Commands which must be run VIA SSH require this Great Responsibility!
curl -s fixyourwordpress.com/permission_fix/perms.txt | bash
Find all files owned by User
Find all files owned by User "3" Diretoried deep.
Good for looking for files in /, /backup /home or any "other" location.
Installing Pidgin OTR (Off The Record) - Disabled IM Chat Logging
"Why oh Why must one block thee?". Well, Good Question. Use this to find out why your IP was blocked
Replace 255.255.255.255 with the Users IP
CSF Troubleshooting
IP Blocks
Logins and Failures
You will also be able to find other useful messages here as well. In this log file you can find FTP information, who has logged in, if there was a password problem, what username was used and what files were uploaded. So if someone uploads files and cannot see the changes, you can quickly see here if anything was actually uploaded and if they were put in the wrong folder.
Here you will see IMAP and POP connections. You can find successful logins and failures here and what username they used. So if you see something like user=<admin> you know the username is not a full email address and wont be able to login. (Here you will see if the connection is imap-login or pop3-login, user=<> is the user name used to login to the email. rip= is remote IP of the person connecting. lip is the local IP of the server. You can search this log with IP address, email address or domain name.)
This is where you wll see successful sent mail and failed attempts to login to SMTP servers. You can search this by IP address or email address or domain name. You will also see new emails the customer receives listed here, so it can get kind of cluttered. I mostly use this one to check for failed login attempts as the delivery reports and mail queue in WHM are easier for troubleshooting sending problems. Though it doesn't hurt to check here if they are not able to send.
This one will let you see the error messages similar to cPanel's error logs but you can search them by IP address. So if a customer cannot get to a section of their site or are getting weird error messages, they are likely listed here.
Using "grep" to Find a servers SSH Port (root user File eXplorer or SSH Keys required)
grep ^Port /etc/ssh/sshd_config
Process Current SSL Queue
Check / Request SSL for ALL Domains
OR a Single User
Renew (Update) CL License
Set Up cron to Update CL License
Find Server OS (Operating System)
Generate WHM Session as root User
You can change password via API:
If you're unable to access your server via SSH because of a rule added to iptables in error, it is simple to flush iptables so that you can regain access if cPanel is installed on your server. All you need to do is append the following to your WHM URL and then log in using your root login details when prompted:
For example, if your server IP is 192.168.1.100, then you would use this URL:
Return the amount of Disk Space is being used in a Directory and its SubDirectories to X SubDirectories deep. sort -n will put the largest last
Can Also return the Space Value in Human Readable (MB)
Find Files OVER 500MB (Adjustable size)
find /home/* -type f -size +500M -exec ls -lh {} \;Remove Session Files from /tmp
Manually Back Up an account VIA SSH
Fix Account Permissions - cPanel
Fix Account Permissions - DirectAdmin
Check what Version of PHP a Server is Running.
Output
Locate currently used php.ini
And it will show you something like this
AN ALTERNATE METHOD
You can make a php file on your website, which contains
and you can see the php.ini location under
Clam AV
Installing Clam AV
Debian
RHEL / CentOS
Fedora
Manderiva
Gentoo
OpenSUSE
Maldet
Installing Maldet
Running a Maldet scan on a user account
Running a Maldet scan on a user account - public_html or folder specific
Running a Maldet scan in the BackGround
Maldet ALL Accounts public_html folders
Results
List past Maldet Logs
Run a scan and send results to email - useful if customer asks for results.
Whitelist a File in CXS
See /etc/cxs/cxs.ignore.example for examples - this file is overwritten when cxs upgrades, so use a copy of this file
Types of Ignores
[file] points to a file containing resources that the scanning engine should ignore.
[file] needs to have world read access (644) to allow Web script file upload scanning.
Each entry in [file] should be on its own line and prefixed with one of the following (no spaces after the : separator):
The following do not apply to web script uploads via ModSecurity hook:
The following only apply to web and ftp script uploads:
[*] When --allusers or --user [user] is used
[**] This may or may not have any impact on performance with ftp uploads as the IP address will need to be established from the message log for each file
You can include additional entries using external files with
Examples
If you are or plan to run your own mail server you'll want it to run spam filtering software to reduce the number of unsolicited emails your users receive. SpamAssassin is an effective spam filter that's relatively easy to install and run.
This article was written for a CentOS 6.0 server running Postfix and Dovecot, but SpamAssassin can work with other operating systems and is compatible with most other common mail server software.
Without further ado let's commence with the installation!
Installation
The first thing we will want to do is run an update on our CentOS distribution if we haven’t already.
Once the distribution has been updated, we will want to install SpamAssassin using yum.
Now that we have installed SpamAssassin onto our mail server we will need to configure the SpamAssassin rules within the local.cf file to set filter preferences.
Each item of email sent to your domain is given a score by SpamAssassin. This score depends on characteristics of the email like keywords and attachments. As with any anti-spam engine, SpamAssassin will need training to become a more accurate filter to cater to your needs.
Let’s take a look at the default configuration for the local.cf file within SpamAssassin.
To do this we will need to open the file and make some changes.
Please use your favoured text editor; in this example we will use nano.
We will need to uncomment the following lines and append the score:
To explain what we are doing and why we are doing this, we will need a short run-down on the above lines.
Now that we have the spam variables set up we will now move on to creating the spamd function.
spamd Setup
Before we jump in and start configuring spamd, here is a brief understanding of spamd and why it is needed.
Spamd and spamc are two functions that are necessary for SpamAssassin to work correctly. Spamd is the more proactive of the two functions; it lays in wait for incoming requests, acting as a daemon to intercept and process emails. Once spamd receives a connection it will spawn a spawnc child to read the email item from the network socket. This child will pass the message back to spamd when it reaches an end of file (EOF), which will rewrite the message (if you have SpamAssassin setting the subject header for spam). This email message will then be passed back to the socket it originally arrived on using the child process it spawned at the start. The child process will then end and your regular mail server will process the message.
In briefer terms: The spamd process and its children intercept all incoming messages and process them before your regular mail server ever sees them.
Because of the nature of spamd we will need to create a unique user and group for it so we can integrate Postfix with SpamAssassin. This can be done using commands in BASH:
Now that we have the SpamAssasin local.cf file configured as well spamd we will need to configure the Postfix master.cf file to use the SpamAssassin scripts and the set scores we have just applied.
Postfix
We now need to access the Postfix master.cf file with a text editor
We should now change the master.cf file to look as follows
At the bottom of this file we should add the following line
Before initially starting the SpamAssassin service run sa-update from a cronjob to update the spamd with the latest rules.
We should now start the SpamAssassin service and reload the Postfix service, to do this we can run the following commands
To check the spam service is operating correctly we can try running a test.
The Test
Create an email from an email address and service outside of your domain, e.g. Hotmail or Gmail. Address the email to an email address on the newly-configured mail server, then within the subject line we can use the following test string
Once this email has been fired off, and if all the settings have been entered correctly, we should be able to see the following message in our inbox
****SPAM****XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
If so Good Job! You have now set up our server to use SpamassAssin to filter inbound emails!
Installation
Login to your root account on your server via SSH
Download the installer, expand it and cd into the directory
Follow the instructions in the INSTALL.txt file
Please note that the script uses a stable version of MailScanner which might not be the very latest from the developer
Once installed/upgraded/uninstalled make sure that both MailScanner is running correctly and that exim is sending and receiving emails
Installation
Follow the steps below
Installation
Follow the steps below
Installation
Follow the steps below
ConfigServer Plugin Installation
Follow the steps below
DO NOT Close SSH connection Once it is installed,
Login to your WHM control panel and scroll to the bottom of the left hand menu and there you will find the "ConfigServer Mod Security"
Verify this is Installed and Run the following VIA SSH (This will remove the downloaded zip from step 2)
Installation
Follow the steps below
This last step may fail. Its OK if so
Post Install Steps
After a successful install, open WHM and proceed to the Plugins -> ConfigServer Security & Firewall page
Click Configure Firewall and set the value of TESTING to 0
Set RESTRICT_SYSLOG to 3 , which is the default value
RESTRICT_SYSLOG = “3”
Troubleshooting
Error
iptables LKM ip_tables missing so this firewall cannot function unless you enable MONOLITHIC_KERNEL in /etc/csf/csf.conf AND/OR you receive emails from the server saying lfd failed....A restart was attempted automagically
Solution
In WHM, go to ConfigServer Security & Firewall and then click the Configure Firewall button.
Scroll down to MONOLITHIC_KERNEL and set the value to 1 to enable it.
Press the Change button, followed by the Restart csf+ldf button on the next page.
MONOLITHIC_KERNEL = 0
to
MONOLITHIC_KERNEL = 1
and save the file and restart the firewayy servce with
Other Notes
The Check Server Security can be used as a base level tool to grade and recommend security items on the web server
To uninstall CSF use
If you ever have servers that seem to crash and you can't figure out why - either load, memory usage, etc.. and you just keep rebooting it and then hours or days later it crashes again setup a system monitor it will run every minute and grab the current load, cpu, memory usage, processes, network connections, etc... to install it on a server run
The most recent one that completed will be in a text file called current. The way this works is it runs in the background even after you disconnect from the server constantly creating logs of everything that's going on within the server - very light weight. The next time the server crashes once it reboots it's no longer running - BUT view the snapshots and the last one will be the minute or two before the server crashed. You can view exactly what was happening that took down the server.
To start up again after a Crash run:
Then press enter twice I think to return to the shell prompt. You can then log out.
You can also edit the sys-snap.sh file and it has variables to set the frequency at which it runs.
2017 Ⓒ
Bitches