whm/plugins/accountdnscheck/download.php
sh latest-accountdnscheck

You can find our all domains resolving to your server and not resolving to your server by login to WHM > Plugins > Account DNS Check

Also you can get the details by executing this command.
# /var/cpanel/accountdnscheck/scripts/cli_run.sh

CloudLinux and r1soft

If your server is running r1soft after upgrading your kernel you need to install r1soft module using the command  r1soft-cki

If you are having difficulties to run r1soft-cki.

[~]# /etc/init.d/buagent status
/etc/init.d/buagent status: buagent (no pid file) not running
root@hyrule [~]# /etc/init.d/buagent restart

/etc/init.d/buagent restart: buagent not running, trying to start
/etc/init.d/buagent restart: buagent could not be started
root@hyrule [~]# r1soft-cki
Checking for binary module
Waiting                       |         
No binary module found
Gathering kernel information
Gathering kernel information complete.
Creating kernel headers package
Checking '/lib/modules/2.6.18-408.el5.lve0.8.61.1/source/' for kernel headers
Checking '/usr/src/kernels/2.6.18-408.el5.lve0.8.61.1-x86_64/' for kernel headers
Checking '/lib/modules/2.6.18-408.el5.lve0.8.61.1/build/' for kernel headers
Unable to find a valid source directory.
Please install the kernel headers for your operating system.

root@hyrule [~]# uname -a
Linux server.ajeeshbkannan.com 2.6.18-408.el5.lve0.8.61.1 #1 SMP Wed Apr 18 07:47:15 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux

Here you can see iam using  el5.lve0.8.61.1

So the solution is
 [~]# yum install kernel-devel
Installing:
 kernel-devel                        x86_64                        2.6.18-408.el5.lve0.8.61.1                          cloudlinux-x86_64-server-5                        5.4 M

After this

[~]# r1soft-cki

Compressing...
uploading kernel package                                                                                                                      99% 4879KB   4.8MB/s   00:00 ETA
Starting module build...
Complete.                               
Saving kernel module to '/lib/modules/buagent/backupdriver-cki-2.6.18-408.el5.lve0.8.61.1.ko'
Kernel module is now installed.




And if your kernel is PAE

Then yum install kernel-PAE-devel

Discard spam emails in Exim

no spam! (Photo credit: Wikipedia)

We can discard spam emails from and to our server(Both incoming and outgoing emails). Using this we can stop spam emails like citibank, paypal, hsbc any spamming activities.

Login to your cpanel server.

Main >> Service Configuration >> Exim Configuration Manager

Under Filter Section

/etc/cpanel_exim_system_filter_ajeesh by default this will be /etc/cpanel_exim_system_filter but this filter will be gone once you do a exim upgrade. So that I have used a custom name.

 

Exim filters based on Subject:

if

$header_subject: contains "viagra"

then

seen finish

endif

-------

if

$header_subject: contains "***SPAM***"

then
seen finish

endif

============

Exim Filter Based on to Address

if (

$received_protocol is "local" or

$received_protocol is "esmtpa"

) and (

$header_from contains "@ebay.co.uk")

then

seen finish

endif

-------

if (

$received_protocol is "local" or

$received_protocol is "esmtpa"

) and (

$header_from contains "@paypal.com")

then

seen finish

endif  
---------------

Semaphore issues

When we get a semaphore error while trying to restart apache like the following

critical_create(): semget() failed: No space left on device.

 # ipcs

From here you can see the sephore process running on the server.
 You will get a output like this:
Message Queues:
T ID KEY MODE OWNER GROUP

Semaphores:
T ID KEY MODE OWNER GROUP
s 524288 0 --rw------- apache apache
s 9240577 0 --rw------- apache apache
s 6684674 0 --rw------- apache apache
s 393219 0 --rw------- apache apache

If apache's not up and running, you can "ipcrm" them like this:
ipcrm -s 524288
Or execute a loop to ipcrm all apache
for i in `ipcs -s | grep apache | awk '{ print $2; }'`; do ipcrm -s $i; done

To increase semaphore value
sysctl kernel.sem //check current value
echo "kernel.sem=500 128000 64 256" >>/etc/sysctl.conf // append settings #pacifichost example
sysctl -f /etc/sysctl.conf //to load the new parameters

cagefs - Image magick module error

Image magick module was attempted to be installed on a cpanel server as usual,but it didn't show up on the phpinfo page and error log showed as.
++++++++++++
PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20090626/imagick.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20090626/imagick.so: cannot open shared object file: No such file or directory in Unknown on line 0
++++++++++++

Fix:-
cagefsctl --update

So moral of the story is to run cagefsctl --update after any new php module installation for it to take effect in a cpanel server with cagefs support

Downloading jdk package

We are facing downloading issues for jdk packages from oracle web site

http://www.oracle.com/technetwork/java/javase/downloads/jdk6-downloads-1637591.html

The downloaded file should be in the form of some html file and which is not useful for our installation.

Example:
root@server [/usr/local/src]# wget http://download.oracle.com/otn-pub/java/jdk/6u33-b03/jdk-6u33-linux-x64.bin

100%[====================================================================================================================>] 5,307       --.-K/s   in 0s     

2012-07-01 14:57:24 (298 MB/s) - `download-fail-1505220.html' saved [5307/5307]

Here you can see that our downloaded file is a .html file.

Oracle web site is asking for license agreement and we need to confirm this , then only we can upload the original file to our server.

Here is the steps to direct jdk package from oracle web site to your server.

1.  root@server [/usr/local/src]# wget --no-cookies --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2Ftechnetwork%2Fjava%2Fjavase%2Fdownloads%2Fjdk-7u3-download-1501626.html;" http://download.oracle.com/otn-pub/java/jdk/6u33-b03/jdk-6u33-linux-x64.bin


Saving to: `jdk-6u33-linux-x64.bin?AuthParam=1341167305_9b2519bdbfdd528c07670b1edf6b1762'

100%[====================================================================================================================>] 72,029,591   144K/s   in 10m 25s

2012-07-01 13:37:27 (113 KB/s) - `jdk-6u33-linux-x64.bin?AuthParam=1341167305_9b2519bdbfdd528c07670b1edf6b1762' saved [72029591/72029591]

2. root@server [/usr/local/src]# mv jdk-6u33-linux-x64.bin\?AuthParam\=1341167305_9b2519bdbfdd528c07670b1edf6b1762 jdk-6u33-linux-x64.bin


Thats it now you have downloaded the latest jdk file from oracle web site to your server.

 wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com"    ----> without ssl

cpanel error.

Main >> Account Functions >> Password Modification

Iam getting error:
[a fatal error or timeout occurred while processing this directive]

 Read of CDB_File failed: Protocol error at /usr/local/cpanel/Cpanel/CPAN/Locale/Maketext.pm line 217.
Cpanel::CPAN::Locale::Maketext::maketext() called at /usr/local/cpanel/whostmgr/docroot/templates/_pkg_hover.tmpl line 9
eval {...} called at /usr/local/cpanel/whostmgr/docroot/templates/_pkg_hover.tmpl line 9
eval {...} called at /usr/local/cpanel/whostmgr/docroot/templates/_pkg_hover.tmpl line 16
Template::Provider::__ANON__('Template::Context=HASH(0x15fefc90)') called at /usr/local/cpanel/perl/Template/Document.pm line 151
eval {...} called at /usr/local/cpanel/perl/Template/Document.pm line 149
Template::Document::process('Template::Document=HASH(0x1604d220)', 'Template::Context=HASH(0x15fefc90)') called at /usr/local/cpanel/perl/Template/Context.pm line 347
eval {...} called at /usr/local/cpanel/perl/Template/Context.pm line 321
Template::Context::process('Template::Context=HASH(0x15fefc90)', '_pkg_hover.tmpl') called at /usr/local/cpanel/whostmgr/docroot/templates/userlist.tmpl line 156
eval {...} called at /usr/local/cpanel/whostmgr/docroot/templates/userlist.tmpl line 16
Template::Provider::__ANON__('Template::Context=HASH(0x15fefc90)') called at /usr/local/cpanel/perl/Template/Document.pm line 151
eval {...} called at /usr/local/cpanel/perl/Template/Document.pm line 149
Template::Document::process('Template::Document=HASH(0x16039910)', 'Template::Context=HASH(0x15fefc90)') called at /usr/local/cpanel/perl/Template/Context.pm line 347

Solution :
 /usr/local/cpanel/bin/build_locale_databases --force

Firefox is already running

Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system:

Iam getting this message while opening my firefox.

Fix:-
cd /home/ajeesh/.mozilla/firefox/b8pnxnp6.default
ajeesh@tech4:~/.mozilla/firefox/b8pnxnp6.default$ rm .parentlock

can not login cpanel as Root

I have an issue with cpanel root loging. I have checked in iptables whether my ip has denied but all are safe.


 [/]# tail -f /usr/local/cpanel/logs/cphulkd.log

Sat  9 07:35:14 20 [info] Connection service=system ip=115.119.57. port=2086 user=root blocked by cphulkd (IP Address is blacklisted matched 115.119.57.)



So I have executed the following command and which fixed my issue.
[/]# /scripts/cphulkdwhitelist 115.119.57.
115.119.57. has been whitelisted

ezeelogin 500 Internal Server Error

Ezeelogin 500 Internal Server Error The request was not completed. The server met an unexpected condition.        ajeeshbkannan.com/ezeelogin/ (port 443)          Please forward this error screen to ajeeshbkannan.com's WebMaster

Error log:-

Mon Jun 04 10:47:52 2012] [error] [client 115.119.57.2] SoftException in Application.cpp:357: UID of script "/usr/local/apache/htdocs/ezeelogin/index.php" is smaller than min_uid
[Mon Jun 04 10:47:52 2012] [error] [client 115.119.57.2] Premature end of script headers: index.php
[Mon Jun 04 10:47:52 2012] [error] [client 115.119.57.2] File does not exist: /usr/local/apache/htdocs/ezeelogin/sys_cpanel, referer: https://ajeeshbkannan.com/ezeelogin/

Fix:
your ezeelogin index.php file permission should be nobody.nobody

+++++++++++++++++++++++++++++++++
-rw-r--r-- 1 nobody nobody  4364 Jun  4 10:19 index.php

Please note the other folder permission should be root.root
+++++++++++++++++++++++++++++++++

/etc/hosts for windows

Programmers test their web sites by calling the links http://IP/~username when the dns is not transferred completely for a domain.

But some times this function will not work due to the following reasons.
1. Some hosting providers enabled "mod_userdir" on their apache tweak for security reasons.
2. Once you transferred your domain to another server and your domain is installed with some scripts like wordpress,joomla etc( Because their db's host name should be yourdomainname.com not IP/~username

In that time you can edit the following file in your windows machine
c:\WINDOWS\system32\drivers\etc\hosts 
as
IP_current_server   domainname.com

installing cagefs incpanel server.

First you need to check your cloudlinux version. If the version is higher than lve0.8.54. Do the following steps.

yum install cagefs
/usr/sbin/cagefsctl --init
By default cagefs is disabled for all users


/usr/sbin/cagefsctl --enable-all

/usr/sbin/cagefsctl --list-enabled  -> list all the cagefs enabled users

FYI:  We need to enable normal shell for any users using SFTP. Jailshell will not connect sftp.

Sometimes your ffmpeg path will not recognize.Issues can be affected application like clip bucket, phpmotion,

While converting this will shows sh:ffmpeg path not found also while checking the server modules this will not recognize ffmpeg,flvtool,mp4box

Solution
cagefsctl --addrpm ffmpeg
cagefsctl --update
in latest version you may need to run the below command:

]# cagefsctl --force-update

OR
[/etc/cagefs/conf.d]# cat clipbucket.cfg
[clipbucket]
comment=ClipBucket
paths=/usr/local/bin/ffmpeg, /usr/bin/php, /usr/local/bin/flvtool2, /usr/local/bin/MP4Box




For updating cagefs to the latest version:

 Using the following command i have updated using following :
 # yum update lve-utils lve-stats cagefs
 

lve-utils-0.6-10.el5.cloudlinux to => lve-utils-1.0-34.el5.cloudlinux

lve-stats-0.8-2.el5.cloudlinux to => lve-stats-0.9-6.el

cagefs-3.5-2.el5.cloudlinux to => cagefs-3.6-4.el5.cloudlinux

upgrading google chrome

Please note down google-chrome web browser upgrading steps

Recently my google-chrome web browser crashed regularly. Chrshed google-chome will take 1-2 minutes to come back in normal performance.

These are the steps i have issued in my computer.

root@fs2:/home/ajeesh# sudo apt-get update
root@fs2:/home/ajeesh# sudo apt-get install google-chrome-stable
Reading package lists... Done
Building dependency tree      
Reading state information... Done

Table 'mysql.servers' doesn't exist

mysql> flush privileges;
ERROR 1146 (42S02): Table 'mysql.servers' doesn't exist

Solution:
run this command
# mysql_fix_privilege_tables --password=ajeesh123

TypeError: mcval.plsFun is not a function

While running radio on shoutcast i got this error, TypeError: mcval.plsFun is not a function

But i have refreshed the firefox web browser using tab "f5" and take the radio station its works for me.

Removing R1Soft cpanel plugin

If you want to remove the R1Soft CDP server plugin from your cpanel server,

1. /usr/lib/buagent/control-panels/cpanel/remove-cpanel-integration.sh

If this is not work , then you may need to call the r1soft cpanel plugin manual uninstaller.

1. /usr/local/cpanel/bin/unregister_cpanelplugin /var/cpanel/registered_cpanelplugins/righteousbackup

RVSitebuilder Publshing error curl_init

Publshing found the error “Cannot connect to yourdomain.com using curl_init”.

If you working on your RVSitebulider on your step 7 while clicking "publishing" you will get this error. This time you may need to contact your hosting provider to fix the issue and they will do the following steps to fix your issue(Cpanel servers).

Go to /var/cpanel/rvglobalsoft/rvsitebuilder/var
[/var/cpanel/rvglobalsoft/rvsitebuilder/var]#
and create a file name called "skip_validate_domain" and add your domain name on that file. This will fix the issue.

Changing mysql global variable Value

Changing mysql global variable Value

Here iam changing "character_set_server" from latin1 to utf8

[~]# cat /etc/my.cnf
[mysqld]
collation_server=utf8_unicode_ci
character_set_server=utf8

Installing GlobalSign OneClickSSL cPanel pugin

For installing oneclickssl please do the following steps on your cpanel server.

/scripts/perlinstaller CGI::Session
/scripts/perlinstaller Time::Local
/scripts/perlinstaller MIME::Base64
/scripts/perlinstaller WWW::Mechanize
/scripts/perlinstaller File::Touch
/scripts/perlinstaller HTTP::Headers::Util
/scripts/perlinstaller Config::Crontab
/scripts/perlinstaller Mozilla::CA
/scripts/perlinstaller YAML::Syck
/scripts/perlinstaller XML::Simple
/scripts/perlinstaller Date::Simple
/scripts/perlinstaller JSON
/scripts/perlinstaller LWP::UserAgent
/scripts/perlinstaller HTTP::Request::Common
/scripts/perlinstaller HTTP::Headers::Util
/scripts/perlinstaller WWW::FieldValidator
/scripts/perlinstaller Digest::MD5
/scripts/perlinstaller Template is
/scripts/perlinstaller IO::Handle
/scripts/perlinstaller IPC::Open3

 /scripts/perlinstaller SOAP::Lite
sometime you can not install this using this scripts

it will strucked like this Press to see the detailed list. 


root@server [/usr/local/src]# 

So you can try this one
perl -MCPAN -e 'install SOAP::Lite'

 PAN: LWP::UserAgent loaded ok (v6.04)
Fetching with LWP:
http://mirrors.mednor.net/CPAN/modules/03modlist.data.gz

 So i have gone for a manual installation as like below.

 root@server [/usr/local/src]# wget http://prdownloads.sourceforge.net/soaplite/SOAP-Lite-0.65_3.tar.gz?download
root@server [/usr/local/src]# tar zxf SOAP-Lite-0.65_3.tar.gz
[/usr/local/src/SOAP-Lite-0.65_3]# perl Makefile.PL
]# make
make test
make install



cd /usr/local/src/
wget www.globalsign.com/downloads/oneclickssl/cpanel/cpanel-plugin-2.6.sea
or
 wget http://www.globalsign.com/downloads/oneclickssl/cpanel/GlobalSign-OneClickSSL-cPanel-Plugin-2.87.sea

chmod +x cpanel-plugin-2.6.sea
./cpanel-plugin-2.6.sea

**********************
 12-09-2012
latest cpanel plugin for oneclick ssl is
 https://www.globalsign.com/downloads/oneclickssl/cpanel/GlobalSign-OneClickSSL-cPanel-Plugin-2.90.sea
**********************
Error:
There was an error. Please contact GlobalSign support. Error: System Error (The 'Temporary' certificate necessary to allow the OneClickSSL process to be completed cannot be aquired from the target domain). Please retry and if the issue persists then contact support with detailed information concerning the issue.


Solution:
Try reinstall with the latest globalSign plugin and disabling csf, then check your domain is resolving to the correct server.

cpnel can not update

Cpanel can not upgrade to 11.32. version

While trying to upgrade to the latest version from WHM 11.30.6 (build 6) to the latest version 11.32.x, it is not upgrading.
Why because you are using "stable" in your cpanel update configuration.

We can change this by editing cpanelupdate configuration file as follows.
root@server [~]# cat /etc/cpupdate.conf
CPANEL=release


Or you can change in your WHM Main >> Server Configuration >> Update Preferences

Enabling flash player in fedora.

My machine is 32 bit.So i have followed the the bellow steps.


[root@localhost ~]# rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-i386-1.0-1.noarch.rpm

[root@localhost ~]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux

[root@localhost ~]# yum check-update

[root@localhost ~]# yum install flash-plugin nspluginwrapper alsa-plugins-pulseaudio libcurl

After that go to your firefox browser and type about:plugins
Shockwave Flash = swf
FutureSplash Player = spl

enabling wireless in fedora

Image via Wikipedia

Enabling wireless connection in Lenovo G550 with OS fedora 16

Today i have enabled wireless in my Lenovo G550. Please note down the steps for enabling this.

[root@localhost src]# lspci
04:00.0 Network controller: Broadcom Corporation BCM4312 802.11b/g LP-PHY (rev 01)

[root@localhost src]# dmesg | grep 04:00.0
[ 0.167848] pci 0000:04:00.0: [14e4:4315] type 0 class 0x000280

From this we can identify PCI-ID for my broadcom hardware is 14e4:4315

For enabling we need to install wget and b43-fwcutter

# yum install b43-fwcutter

#[root@localhost src] export FIRMWARE_INSTALL_DIR="/lib/firmware"

#[root@localhost src] wget http://www.lwfinger.com/b43-firmware/broadcom-wl-5.100.138.tar.bz2

#[root@localhost src]# tar xjf broadcom-wl-5.100.138.tar.bz2

#[root@localhost src]# b43-fwcutter -w "$FIRMWARE_INSTALL_DIR" broadcom-wl-5.100.138/linux/wl_apsta.o

Thats it my broadcom wireless got recognised in the fedora .....:-)

LFD process ignore file

Sometime you will be logged out from your jailshell ssh without displaying any errors on your Putty.

This may be due to lfd is killing your jailshell process.

lfd[623238]: *User Processing* PID:622892 Kill:1 User:ajeesh Time:92 EXE:/home/virtfs/ajeesh/bin/bash CMD:-jailshell

We can fix this issue using the following steps:

1. Login to your whm > Plugins > ConfigServer Security&Firewall
2. csf.pignore, process tracking
edit and needs to update these rules.
exe:/home/virtfs/ajeesh/bin/bash
user:ajeesh
cmd:jailshell

Apache tweaking

Apache tweaking

1. Compilation

* Apache is modular based software, we can compile module into apache either statistically or dynamically(DSO)load only required modules
* In DSO we can compile when the server built time or latter by using "apxs"
* Statically compiling Apache will increase memory performance.

2. use good MPM

*MPM can be loaded into the server at any time. MPM is responsible for binding the netwok ports, accepting request, send chindren to handle the request.
* two types of MPM we have in apache 1. Worker 2. prefork
* Worker :- This is **multi-thread**,fast,less memory consumer. Which makes multiple thread in a single child process
dis: faulty threas can affect all the thread in that child process.
* prefork :- This is **muti-child** process, each child handle one connection at a time, this MPM is good for single and double processor server.
dis: memory utilization is high, high chance to crshing children

3. DNS Lookup
*using for hostname logging instead of IP address, enabling this reduce the speed of the apache ,If you want to resolve IP address use "Logresolve"
*By default " HostnameLookups Off " in apache
* use IP address in "Allow from " and "Deny from" if you use hostname there will be a double dns check

4. AllowOverride

*not set " AllowOverride None " , because this will check all .htaccess file . So this is good to enable for the required directory alone.

4. SymLinksIfOwnerMatch
* need to avoid this, otherwise apache needs to make another system call to verify the owner

But for securing it is good to enable symlink protection at kernel level. In cpanel once we enable SymLinksIfOwnerMatch does not come in affect and hackers easily hack the accounts and use symlink to root directory.

5. MaxClient
* Maximum simultanious request can handle by the web-server. If we put this to a low value will cause more unused resources on your server and if we increase this to a high value which will eat your resources and increase the response time for the requests made into the web-server.
equation for the best MaxClient=RAM dedicated to your web-server/Maxchild process , child process sizecan be find out using " ps -ylC httpd --sort:rss "

6. MaxSpareServers , MinSpareServers , StartServers -> prfork : MinSpareThreads , MaxSpareThreads -> worker
*Max and Min means number of child processes keep alive while waiting for a request
* Apache can spawn 32 child process per second.
* startserver means the number of child process can create at the start up, If there are lots of request and apache is restarting frequently then set a high value for this

7. MaxRequestsPerChild
*Means the number of request that to a individual child server process handle.(maximum number of requests a server process serves)
*MaxRequestsPerChild set to some thousand , by defauld this is set as "0" so the child process never expire.

8. KeepAlive and KeepAliveTimeout
* Means multiple request send to the same tcp connection, if we set this to "Off" separate tcp connection is needed.
*KeepAliveTimeout means wait time for the next request.Good to set value between 4-7 second.

9. Compression
* We can enable compression using mod_deflate module or gzip. There is no other software required for the client side.

ServerLimit = MaxClients / ThreadsPerChild
MaxClients = ServerLimit x ThreadsPerChild

16G-32G of RAM
MaxKeepAliveRequests 150
KeepAliveTimeout 5

StartServers 20
MinSpareServers 20
MaxSpareServers 40
ServerLimit 450
MaxClients 450
MaxRequestsPerChild 1000

ifmodule worker.c
ServerLimit 18
StartServers 8
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxClients 450
MaxRequestsPerChild 1000
ifmodule
Timeout 30
2G-8G of RAM
MaxKeepAliveRequests 150
KeepAliveTimeout 5
ifmodule prefork.c
StartServers 20
MinSpareServers 20
MaxSpareServers 40
ServerLimit 350
MaxClients 350
MaxRequestsPerChild 1000
ifmodule
ifmodule worker.c
ServerLimit 14
StartServers 4
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxClients 350
MaxRequestsPerChild 1000
ifmodule
Timeout 30

VPS (Xen/OpenVZ) less than 1G RAM
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 1
ifmodule prefork.c
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 300
ifmodule
ifmodule worker.c
ServerLimit 16
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxClients 150
MaxRequestsPerChild 500

DDOS

DOS Attack

1.DOS (Denial Of service)
* Mostly a SYN based attack ( One way hand shaking)
* Attack is from a particular Ip so we can easily blocked in our software firewall

2. DDOS (Distributed Denial Of Service)

* from Different Geo location attack.
* Fullway hand shake attack , Full request , That is SYN and ACK based
* half tcp connection

A. Need to dected is there is a DDOS
B. How much strong it is
C.Precautions
i. application Level (Ie in the Web server configuration file) We can write a script for the Geo location Ips to block, Set 404 error
ii. System Level. ( Kernel Firewall)
iii. Network Level( Null routing)
Useful commands for DDOS detection
1. pptime
2. free -m
3. ps , example ps aux | grep wc -l

If you the attack is from a particular country you can deny all the connection from that country in your csf firewall.

useful commands:
1. tcpdump -i igb1 -nnn -c 10 dst port 80 host
this is for freebsd cmd where "igb1" is the netwok interface name
2. time tcpdump -i igb1 -nnn -c 1000 dst port 80 host 192.168.0.5 | tail
3. tail -1000 /var/log/nginx_aceess.log | awk '{print $1}' | sort | uniq -c | sort -b -k1 -n | tail
4. netstat -n | awk '{ print $5 }' | cut -d ":" -f 1 | grep "[1-9]" | sort | uniq -c | sort -n

5. awk '{print $5}' /proc/net/ip_conntrack|sort |uniq -c |sort -rn |head -25 | column -t

6. netstat -nt | grep :80 | wc -l

7. tcpdump -A dst 192.168.1.14 -s 500 | grep -i refer

8. tcpdump -i eth0 -vvv -nn -s 1700 -w ddos

~]# tcpdump -nn -vv -r ddos | awk '{print $18}' | awk -F\. '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -rn | head -25

9. root@ajeesh [~]# /usr/local/apache/bin/apachectl fullstatus

cpanel apache conf edit

Once you have edited your apache configuration in cpanel server you need to execute the following commands to update the new values to your apche configuration file permanently.

ajeesh@tech2:~$ /usr/local/cpanel/bin/apache_conf_distiller --update

This is useful some times your https link/ document root needs to change regularly on the server. But please execute this command with your own risk on the live servers.