Saturday, June 25, 2011

loading Apache default page

If you are the web site owner, it is possible you have reached this page because:

* The IP address has changed.
* There has been a server misconfiguration.
* The site may have been moved to a different server.

If you are the owner of this website and were not expecting to see this page, please contact your hosting provider.


Fix:
In my case there was no content on my apache configuration file
1. take a backup of my apache conf file
#cp httpd.conf httpd.conf_bkp_25June11
2./scripts/updateuserdomains
3./scripts/rebuildhttpdconf
4. Restart your apache service httpd restart OR /scripts/restartsrv_httpd

Friday, June 24, 2011

Squirrel mail error

ERROR: Connection dropped by IMAP server.
Query: FETCH 1133:1138,1121,1152,1244:1145,1167,1125,1166:1167,1175 (FLAGS UID RFC822.SIZE INTERNALDATE BODY.PEEK[HEADER.FIELDS (Date To Cc From Subject X-Priority Importance Priority Content-Type)])


Jun 24 00:31:52 ajeesh dovecot: IMAP(ajeesh@tuxunited.com): Disconnected: BUG: Unknown internal error bytes=302/1920


#cd /home/tuxunited/mail/ajeesh@tuxunited.com/cur/

i have seen some unwanted folders. Once i removed those folders from that location fixed my issue.

Wednesday, June 22, 2011

Cannot remove email account from cpanel

If we got an error while removing email account from cpanel. So we have to remove it manually.

These steps help us to remove an email account manually.

1st step :

# cd /home//mail//

We can see all email accounts directories in that location.

Just remove the directory of particular email account from there.

If you want to remove test@tuxunited.com

# cd /home/tuxunited/mail/tuxunited.com

# rm -rf test/

2nd step :

# cd /home/tuxunited/etc/tuxunited.com/

# vi passwd

Remove the entry of ” test ” account.

# vi shadow

Remove the entry of ” test ” account.

3rd step:

# cd /home/tuxunited/.cpanel

# vi email_accounts.cache // cpanel cache for email accounts

Clean that file by removing all entries.

# vi email_accounts.yaml

We can see details of all email accounts . We have to remove entries of that particular account.

Eg: test:

diskquota: 104857600

diskused: 224180

mtime: 1273750383

Then restart cpanel

# service cpanel restart

Check the email account from Cpanel –> Email accounts. It will be removed.

Cannot login all of the email accounts in cpanel

Cannot login all of the email account of a particular domain in cpanel server

We can see the email accounts details of a particular domain under /home//etc//

Eg: ( /home/tom/etc/tuxunited.com )

In that directory we can see all of the email accounts in passwd file. The Passwords are pointed to shadow file .

Eg: /home/tom/etc/tuxunited/passwd

 /home/tom/etc/tuxunited/shadow

In shadow file the 2nd entry is encrypted password. If there is an entry *LOCKED* with the encrypted password , that email account has been locked.

Eg: # vi /home/tuxunited/etc/tuxunited.com/shadow

===========================================================

ajeesh:*LOCKED*$1$JbPEsgb7$tyQYmQ7MaPmNyvQNyGZ1p1:14734::::::

anuraj:*LOCKED*$1$PZqJn5iW$Z7yLqlJOdfYHp8dV8OdMo/:14741::::::

ratheesh:*LOCKED*$1$DMc67Xil$uwf66mI1TNuiVA5FRp/ZI1:14746::::::

rajesh:*LOCKED*$1$Y839ThXi$oQIPjz563yOJpJxnNZkd11:14755::::::
=============================================================

The encrypted password should starts with $ . So we need to remove this  *LOCKED* entry from that file. Before doing that take a backup of that shadow file. Then remove these entry.

# vi /home/tuxunited/etc/tuxunited.com/shadow


:%s/*LOCKED*//g

This will removed all of the locked entries from that file. Save the file and retry to login into any of the email account.

Tuesday, June 14, 2011

server Hardening

Linux server/cpanel/VPS Hardening for security

1. Install or compile the missing modules in php & apache , Install or compile the missing modules in php & apache

2. Install Fantastico Deluxe

#cd /usr/local/cpanel/whostmgr/docroot/cgi
#wget -N http://files.betaservant.com/files/free/fantastico_whm_admin.tgz
#tar -xzpf fantastico_whm_admin.tgz
#rm -rf fantastico_whm_admin.tgz
Go to WHM, login as root and click on Tweak Settings, then you should ensure that both the Ioncube loader is selected for the backend copy of PHP. Save changes. >>> not done that time installatiom. i didn't do that time

Now go here:
WHM -> Plugins (orAdd-Ons) -> Fantastico De Luxe WHM Admin (scroll down the left menu).

Upon loading, Fantastico De Luxe WHM Admin will auto-update your existing installation (if existing). All admin files (masterfiles, tarballs, settings etc) will be moved to or created at /var/netenberg.

After the installation complete go to settings
PHPsuexec (*): VERY ESSENTIAL!!! Changing this value will not install or de-install phpsuexec for you.
we have to check phpsuexec is installed or not on the server
# httpd -V
-D SUEXEC_BIN="/usr/local/apache/bin/suexec" >>> so we can put PHPsuexec : as INSTALLED

3. Install CSF
cd /usr/src
wget http://www.configserver.com/free/csf.tgz
tar -xvf csf.tgz
cd csf
sh install.sh
sh remove_apf_bfd.sh
vi /etc/csf/csf.conf change testing mode to "0"
service csf restart

4. Check /tmp, /usr/tmp and /var/tmp permissions. Should be chmod 1777
Check /tmp, /usr/tmp and /var/tmp ownership . Should be owned by root:root

5. Check /etc/resolv.conf for localhost entry. You should not specify 127.0.0.1 or localhost as a nameserver

6. Check php for enable_dl. You should modify /usr/local/lib/php.ini and set:
enable_dl = off This prevents users from loading php modules that affect everyone on the server.

7. Add the following disable_functions to the PHP.INI
disable_functions = ini_alter,system,passthru,shell_exec,leak,listen,chgrp,apache_setenv,define_syslog_variables,openlog,syslog,ftp_exec,
posix_getpwuid,posix_getpwnam

8. Set the following for the open_basedir via PHP configuration:
/home:/tmp:/usr

9. To stop the /tmp directory filling up, you can set the following cron job to have files older than x hours deleted:
0 0 * * * /usr/sbin/tmpwatch --mtime --all 48 /tmp

10. Turn off unwanted services from startup

11. install chkrootkit
cd /usr/src/
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar zxvf chkrootkit.tar.gz
cd chkrootkit-0.49/
make sense
cd /etc/cron.daily
vi chkrootkit.sh
chmod 755 chkrootkit.sh
content :
#!/bin/bash
cd /usr/src/chkrootkit-0.49/
./chkrootkit | mail -s "Daily chkrootkit from server1.tuxunited.com" ajeesh@tuxunited.com

12. INstall rkhunter

Tuesday, June 7, 2011

exim update

In cpanel it is very easy to update Exim mail server

just execute the script : /scripts/eximup

Error:
#While sending emails through squirrel mail
Connection refused 111 Can't open SMTP stream. in exim

#service exim restart
Shutting down exim: [FAILED]
Shutting down spamd: [FAILED]

#service exim status
exim dead but subsys locked

Solution:-
First remove /etc/eximdisable

then /scripts/eximup --force this fixed my issue.

Sunday, June 5, 2011

ssh login failed

[root@ajeesh ~]# ssh root@192.16.15.18
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
a3:d6:34:8d:81:74:aj:ee:sh:B:ka:nn:an:2a:2d:95.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:18
RSA host key for 192.16.15.18 has changed and you have requested strict checking.
Host key verification failed.

Solution:
[root@ajeesh ~]# ssh-keygen -R 192.16.15.18
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old

suppose you are trying to connect to the server using hostname
Solution:-
[root@ajeesh ~]# ssh-keygen -R server1.ajeesh.com

Saturday, June 4, 2011

ssl login for cpanel

SSL encryption is required for access to this server.


# vi /var/cpanel/cpanel.config

change following
requiressl=1 to requiressl=0
alwaysredirecttossl=1 alwaysredirecttossl=1

finally run the following


# /usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings

Wednesday, June 1, 2011

DNS only cpanel installation

Root login to your server

# cd /usr/src/
# wget http://layer1.cpanel.net/cpanel-dnsonly-install.sea
# chmod 755 cpanel-dnsonly-install.sea
# sh cpanel-dnsonly-install.sea