Script monitor and restart Mysql service

The following script which will monitor MySQL Server service and will automatically restart it if its down.

#!/bin/bash

# MySQL Server root/admin username
MUSER="root"

# MySQL Server admin/root password
MPASS="SET-ROOT-PASSWORD"

# MySQL Server hostname
MHOST="localhost"

#Shell script to start MySQL server i.e. path to MySQL daemon start/stop script.
MSTART="/etc/init.d/mysql start"

# Email ID to send notification
EMAILID="you@your-email.com"

# path to mail program
MAILCMD="$(which mail)"

# path mysqladmin
MADMIN="$(which mysqladmin)"

#### DO NOT CHANGE anything BELOW ####
MAILMESSAGE="/tmp/mysql.fail.$$"

# see if MySQL server is alive or not
# 2&1 could be better but i would like to keep it simple and easy to
# understand stuff 
$MADMIN -h $MHOST -u $MUSER -p${MPASS} ping 2>/dev/null 1>/dev/null
if [ $? -ne 0 ]; then
echo "" >$MAILMESSAGE
echo "Error: MySQL Server is not running/responding ping request">>$MAILMESSAGE
echo "Hostname: $(hostname)" >>$MAILMESSAGE
echo "Date & Time: $(date)" >>$MAILMESSAGE
# try to start mysql
$MSTART>/dev/null
# see if it is started or not
o=$(ps cax | grep -c ' mysqld$')
if [ $o -eq 1 ]; then
sMess="MySQL Server MySQL server successfully restarted"
else
sMess="MySQL server FAILED to restart"
fi
# Email status too
echo "Current Status: $sMess" >>$MAILMESSAGE
echo "" >>$MAILMESSAGE
echo "*** This email generated by $(basename $0) shell script ***" >>$MAILMESSAGE
echo "*** Please don't reply this email, this is just notification email ***" >>$MAILMESSAGE
# send email
$MAILCMD -s "MySQL server" $EMAILID < $MAILMESSAGE
else # MySQL is running  and do nothing
:
fi
# remove file
rm -f $MAILMESSAGE

You just have to do some minor changes in this script (mysql password, email ID etc). 

Then set a cron to run according to your requirement for the above script.

for eg.

*/15 * * * * ./(path to script) > /dev/null 2>&1

This will run the script in every 15 mins.

Disk space consumption

Command to get teh path of file which is consuming large disk space in the server:

du -a /home | sort -n -r | head -n 10

Core dump files

The possible reason for the core files getting generated is when a php process is killed, apache creates core files under your account.

If it is caused due to php/apache then you can get rid off those core files by editing the httpd start up file on the server end.

To Disable creation of core dump files:

root@server [~]# vi /etc/init.d/httpd
Search for ulimit lines .For eg : you can see these lines

ulimit -n 1024
ulimit -n 4096
ulimit -n 8192
ulimit -n 16384
You need to add ulimit -c 0 at the end. Which will look like :

ulimit -n 1024
ulimit -n 4096
ulimit -n 8192
ulimit -n 16384
ulimit -c 0

Save changes and quit.

Now kill / stop apache service and then start apache service on the server.

root@server [~]# service httpd stop
root@server [~]# service httpd stop
httpd (no pid file) not running
root@server [~]# service httpd startssl
root@server [~]# service httpd startssl
httpd (pid 21154) already running

Handling spamming

1:  Command to delete spam mails from a particular account

grep -lr user@domainname.tld /var/spool/exim/input/* |  xargs rm -vf

Symlinks

Command to disable all symlinks under a folder:

find -type l -exec unlink {} \;

Updating SPF for all accounts in cPanel servers

One way of fixing:

The /usr/local/cpanel/Cpanel/SPF.pm file handles the SPF installation script that runs "/usr/local/cpanel/bin/spf_installer username" and is also used in cPanel > Email Authentication area for setting the IP for the SPF record. First, make a backup of the file:

cp /usr/local/cpanel/Cpanel/SPF.pm /usr/local/cpanel/Cpanel/SPF.pm.bak

Now revise the lines that have this:
my $mainip = Cpanel::DIp::getmainserverip();

To have this instead:


my $mainip = '192.12.12.12';

This will then use the hard-coded IP when installing the SPF records. This will occur for all parked, addon, and subdomains on the account for the SPF installation. Whenever the user in cPanel > Email Authentication area enables SPF records, the hard-coded IP will be used.

Please note that the code entry occurs thrice in the file, so you would need to revise all the entries. If you only revise the initial entry, only the main domain will be changed to that new hard-coded IP, while parked, addon, and subdomains will not be.

You may also want to put that file into the exclude list for cPanel so it does not get overwritten on cPanel updates:

echo "/usr/local/cpanel/Cpanel/SPF.pm" >> /etc/cpanelsync.exclude



Script to update SPF for all accounts

#!/bin/bash
IFS="$"
cd /var/named
/bin/ls -- /var/cpanel/users | grep -v "root\|system\|passwd\|cpanel\|nobody\|mysql\|\`\|\-\|\." | while read CPUSER; do
echo "Installing SPF for '${CPUSER}'";
/usr/local/cpanel/bin/spf_installer "${CPUSER}" > /dev/null
done

Exim syntax error

Issue Error Messages:
SMTP call from (workstation) [IP] dropped: too many syntax or protocol errors (last command was "RCPT TO:

Solution:
When sending emails using outlook you might receive the error above. It seems that when you copy & paste the email addresses into the To field, they include quotations around them that the server did not know how to handle (i.e. ‘name@website.com’ instead of just name@website.com).

Remove the quotations & then try sending emails.

Test mysql connection from Php page

<?php
mysql_connect ("localhost", "Mysql_username", "Mysql_password") or die (mysql_error());
echo "Success.. Connected to MySQL...<br />";
mysql_select_db("Mysql_database") or die(mysql_error());
echo "Success.. Connected to Database... ";
?>

Nagios setup

########################## How to add a server in Nagios? #######################################

1. Make a directory in /usr/local/nagios/etc/objects/ with client's name. We should group all the host.cfg file of the client in this directory.

2.Make the host.cfg file as host_name.cfg where host_name is the hostname of the server

3. Add the following sections to the host_name.cfg 

Note: Add the service definitons according to the requirement

-----------------------------------------------------
###############################################################################
#
# HOST DEFINITION
#
###############################################################################

# Define a host for the local machine

define host{
        use                     linux-server            ; Name of host template to use
                                                        ; This host definition will inherit all variables that are defined
                                                        ; in (or inherited by) the linux-server host template definition.
        host_name               <host_name>
        alias                   <host_name>
        address                 <server_ip>
        contact_groups          nsdesign-admins
        }
###############################################################################

###############################################################################
#
# SERVICE DEFINITIONS
#
###############################################################################
# Define a service to "ping" the local machine
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             PING
        check_command                   check_ping!150.0,20%!500.0,60%
      }


# Define a service to check the disk space of the root partition
# on the local machine.  Warning if < 20% free, critical if
# < 10% free space on partition.
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             Partition /
        check_command                   check_nrpe!check_diskslash
        }

# Define a service to check the number of currently running procs
# on the local machine.  Warning if > 250 processes, critical if
# > 400 users.

define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             Total Processes
        check_command                   check_nrpe!check_total_procs!500!750!RSZDT
        }

# Define a service to check the load on the local machine.
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             Current Load
        check_command                   check_nrpe!check_load!5.0,4.0,3.0!10.0,6.0,4.0
        }

# Define a service to check SSH on the local machine.
# Disable notifications for this service by default, as not all users may have SSH enabled.
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             SSH
        check_command                   check_ssh
        notifications_enabled           0
        }

# Define a service to check HTTP on the local machine.
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             HTTP
        check_command                   check_http
        notifications_enabled           0
        }
# Define a service to check FTP on the local machine.
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             FTP
        check_command                   check_ftp
        notifications_enabled           0
        }
# Define a service to check POP on the local machine.
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             POP
        check_command                   check_pop
        notifications_enabled           0
        }
# Define a service to check SMTP on the local machine.
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             SMTP
        check_command                   check_smtp
        notifications_enabled           0
        }
# Define a service to check MySQL on the local machine.
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             MySQL
        check_command                   check_mysql_nsd
        notifications_enabled           0
        }
-----------------------------------------------------
Where <host_name> is the hostname of the remote server
      <server_ip> is the Ip of the remote server

Note: Enable notification if needed by giving 1 instead of 0 

4. Save the file

5.Add the following line to /usr/local/nagios/etc/nagios.cfg

------------------------------------------------------
cfg_dir=/usr/local/nagios/etc/objects/<directory_name>
------------------------------------------------------

Where directory_name is the name of the directory that we made in Step:1

6.Add the following lines to /usr/local/nagios/etc/objects/contacts.cfg
------------------------------------------------------
############################## <client's name> DATA BEGINS ######################
define contact{
        contact_name                    <client's name>
        alias                           <client's name>
        service_notification_period     24x7
        host_notification_period        24x7
        service_notification_options    c,r
        host_notification_options       d,r
        service_notification_commands   notify-service-by-email
        host_notification_commands      notify-host-by-email
        email                           <Email_address>
        }
define contactgroup{
        contactgroup_name       <client's name>-admins
        alias                   <client's name> Administrators
        members                 <client's name>,shared
        }
############################## <client's name> DATA ENDS ######################


Note: Where <Email_address> is the email addresss to which notification goes

7. Add the following lines in /usr/local/nagios/etc/objects/hostgroups.cfg

################## nsdesign GROUP BEGINS ##############
define hostgroup{
        hostgroup_name  nsdesign ; The name of the hostgroup
        alias           NSDesign Linux Servers ; Long name of the group
        members         server.dnsblock1.com,server.dnsblock2.com,server.dnsblock3.com,server.dnsblock4.com,server.dnsblock5.com,server.nsdesign.net,server.dnsblock6.com,server.dnsblock7.com,server.q4server.co.uk,server.hellodkdo.com,server.dnsblock8.com    ;
        }
################## nsdesign GROUP ENDS ##############



8. Issue the following command for nagios config test

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

9. Restart nagios if there is no error in config test

/etc/init.d/nagios restart

########################## How to add a nagios user to monitor their servers? #######################################

Run the following command,

htpasswd  /usr/local/nagios/etc/htpasswd.users <username>

and give password



########################## How to install NRPE in client server? #######################################

On the remote server
====================

cd /opt/
wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.15.tar.gz
wget http://www.mycutelife.net/sanju/newtickethelp/nagios_downloads/nrpe-1.9.tar.gz
wget http://www.mycutelife.net/sanju/newtickethelp/nagios_downloads/nrpe
wget http://www.mycutelife.net/sanju/newtickethelp/nagios_downloads/nrpe.cfg
useradd nagios
tar -xvzf nagios-plugins-1.4.15.tar.gz
cd nagios-plugins-1.4.15/
./configure
make
make install
cd /opt/
tar -xvzf nrpe-1.9.tar.gz
cd nrpe-1.9/
./configure
make all
cd /opt/
mkdir /usr/local/nagios/bin
mkdir /usr/local/nagios/etc
cp nrpe-1.9/src/nrpe /usr/local/nagios/bin/
cp nrpe.cfg /usr/local/nagios/etc/
cp nrpe /etc/xinetd.d/
echo "nrpe  5666/tcp" >> /etc/services
chkconfig nrpe on
/sbin/iptables -I INPUT -p tcp -s 0/0 --dport 5666 -j ACCEPT;
service iptables save;
/etc/rc.d/init.d/xinetd restart


Then enter mysql prompt 

mysql
mysql> create database nagios;
Query OK, 1 row affected (0.02 sec)

mysql> grant all privileges on nagios.* to nsduser@nagios-server-ip identified by 'Hnj7bjsv45nkja0L';

mysql> quit
Bye

Next step is to give the nagios server ip to file /etc/xinetd.d/nrpe

vi /etc/xinetd.d/nrpe 
===============================================
# default: on
       # description: NRPE
       service nrpe
       {
               flags           = REUSE
               socket_type     = stream
               wait            = no
               user            = root
               server          = /usr/local/nagios/bin/nrpe
               server_args     = -c /etc/nrpe.conf --inetd
               log_on_failure  += USERID
               disable         = no
               only_from       = <nagios-server-ip>
       }
=================================================

where <nagios-server-ip> is the IP of the Nagios Server

To check mysql in remote server, run the following command in the nagios server.

./check_mysql --hostname=<remote-server-ip>  --port=3306 --username=nsduser --password=Hnj7bjsv45nkja0L

Allow the nagios-server-ip in the iptables and in the csf

The file /usr/local/nagios/etc/nrpe.cfg contains details of the internal commands from where it is loaded and parameters. 

Add Nagios Users

Add users to nagios

1) Create .cfg files for server. in /usr/local/nagios/etc/objects/
2) add user to use nagios interface
 htpasswd /usr/local/nagios/etc/htpasswd.users jikku
 file /usr/local/nagios/etc/htpasswd.users
3) Add contact details in contacts.cfg
4) Add hostgroup entries.

Nagios: internal service monitoring

1) Add plugin in client server in location /usr/local/nagios/libexec and
add command to /usr/local/nagios/etc/nrpe.cfg

egs: 
command[check_eximmailqueue]=/usr/local/nagios/libexec/check_eximmailqueue
-w 1000 -c 2000
command[check_disk1]=/usr/local/nagios/libexec/check_disk -w 20 -c 10 -p
/dev/sda3
command[check_disk2]=/usr/local/nagios/libexec/check_disk -w 20 -c 10 -p
/dev/sdb1

2) add the details to the nagios server in the file
/usr/local/nagios/etc/objects/brett/venus.serversdeployed.com.cfg

egs: 
# Define a service to check the disk space on the local machine.

define service{
        use                             local-service         ; Name of
service template to use
        host_name                       venus.serversdeployed.com
        service_description             /
        check_command                   check_nrpe!check_disk1
        }

define service{
        use                             local-service         ; Name of
service template to use
        host_name                       venus.serversdeployed.com
        service_description             /backup
        check_command                   check_nrpe!check_disk2
        }





To check working of command from client server


root@venus [/usr/local/nagios/libexec]# ./check_users -w 5 -c 10
USERS OK - 1 users currently logged in |users=1;5;10;0

root@venus [/usr/local/nagios/libexec]# ./check_load -w 15,10,5 -c 30,25,20
OK - load average: 0.31, 0.22, 0.14|load1=0.310;15.000;30.000;0;
load5=0.220;10.000;25.000;0; load15=0.140;5.000;20.000;0;



To check working of command from nagios server


/usr/local/nagios/libexec/check_nrpe -H 216.240.191.18 -c check_eximmailqueue

Nagios: errors and fixes

Errors obtained on checking mail queue of client server from nagios server

1 ) “must have a tty to run sudo”
Fix:
Comment the line “Defaults    requiretty” in file /etc/sudoers


2)  “sent and no askpass program specified”
Fix:
add following line in /etc/sudoers
nagios ALL= NOPASSWD:/usr/sbin/exim -bpc

Nrpe version

# /usr/local/nagios/bin/nrpe --help



NRPE - Nagios Remote Plugin Executor

Copyright (c) 1999-2003 Ethan Galstad (nagios@nagios.org)

Version: 1.9

Last Modified: 07-22-2003

License: GPL

WordPress Preventing Password Protecting a Directory

Password protecting a subdirectory using the cPanel icon (or a .htpasswd file) will be unsuccessful if WordPress is installed in the public_html directory with permalinks enabled.

Edit .htaccess File

1. Edit the .htaccess file in your WordPress home folder (public_html) and remove the line  of code shown in bold below:
   
   
   # BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
2. Replace that line with this new line:
   
   
   RewriteRule ./ /index.php [L]
   
   The final code snippet will look like this:
   
   
   # BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ./ /index.php [L]
</IfModule>
# END WordPress
3. Save your changes.

Reset Permalinks

1. From the left-hand navigation menu in WordPress, click Settings > Permalinks. Note the current setting. If you are using a custom structure, copy or save the custom structure somewhere.
2. Select Default.
3. Click Save Settings.
4. Change the settings back to the previous configuration (before you selected Default). Put the custom structure back if you had one.
5. Click > Save Settings.

This should reset the permalinks and prevent any posts or pages from returning a 404 Page Not Found error. You should now be able to password protect a subdirectory.

Create SUDO user in cPanel

For security you might want to disable direct SSH login as root.

First of all login as root and create an user

#useradd sshadmin

#passwd sshadmin

Now add this user to wheel group from WHM

WHM -> Security Center -> Manage Wheel Group Users

OR from command line

#usermod -G wheel sshadmin

Now open /etc/ssh/sshd_config and set

PermitRootLogin no

Restart the ssh service

/etc/init.d/sshd restart

Now you can ssh to server as user sshadmin and run the command “su -” to switch to root user.

Now the thing is that “su -” asks for root password. If you don’t want to remember the root password then you can add the user sshadmin to sudo user list. Add below lines to /etc/sudoers

sshadmin    ALL=(ALL)       ALL

Now run the command “sudo su -” and it will directly switch to user root without asking password.

Script to create a directory with current date and sync the folders

Script to create a directory with current date and sync the folders

#!/bin/bash
# rsync script
mkdir /home/user/backup/`date -I`
rsync -avz --progress /home/user/rsync1/ /home/user/backup/`date -I`

Find & Replace across multiple files in linux

Command to Find & Replace a word with another across multiple files in linux

>>> command to replace "test" with "testing" in multiple files

# find . -name "*.html" -print | xargs sed -i 's/test/testing/g'

Script to delete mail on a specific time period

Script to delete all mails dated 2011 from the mail accounts. email account: user@example.com


=====================
1) touch --date "2011-06-19" /home/example/mail/example.com/user/cur/start  
         >>> creating a file with particular date [from that date onwards] that we want to delete

2) touch --date "2011-12-31"/home/example/mail/example.com/user/cur/end
        >>> file created with a particular date [upto that date] that we want to delete

3) find . -newer /home/example/mail/example.com/user/cur/start -not -newer /home/example/mail/example.com/user/cur/end -exec mv {} --target-directory=/home/example/mov_mail/ ';'
       >>> script will move mails dated from 2011-06-19 to 2011-12-31 to the folder /home/example/mov_mail/

4) deleted the contents in the folder /home/example/mov_mail/

Remove IP from drop list in iptables

List existing chains

Type the following command to list current IPs in tables:
iptables -L -n

To display line number along with other information, enter:
iptables -L INPUT -n --line-numbers

You will get the list of all blocked IP. Look at the number on the left, then use number to delete it. For example delete line number 10 (subner 134.175.0.0/16), enter:
iptables -D INPUT 10

======================================================

Run :
iptables-save| grep xx.xx.xx.xx

to get the exact rule command used to enabled the block. It will be something like:

-A INPUT ! -i lo -s xx.xx.xx.xx -j DROP

Take this command, replace the -A with -D and run it through iptables:

iptables -D INPUT ! -i lo -s xx.xx.xx.xx -j DROP 

Plesk mx record change

To change an MX, A or CNAME record do the following:
    Log into Plesk
    Click on Domains
    Click on the domain name in question
    Click on the arrow next to the words "Web Site" and choose DNS Settings


To change an MX record:
    Click on the MX record to edit
     Leave "Record type" as MX
     Leave "Enter mail domain" blank
     Change the "Enter mail exchanger" to the name of your mail server
     If necessary, change the "Specify priority of mail exchange server" to the desired setting.

=============================================

To get to the DNS editor, do the following:
    Log into Plesk
    Under Hosting Services, click on Domains
    Find the domain in question, and click on the corresponding link that says "Control Panel" (on the far right side)
    Click the "Websites & Domains" tab
    Click the "DNS Settings" link
    Click on "[Manage]" for the appropriate domain
     To edit an existing record, click on the record under "Host"

MX records
     Change the "Record type" to MX (if necessary)
     "Mail domain" should be left blank
      Set the "Mail exchange server" the name of your mail server (for example ghs.google.com)
      The party who gave you the mail exchange server name may have also given you a priority number; if   not, "very high(0)" is perfect

After making your changes, click on OK. The changes will take between 4 to 8 hours to update worldwide.

     

To find symbolic link in a directory

to find symbolic link in a directory

 root@server [/home/user]# find . -type l
./access-logs
./www

root@server [/home/user]# find . -type l -printf " %p -> %l\n"
 ./access-logs -> /usr/local/apache/domlogs/user
 ./www -> public_html

root@server [/home/edennatu]# find . -type l -printf "%a -> %b\n"
Mon Jun 10 07:41:11 2013 -> 0
Mon Jun 10 07:41:11 2013 -> 0


%a       File's last access time in the format returned by the C 'ctime' function.

%b       The amount of disk space used for this file in 512-byte blocks. Since disk space is allocated in      multiples of the filesystem block size this is usually greater than %s/1024, but it can also be smaller if the file    is a sparse file.

%p       File's name.

%l         Object of symbolic link (empty string if file is not a symbolic link).

Handle spamming in qmail

Qmail Commands:

root@linux ~]# /var/qmail/bin/qmail-qstat 

messages in queue: 123 

messages in queue but not yet preprocessed: 0 

You can examine the queue with qmail-qread. 

/var/qmail/bin/qmail-qread

From the qread command you get the message’s id . If the id is 12345 .

Now you can find the file holding the email in/var/qmail/queue with “find “command.

find /var/qmail/queue -iname 12345

Above will output like this :

/var/qmail/queue/remote/22/12345 

/var/qmail/queue/mess/22/12345 

/var/qmail/queue/info/22/12345 

Now open that file and you should be able to get the details.

vi /var/qmail/queue/mess/22/12345

If you wish to completely remove all the mails from queue just run the below commands.

find /var/qmail/queue/mess -type f -exec rm {} \;

 find /var/qmail/queue/info -type f -exec rm {} \; 

find /var/qmail/queue/local -type f -exec rm {} \; 

find /var/qmail/queue/intd -type f -exec rm {} \; 

find /var/qmail/queue/todo -type f -exec rm {} \; 

find /var/qmail/queue/remote -type f -exec rm {} \; 

How to get nrpe version

# /usr/local/nagios/bin/nrpe --help

NRPE - Nagios Remote Plugin Executor
Copyright (c) 1999-2003 Ethan Galstad (nagios@nagios.org)
Version: 1.9
Last Modified: 07-22-2003
License: GPL