Thursday, 4 September 2014

Symlinks

Command to disable all symlinks under a folder:

find -type l -exec unlink {} \;

Updating SPF for all accounts in cPanel servers

One way of fixing:

The /usr/local/cpanel/Cpanel/SPF.pm file handles the SPF installation script that runs "/usr/local/cpanel/bin/spf_installer username" and is also used in cPanel > Email Authentication area for setting the IP for the SPF record. First, make a backup of the file:

cp /usr/local/cpanel/Cpanel/SPF.pm /usr/local/cpanel/Cpanel/SPF.pm.bak

Now revise the lines that have this:
my $mainip = Cpanel::DIp::getmainserverip();

To have this instead:


my $mainip = '192.12.12.12';

This will then use the hard-coded IP when installing the SPF records. This will occur for all parked, addon, and subdomains on the account for the SPF installation. Whenever the user in cPanel > Email Authentication area enables SPF records, the hard-coded IP will be used.

Please note that the code entry occurs thrice in the file, so you would need to revise all the entries. If you only revise the initial entry, only the main domain will be changed to that new hard-coded IP, while parked, addon, and subdomains will not be.

You may also want to put that file into the exclude list for cPanel so it does not get overwritten on cPanel updates:

echo "/usr/local/cpanel/Cpanel/SPF.pm" >> /etc/cpanelsync.exclude



Script to update SPF for all accounts

#!/bin/bash
IFS="$"
cd /var/named
/bin/ls -- /var/cpanel/users | grep -v "root\|system\|passwd\|cpanel\|nobody\|mysql\|\`\|\-\|\." | while read CPUSER; do
echo "Installing SPF for '${CPUSER}'";
/usr/local/cpanel/bin/spf_installer "${CPUSER}" > /dev/null
done

Exim syntax error

Issue Error Messages:
SMTP call from (workstation) [IP] dropped: too many syntax or protocol errors (last command was "RCPT TO:

Solution:
When sending emails using outlook you might receive the error above. It seems that when you copy & paste the email addresses into the To field, they include quotations around them that the server did not know how to handle (i.e. ‘name@website.com’ instead of just name@website.com).

Remove the quotations & then try sending emails.

Saturday, 23 August 2014

Test mysql connection from Php page

<?php
mysql_connect ("localhost", "Mysql_username", "Mysql_password") or die (mysql_error());
echo "Success.. Connected to MySQL...<br />";
mysql_select_db("Mysql_database") or die(mysql_error());
echo "Success.. Connected to Database... ";
?>

Tuesday, 29 July 2014

Nagios setup


########################## How to add a server in Nagios? #######################################

1. Make a directory in /usr/local/nagios/etc/objects/ with client's name. We should group all the host.cfg file of the client in this directory.

2.Make the host.cfg file as host_name.cfg where host_name is the hostname of the server

3. Add the following sections to the host_name.cfg 

Note: Add the service definitons according to the requirement

-----------------------------------------------------
###############################################################################
#
# HOST DEFINITION
#
###############################################################################

# Define a host for the local machine

define host{
        use                     linux-server            ; Name of host template to use
                                                        ; This host definition will inherit all variables that are defined
                                                        ; in (or inherited by) the linux-server host template definition.
        host_name               <host_name>
        alias                   <host_name>
        address                 <server_ip>
        contact_groups          nsdesign-admins
        }
###############################################################################

###############################################################################
#
# SERVICE DEFINITIONS
#
###############################################################################
# Define a service to "ping" the local machine
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             PING
        check_command                   check_ping!150.0,20%!500.0,60%
      }


# Define a service to check the disk space of the root partition
# on the local machine.  Warning if < 20% free, critical if
# < 10% free space on partition.
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             Partition /
        check_command                   check_nrpe!check_diskslash
        }

# Define a service to check the number of currently running procs
# on the local machine.  Warning if > 250 processes, critical if
# > 400 users.

define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             Total Processes
        check_command                   check_nrpe!check_total_procs!500!750!RSZDT
        }

# Define a service to check the load on the local machine.
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             Current Load
        check_command                   check_nrpe!check_load!5.0,4.0,3.0!10.0,6.0,4.0
        }

# Define a service to check SSH on the local machine.
# Disable notifications for this service by default, as not all users may have SSH enabled.
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             SSH
        check_command                   check_ssh
        notifications_enabled           0
        }

# Define a service to check HTTP on the local machine.
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             HTTP
        check_command                   check_http
        notifications_enabled           0
        }
# Define a service to check FTP on the local machine.
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             FTP
        check_command                   check_ftp
        notifications_enabled           0
        }
# Define a service to check POP on the local machine.
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             POP
        check_command                   check_pop
        notifications_enabled           0
        }
# Define a service to check SMTP on the local machine.
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             SMTP
        check_command                   check_smtp
        notifications_enabled           0
        }
# Define a service to check MySQL on the local machine.
define service{
        use                             local-service         ; Name of service template to use
        host_name                       <host_name>
        service_description             MySQL
        check_command                   check_mysql_nsd
        notifications_enabled           0
        }
-----------------------------------------------------
Where <host_name> is the hostname of the remote server
      <server_ip> is the Ip of the remote server

Note: Enable notification if needed by giving 1 instead of 0 

4. Save the file

5.Add the following line to /usr/local/nagios/etc/nagios.cfg

------------------------------------------------------
cfg_dir=/usr/local/nagios/etc/objects/<directory_name>
------------------------------------------------------

Where directory_name is the name of the directory that we made in Step:1

6.Add the following lines to /usr/local/nagios/etc/objects/contacts.cfg
------------------------------------------------------
############################## <client's name> DATA BEGINS ######################
define contact{
        contact_name                    <client's name>
        alias                           <client's name>
        service_notification_period     24x7
        host_notification_period        24x7
        service_notification_options    c,r
        host_notification_options       d,r
        service_notification_commands   notify-service-by-email
        host_notification_commands      notify-host-by-email
        email                           <Email_address>
        }
define contactgroup{
        contactgroup_name       <client's name>-admins
        alias                   <client's name> Administrators
        members                 <client's name>,shared
        }
############################## <client's name> DATA ENDS ######################


Note: Where <Email_address> is the email addresss to which notification goes

7. Add the following lines in /usr/local/nagios/etc/objects/hostgroups.cfg

################## nsdesign GROUP BEGINS ##############
define hostgroup{
        hostgroup_name  nsdesign ; The name of the hostgroup
        alias           NSDesign Linux Servers ; Long name of the group
        members         server.dnsblock1.com,server.dnsblock2.com,server.dnsblock3.com,server.dnsblock4.com,server.dnsblock5.com,server.nsdesign.net,server.dnsblock6.com,server.dnsblock7.com,server.q4server.co.uk,server.hellodkdo.com,server.dnsblock8.com    ;
        }
################## nsdesign GROUP ENDS ##############



8. Issue the following command for nagios config test

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

9. Restart nagios if there is no error in config test

/etc/init.d/nagios restart

########################## How to add a nagios user to monitor their servers? #######################################

Run the following command,

htpasswd  /usr/local/nagios/etc/htpasswd.users <username>

and give password



########################## How to install NRPE in client server? #######################################

On the remote server
====================

cd /opt/
wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.15.tar.gz
wget http://www.mycutelife.net/sanju/newtickethelp/nagios_downloads/nrpe-1.9.tar.gz
wget http://www.mycutelife.net/sanju/newtickethelp/nagios_downloads/nrpe
wget http://www.mycutelife.net/sanju/newtickethelp/nagios_downloads/nrpe.cfg
useradd nagios
tar -xvzf nagios-plugins-1.4.15.tar.gz
cd nagios-plugins-1.4.15/
./configure
make
make install
cd /opt/
tar -xvzf nrpe-1.9.tar.gz
cd nrpe-1.9/
./configure
make all
cd /opt/
mkdir /usr/local/nagios/bin
mkdir /usr/local/nagios/etc
cp nrpe-1.9/src/nrpe /usr/local/nagios/bin/
cp nrpe.cfg /usr/local/nagios/etc/
cp nrpe /etc/xinetd.d/
echo "nrpe  5666/tcp" >> /etc/services
chkconfig nrpe on
/sbin/iptables -I INPUT -p tcp -s 0/0 --dport 5666 -j ACCEPT;
service iptables save;
/etc/rc.d/init.d/xinetd restart


Then enter mysql prompt 

mysql
mysql> create database nagios;
Query OK, 1 row affected (0.02 sec)

mysql> grant all privileges on nagios.* to nsduser@nagios-server-ip identified by 'Hnj7bjsv45nkja0L';

mysql> quit
Bye

Next step is to give the nagios server ip to file /etc/xinetd.d/nrpe

vi /etc/xinetd.d/nrpe 
===============================================
# default: on
       # description: NRPE
       service nrpe
       {
               flags           = REUSE
               socket_type     = stream
               wait            = no
               user            = root
               server          = /usr/local/nagios/bin/nrpe
               server_args     = -c /etc/nrpe.conf --inetd
               log_on_failure  += USERID
               disable         = no
               only_from       = <nagios-server-ip>
       }
=================================================

where <nagios-server-ip> is the IP of the Nagios Server

To check mysql in remote server, run the following command in the nagios server.

./check_mysql --hostname=<remote-server-ip>  --port=3306 --username=nsduser --password=Hnj7bjsv45nkja0L

Allow the nagios-server-ip in the iptables and in the csf

The file /usr/local/nagios/etc/nrpe.cfg contains details of the internal commands from where it is loaded and parameters. 


Add Nagios Users


Add users to nagios

1) Create .cfg files for server. in /usr/local/nagios/etc/objects/
2) add user to use nagios interface
 htpasswd /usr/local/nagios/etc/htpasswd.users jikku
 file /usr/local/nagios/etc/htpasswd.users
3) Add contact details in contacts.cfg
4) Add hostgroup entries.






Nagios: internal service monitoring

1) Add plugin in client server in location /usr/local/nagios/libexec and
add command to /usr/local/nagios/etc/nrpe.cfg

egs: 
command[check_eximmailqueue]=/usr/local/nagios/libexec/check_eximmailqueue
-w 1000 -c 2000
command[check_disk1]=/usr/local/nagios/libexec/check_disk -w 20 -c 10 -p
/dev/sda3
command[check_disk2]=/usr/local/nagios/libexec/check_disk -w 20 -c 10 -p
/dev/sdb1

2) add the details to the nagios server in the file
/usr/local/nagios/etc/objects/brett/venus.serversdeployed.com.cfg

egs: 
# Define a service to check the disk space on the local machine.

define service{
        use                             local-service         ; Name of
service template to use
        host_name                       venus.serversdeployed.com
        service_description             /
        check_command                   check_nrpe!check_disk1
        }

define service{
        use                             local-service         ; Name of
service template to use
        host_name                       venus.serversdeployed.com
        service_description             /backup
        check_command                   check_nrpe!check_disk2
        }



To check working of command from client server
root@venus [/usr/local/nagios/libexec]# ./check_users -w 5 -c 10 USERS OK - 1 users currently logged in |users=1;5;10;0 root@venus [/usr/local/nagios/libexec]# ./check_load -w 15,10,5 -c 30,25,20 OK - load average: 0.31, 0.22, 0.14|load1=0.310;15.000;30.000;0; load5=0.220;10.000;25.000;0; load15=0.140;5.000;20.000;0;
To check working of command from nagios server
/usr/local/nagios/libexec/check_nrpe -H 216.240.191.18 -c check_eximmailqueue


Nagios: errors and fixes


Errors obtained on checking mail queue of client server from nagios server

1 ) “must have a tty to run sudo”
Fix:
Comment the line “Defaults    requiretty” in file /etc/sudoers


2)  “sent and no askpass program specified”
Fix:
add following line in /etc/sudoers
nagios ALL= NOPASSWD:/usr/sbin/exim -bpc




Nrpe version


# /usr/local/nagios/bin/nrpe --help
NRPE - Nagios Remote Plugin Executor
Copyright (c) 1999-2003 Ethan Galstad (nagios@nagios.org)
Version: 1.9
Last Modified: 07-22-2003
License: GPL

Tuesday, 20 May 2014

WordPress Preventing Password Protecting a Directory


Password protecting a subdirectory using the cPanel icon (or a .htpasswd file) will be unsuccessful if WordPress is installed in the public_html directory with permalinks enabled.

Edit .htaccess File

  1. Edit the .htaccess file in your WordPress home folder (public_html) and remove the line  of code shown in bold below:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress
  2. Replace that line with this new line:

    RewriteRule ./ /index.php [L]

    The final code snippet will look like this:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ./ /index.php [L]
    </IfModule>
    # END WordPress
  3. Save your changes.

Reset Permalinks

  1. From the left-hand navigation menu in WordPress, click Settings > Permalinks. Note the current setting. If you are using a custom structure, copy or save the custom structure somewhere.
  2. Select Default.
  3. Click Save Settings.
  4. Change the settings back to the previous configuration (before you selected Default). Put the custom structure back if you had one.
  5. Click > Save Settings.
This should reset the permalinks and prevent any posts or pages from returning a 404 Page Not Found error. You should now be able to password protect a subdirectory.

Saturday, 17 May 2014

Create SUDO user in cPanel

For security you might want to disable direct SSH login as root.

First of all login as root and create an user

#useradd sshadmin
#passwd sshadmin

Now add this user to wheel group from WHM

WHM -> Security Center -> Manage Wheel Group Users

OR from command line

#usermod -G wheel sshadmin

Now open /etc/ssh/sshd_config and set

PermitRootLogin no

Restart the ssh service

/etc/init.d/sshd restart

Now you can ssh to server as user sshadmin and run the command “su -” to switch to root user.

Now the thing is that “su -” asks for root password. If you don’t want to remember the root password then you can add the user sshadmin to sudo user list. Add below lines to /etc/sudoers

sshadmin    ALL=(ALL)       ALL

Now run the command “sudo su -” and it will directly switch to user root without asking password.