Saturday, 24 August 2013

Kernel recompilation


Simple Steps:

1. cd /usr/src
2. wget -c http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.20.tar.bz2
3. tar xvfj linux-2.6.20.tar.bz2
4. cd linux-2.6.20
5. make clean && make mrproper
6. make menuconfig
7  make clean
8. make bzImage
9. make modules
10. make modules_install
11.make install
It will install three files into /boot directory as well as modification to your kernel grub configuration file:

    System.map-2.6.25
    config-2.6.25
    vmlinuz-2.6.25

12. mkinitrd /boot/initrd-2.6.20.img 2.6.20
Then new compiled kernel shown in /etc/grub.conf with existing kernel,now you edit it with yourself with using default option



 
 
 

Sunday, 11 August 2013

Cpanel update failure in upcp

upcp errors on your cpanel update
Most of time cpanel update won’t get any errors and shows like cpanel update failure in upcp. If you getting the following error when cPanel tries to update.
 Running `/usr/local/cpanel/scripts/updatenow –upcp –log=/var/cpanel/updatelogs/update.12522061.log` failed, exited with code 25 (signal = 0)
Check the following files which is OS version and cpanel sysinfo configuration.
cat /etc/redhat-release
cat /var/cpanel/sysinfo.config
open your /var/cpanel/sysinfo.config file and  make sure “rpm_dist_ver” is not configured as “unknown”.  It should match the major version of the OS.
change like rpm_dist_ver=5  if you OS is 5.9.

For example :
+-(root@cPanel)(04:51:50)
+-(~)->cat /etc/redhat-release
CentOS release 5.9 (Final)

+-(root@cPanel)(04:44:19)
+-(~)->cat /var/cpanel/sysinfo.config
ises=2
lock=
release=5.9
rpm_arch=
rpm_dist=centos
rpm_dist_ver=unknown

+-(root@cPanel)(04:44:57)
+-(~)->/usr/local/cpanel/scripts/gensysinfo
/var/cpanel/sysinfo.config updated.

+-(root@cPanel)(04:45:35)
+-(~)->cat /var/cpanel/sysinfo.config
ises=2
lock=
release=5.9
rpm_arch=i386
rpm_dist=centos
rpm_dist_ver=5

NAT in linux

network-address-translation (NAT) on a Linux system with iptables rules so that the system can act as a gateway and provide internet access to multiple hosts on a local network using a single public IP address. This is achieved by rewriting the source and/or destination addresses of IP packets as they pass through the NAT system.

The system on which NAT is set up will act as the gateway for private network. According to this tutorial this computer should meet the following requirements:
1) It should have at least 2 NICs(network interface controllers). One to connect to Internet and the other to connect to the private network.
2) It should be running Linux.
3) It should have a kernel supporting iptables.

Terminologies and Concepts

The 2 interfaces concerned will be eth0 and eth1.
eth0 -> This will be the interface connected to the Internet.
eth1 -> This interface will be connected to the private network.

Now, let us see if they are being recognized as networking devices too or not. Run these commands to confirm it.
[jasonleon]$ ifconfig eth0
[jasonleon]$ ifconfig eth1
ifconfig is a utility to configure the network interfaces. If you see the output of both of the commands similar to this
eth0    Link encap:Ethernet  HWaddr 00:21:70:94:56:b2  
    inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
    inet6 addr: fe80::221:70ff:fe94:56b2/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    RX packets:690495 errors:0 dropped:0 overruns:0 frame:0
    TX packets:748777 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000 
    RX bytes:482335870 (482.3 MB)  TX bytes:763131223 (763.1 MB)
    Interrupt:250
then it means that both of the interfaces are being recognized as network devices/interfaces and so we are in a state to proceed futher.

Configure your iptables to enable NAT

Now, I am assuming that you have already configured your system to be able to connect to Internet. Now, we need to configure the iptables to enable NAT.
Assuming that you don't have any previous tables run this command to delete the previous rules so that we may define new ones.
iptables -F OR iptables --flush
iptables -t nat -F OR iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
Now we will enable Packet Forwarding by Kernel, run this command in the terminal
[jasonleon]$ echo 1 > /proc/sys/net/ipv4/ip_forward
Now, we need to create new rules. Run the following series of commands to create new rules
[jasonleon]$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE OR iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
[jasonleon]$ iptables -A FORWARD -i eth1 -j ACCEPT OR iptables --append FORWARD --in-interface eth1 -j ACCEPT
         service iptables save

         service iptables restart

Configuring the server's eth1 interface

Now, we need to configure the network settings of eth1 interface and assign it an IP address so that the machines on the private network may use it as a gateway. For this we will have to edit the files that contain configurations for NICs
For Fedora, centOS and Redhat users eth1 configuration file is located at /etc/sysconfig/network-scripts/ifcfg-eth1
After editing it should look as follows.
DEVICE=eth1
ONBOOT=yes
IPADDR=192.168.0.1
NETMASK=255.255.255.0
BOOTPROTO=static
In Ubuntu, Debian eth0 configuration file is at /etc/network/interfaces.
auto eth1
iface eth1 inet static
address 192.168.0.1
netmask 255.255.255.0

Configure the client side to access Internet through our Gateway

Add the following entries on the client machine to access Internet. Gateway will be the IP address we have assigned to our machine on eth1 interface. Remember to keep the IP address of the client machine in the same class of Gateway's IP address.
IP address: 192.168.10.3
Netmask: 255.255.255.0
DNS: 209:59.31.54
Gateway: 192.168.10.1

How to reinstall the Grub Boot loader on Dedicated Linux Server

Below steps will help to rebuild / reinstall the corrupted or unknowingly deleted Grub Boot loader using the rescue mode in Redhat / Centos.
  • Boot the system from Redhat / Centos Installation Disk/DVD or Flash Drive
  • Type the ‘linux rescue’ command at the installation prompt to enter into the rescue environment.
  • Type the command  ‘chroot /mnt/sysimage’ to mount the root partition.
  • Type the command ‘/sbin/grub-install /dev/sda’ to reinstall the GRUB BOOT LOADER here boot partition is there in 'sda'. 
  •  Review the /boot/grub/grub.conf.
  •  Then Reboot the server

Thursday, 8 August 2013

RHEL / CentOS Linux: Mount and Access NTFS Partition

How to enable NTFS support on CentOS Linux version 5 or 6? How do I mount ntfs partition under RHEL 5 or 6?

First, you need to install EPEL repo as described here. The following command will turn in EPEL repo on RHEL / CentOS version 6.x:
$ cd /tmp

# rpm -ivh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

NTFS-3G

NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems.
NTFS-3G can create, remove, rename, move files, directories, hard links, and streams; it can read and write normal and transparently compressed files, including streams and sparse files; it can handle special files like symbolic links, devices, and FIFOs, ACL, extended attributes; moreover it provides full file access right and ownership support.

How Do I Install NTFS-3G?

Type the following command as root user:
# yum install ntfs-3g
Sample outputs:
yum install ntfs-3g
Loaded plugins: product-id, rhnplugin, subscription-manager
Updating Red Hat repositories.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package ntfs-3g.x86_64 2:2011.4.12-3.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================
 Package         Arch           Version                     Repository    Size
===============================================================================
Installing:
 ntfs-3g         x86_64         2:2011.4.12-3.el6           epel         247 k
Transaction Summary
===============================================================================
Install       1 Package(s)
Total download size: 247 k
Installed size: 624 k
Is this ok [y/N]:

How Do I Find Out NTFS Partition Name?

Simply type the following command:
# fdisk -l /dev/sda
# fdisk -l /dev/sdb

Sample outputs:
Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xf0000000
   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          13      102400    7  HPFS/NTFS
Partition 1 does not end on cylinder boundary.
/dev/sda2              14       60802   488281089    5  Extended
/dev/sda5              14       59767   479970304   83  Linux
/dev/sda6           59767       60802     8309760   82  Linux swap / Solaris

How Do I Mount /dev/sda1 NTFS Partition at /mnt/ntfs?

First, load the fuse driver, enter:
# modprobe fuse
Create a mount point, enter:
# mkdir /mnt/ntfs
To mount the ntfs partition, enter:
# mount -t ntfs-3g /dev/sda1 /mnt/ntfs
You can use regular Unix commands to copy or access the files:
$ df -h
$ mount
$ cd /mnt/ntfs
$ cp foo /tmp

How Do I Unmount NTFS Partition?

Type the following command:
# umount /mnt/ntfs

Tuesday, 6 August 2013

whitelist particular domain in spamassassin for server wide.

For example you have want to whitelist *@abc.com in the server.There is one option in spamassasin to whitelist this,but you have only whitelisted this for each user account which means you have login into each cpanel account and manually whitelisted *@abc.com in spamassassin under mail option.

But I have created one script to whitelist this *@abc.com for all accounts[server level].

Step1:

Go to exim configuration manager,
Enabled this option"" SpamAssassin™: Forced Global ON "".

Then try this script.[one by one]

 for i in `ls /var/cpanel/users` ; do mkdir /home/$i/.spamassassin ; done

for i in `ls /var/cpanel/users` ; do touch /home/$i/.spamassassin/user_prefs  ; done

for i in `ls /var/cpanel/users` ; do echo whitelist_from *@abc.com  > /home/$i/.spamassassin/user_prefs  ; done

for i in `ls /var/cpanel/users` ; do chown $i.$i /home/$i/.spamassassin ; done

for i in `ls /var/cpanel/users` ; do chown $i.$i /home/$i/.spamassassin/user_prefs ; done

Thats all.

Sunday, 4 August 2013

Domlog files are not getting updated.

Today, I noticed that awstat not showing any usage and while checking, I could see that no logs are getting added to the domlogs file. I checked awstat settings in the server via WHM and everything was fine. I googled the issue a lot and finally end up with the following fix.
FIX:
Open the apache conf.
#vi /usr/local/apache/conf/httpd.conf
Search for the line
——–
ErrorLog /usr/local/apache/logs/error_log
——–
Beneth that line add the following:
——–
LogFormat “%h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-Agent}i”” combined
LogFormat “%{Referer}i -> %U” referer
LogFormat “%h %l %u %t “%r” %>s %b” common
LogFormat “%{User-agent}i” agent
——–
Save and exit, then run:
——–
/usr/local/cpanel/bin/apache_conf_distiller –update
/usr/local/cpanel/bin/build_apache_conf
restart apache
/scripts/restartsrv_httpd
——–
Awstat started updating itself at last. :)

Friday, 2 August 2013

Change shared memory ownership and permission

We know that we can use ipcs to view shared memory segment information,we can use ipcrm to delete a segment.
But wait. Assume that you first run a program as root user,  which creates a shared memory segment of 40GB size. Then you realize that for security resaon, we should use as less privilege as possible, so you decide to run it as the nobody user. However, because the segment was created with perm 0600, the nobody user can’t access it. You definitely don’t want to dump the whole memory and recreate a new segment and recover.  It would be nice if we can simply change the ownership and permission of the  segment.
So I created the tool called chshm for this purpose,


Usage: ./chshm [Options] shmid ...
Options:
    -u|--user        change owner to 
    -g|--group      change group to 
    -m|--mode             change mode to  in octal

eg:
    ./chshm -u nobody -m 0660 65535 
    This will change shm id 65535's owner to nobody, mode to 0660

Thursday, 1 August 2013

How to find PHP Shell on your server

In most of the hacking or defacing the most common tool used is PHP Shell. If you scan your server regularly for php shell and delete them you can avoid many hacking and defacing attempt on your server.


#!/bin/bash
#Scanning all users directory for various php shell
# Below command is one line so see that its one line in your script or else it will generate error

echo "No PHP Shell was Found" > /root/scan.txt
/bin/egrep "cgitelnet|webadmin|PHPShell|tryag|r57shell|c99shell|noexecshell|/etc/passwd|revengans|myshellexec" /home/*/public_html -R | cut -d: -f1 | uniq > /root/scan.txt

/bin/cat /root/scan.txt | mail -s "PHP Shell Scan" user@domain.com

#Replace your email address above

#Cron Settings
# 0 6 * * * PATH TO SCRIPT
The above script is a very simple shell script which will scan all public_html directories of all cpanel accounts for various php shell. Then the script will mail you the locations of PHP Shell. You can set cron for this script to run once a day. If you check the code I have added a cron for it which you can use which will execute the script on 6th hour daily.