Wednesday, 6 November 2013

Update kernel version in debian wheezy server

Check the previous kernel versions and architecture.

Edit /etc/apt/sources.list, 

vi /etc/apt/sources.list

Add the line [backports],

deb wheezy-backports main contrib non-free

Update the apt-get,

apt-get update

To find the latest kernel image,type the following line,

apt-cache search linux-image-3

And select latest kernel image,

Run the command.

apt-get -t wheezy-backports install linux-image-3.10-0.bpo.3-amd64 firmware-linux-free

Reboot the system


Please check new kernel,

uname -r

Let's enjoy

Saturday, 24 August 2013

Kernel recompilation

Simple Steps:

1. cd /usr/src
2. wget -c
3. tar xvfj linux-2.6.20.tar.bz2
4. cd linux-2.6.20
5. make clean && make mrproper
6. make menuconfig
7  make clean
8. make bzImage
9. make modules
10. make modules_install
11.make install
It will install three files into /boot directory as well as modification to your kernel grub configuration file:

12. mkinitrd /boot/initrd-2.6.20.img 2.6.20
Then new compiled kernel shown in /etc/grub.conf with existing kernel,now you edit it with yourself with using default option


Sunday, 11 August 2013

Cpanel update failure in upcp

upcp errors on your cpanel update
Most of time cpanel update won’t get any errors and shows like cpanel update failure in upcp. If you getting the following error when cPanel tries to update.
 Running `/usr/local/cpanel/scripts/updatenow –upcp –log=/var/cpanel/updatelogs/update.12522061.log` failed, exited with code 25 (signal = 0)
Check the following files which is OS version and cpanel sysinfo configuration.
cat /etc/redhat-release
cat /var/cpanel/sysinfo.config
open your /var/cpanel/sysinfo.config file and  make sure “rpm_dist_ver” is not configured as “unknown”.  It should match the major version of the OS.
change like rpm_dist_ver=5  if you OS is 5.9.

For example :
+-(~)->cat /etc/redhat-release
CentOS release 5.9 (Final)

+-(~)->cat /var/cpanel/sysinfo.config

/var/cpanel/sysinfo.config updated.

+-(~)->cat /var/cpanel/sysinfo.config

NAT in linux

network-address-translation (NAT) on a Linux system with iptables rules so that the system can act as a gateway and provide internet access to multiple hosts on a local network using a single public IP address. This is achieved by rewriting the source and/or destination addresses of IP packets as they pass through the NAT system.

The system on which NAT is set up will act as the gateway for private network. According to this tutorial this computer should meet the following requirements:
1) It should have at least 2 NICs(network interface controllers). One to connect to Internet and the other to connect to the private network.
2) It should be running Linux.
3) It should have a kernel supporting iptables.

Terminologies and Concepts

The 2 interfaces concerned will be eth0 and eth1.
eth0 -> This will be the interface connected to the Internet.
eth1 -> This interface will be connected to the private network.

Now, let us see if they are being recognized as networking devices too or not. Run these commands to confirm it.
[jasonleon]$ ifconfig eth0
[jasonleon]$ ifconfig eth1
ifconfig is a utility to configure the network interfaces. If you see the output of both of the commands similar to this
eth0    Link encap:Ethernet  HWaddr 00:21:70:94:56:b2  
    inet addr:  Bcast:  Mask:
    inet6 addr: fe80::221:70ff:fe94:56b2/64 Scope:Link
    RX packets:690495 errors:0 dropped:0 overruns:0 frame:0
    TX packets:748777 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000 
    RX bytes:482335870 (482.3 MB)  TX bytes:763131223 (763.1 MB)
then it means that both of the interfaces are being recognized as network devices/interfaces and so we are in a state to proceed futher.

Configure your iptables to enable NAT

Now, I am assuming that you have already configured your system to be able to connect to Internet. Now, we need to configure the iptables to enable NAT.
Assuming that you don't have any previous tables run this command to delete the previous rules so that we may define new ones.
iptables -F OR iptables --flush
iptables -t nat -F OR iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
Now we will enable Packet Forwarding by Kernel, run this command in the terminal
[jasonleon]$ echo 1 > /proc/sys/net/ipv4/ip_forward
Now, we need to create new rules. Run the following series of commands to create new rules
[jasonleon]$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE OR iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
[jasonleon]$ iptables -A FORWARD -i eth1 -j ACCEPT OR iptables --append FORWARD --in-interface eth1 -j ACCEPT
         service iptables save

         service iptables restart

Configuring the server's eth1 interface

Now, we need to configure the network settings of eth1 interface and assign it an IP address so that the machines on the private network may use it as a gateway. For this we will have to edit the files that contain configurations for NICs
For Fedora, centOS and Redhat users eth1 configuration file is located at /etc/sysconfig/network-scripts/ifcfg-eth1
After editing it should look as follows.
In Ubuntu, Debian eth0 configuration file is at /etc/network/interfaces.
auto eth1
iface eth1 inet static

Configure the client side to access Internet through our Gateway

Add the following entries on the client machine to access Internet. Gateway will be the IP address we have assigned to our machine on eth1 interface. Remember to keep the IP address of the client machine in the same class of Gateway's IP address.
IP address:
DNS: 209:59.31.54

How to reinstall the Grub Boot loader on Dedicated Linux Server

Below steps will help to rebuild / reinstall the corrupted or unknowingly deleted Grub Boot loader using the rescue mode in Redhat / Centos.
  • Boot the system from Redhat / Centos Installation Disk/DVD or Flash Drive
  • Type the ‘linux rescue’ command at the installation prompt to enter into the rescue environment.
  • Type the command  ‘chroot /mnt/sysimage’ to mount the root partition.
  • Type the command ‘/sbin/grub-install /dev/sda’ to reinstall the GRUB BOOT LOADER here boot partition is there in 'sda'. 
  •  Review the /boot/grub/grub.conf.
  •  Then Reboot the server

Thursday, 8 August 2013

RHEL / CentOS Linux: Mount and Access NTFS Partition

How to enable NTFS support on CentOS Linux version 5 or 6? How do I mount ntfs partition under RHEL 5 or 6?

First, you need to install EPEL repo as described here. The following command will turn in EPEL repo on RHEL / CentOS version 6.x:
$ cd /tmp

# rpm -ivh


NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems.
NTFS-3G can create, remove, rename, move files, directories, hard links, and streams; it can read and write normal and transparently compressed files, including streams and sparse files; it can handle special files like symbolic links, devices, and FIFOs, ACL, extended attributes; moreover it provides full file access right and ownership support.

How Do I Install NTFS-3G?

Type the following command as root user:
# yum install ntfs-3g
Sample outputs:
yum install ntfs-3g
Loaded plugins: product-id, rhnplugin, subscription-manager
Updating Red Hat repositories.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package ntfs-3g.x86_64 2:2011.4.12-3.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
 Package         Arch           Version                     Repository    Size
 ntfs-3g         x86_64         2:2011.4.12-3.el6           epel         247 k
Transaction Summary
Install       1 Package(s)
Total download size: 247 k
Installed size: 624 k
Is this ok [y/N]:

How Do I Find Out NTFS Partition Name?

Simply type the following command:
# fdisk -l /dev/sda
# fdisk -l /dev/sdb

Sample outputs:
Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xf0000000
   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          13      102400    7  HPFS/NTFS
Partition 1 does not end on cylinder boundary.
/dev/sda2              14       60802   488281089    5  Extended
/dev/sda5              14       59767   479970304   83  Linux
/dev/sda6           59767       60802     8309760   82  Linux swap / Solaris

How Do I Mount /dev/sda1 NTFS Partition at /mnt/ntfs?

First, load the fuse driver, enter:
# modprobe fuse
Create a mount point, enter:
# mkdir /mnt/ntfs
To mount the ntfs partition, enter:
# mount -t ntfs-3g /dev/sda1 /mnt/ntfs
You can use regular Unix commands to copy or access the files:
$ df -h
$ mount
$ cd /mnt/ntfs
$ cp foo /tmp

How Do I Unmount NTFS Partition?

Type the following command:
# umount /mnt/ntfs

Tuesday, 6 August 2013

whitelist particular domain in spamassassin for server wide.

For example you have want to whitelist * in the server.There is one option in spamassasin to whitelist this,but you have only whitelisted this for each user account which means you have login into each cpanel account and manually whitelisted * in spamassassin under mail option.

But I have created one script to whitelist this * for all accounts[server level].


Go to exim configuration manager,
Enabled this option"" SpamAssassin™: Forced Global ON "".

Then try this script.[one by one]

 for i in `ls /var/cpanel/users` ; do mkdir /home/$i/.spamassassin ; done

for i in `ls /var/cpanel/users` ; do touch /home/$i/.spamassassin/user_prefs  ; done

for i in `ls /var/cpanel/users` ; do echo whitelist_from *  > /home/$i/.spamassassin/user_prefs  ; done

for i in `ls /var/cpanel/users` ; do chown $i.$i /home/$i/.spamassassin ; done

for i in `ls /var/cpanel/users` ; do chown $i.$i /home/$i/.spamassassin/user_prefs ; done

Thats all.

Sunday, 4 August 2013

Domlog files are not getting updated.

Today, I noticed that awstat not showing any usage and while checking, I could see that no logs are getting added to the domlogs file. I checked awstat settings in the server via WHM and everything was fine. I googled the issue a lot and finally end up with the following fix.
Open the apache conf.
#vi /usr/local/apache/conf/httpd.conf
Search for the line
ErrorLog /usr/local/apache/logs/error_log
Beneth that line add the following:
LogFormat “%h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-Agent}i”” combined
LogFormat “%{Referer}i -> %U” referer
LogFormat “%h %l %u %t “%r” %>s %b” common
LogFormat “%{User-agent}i” agent
Save and exit, then run:
/usr/local/cpanel/bin/apache_conf_distiller –update
restart apache
Awstat started updating itself at last. :)

Friday, 2 August 2013

Change shared memory ownership and permission

We know that we can use ipcs to view shared memory segment information,we can use ipcrm to delete a segment.
But wait. Assume that you first run a program as root user,  which creates a shared memory segment of 40GB size. Then you realize that for security resaon, we should use as less privilege as possible, so you decide to run it as the nobody user. However, because the segment was created with perm 0600, the nobody user can’t access it. You definitely don’t want to dump the whole memory and recreate a new segment and recover.  It would be nice if we can simply change the ownership and permission of the  segment.
So I created the tool called chshm for this purpose,

Usage: ./chshm [Options] shmid ...
    -u|--user        change owner to 
    -g|--group      change group to 
    -m|--mode             change mode to  in octal

    ./chshm -u nobody -m 0660 65535 
    This will change shm id 65535's owner to nobody, mode to 0660

Thursday, 1 August 2013

How to find PHP Shell on your server

In most of the hacking or defacing the most common tool used is PHP Shell. If you scan your server regularly for php shell and delete them you can avoid many hacking and defacing attempt on your server.

#Scanning all users directory for various php shell
# Below command is one line so see that its one line in your script or else it will generate error

echo "No PHP Shell was Found" > /root/scan.txt
/bin/egrep "cgitelnet|webadmin|PHPShell|tryag|r57shell|c99shell|noexecshell|/etc/passwd|revengans|myshellexec" /home/*/public_html -R | cut -d: -f1 | uniq > /root/scan.txt

/bin/cat /root/scan.txt | mail -s "PHP Shell Scan"

#Replace your email address above

#Cron Settings
# 0 6 * * * PATH TO SCRIPT
The above script is a very simple shell script which will scan all public_html directories of all cpanel accounts for various php shell. Then the script will mail you the locations of PHP Shell. You can set cron for this script to run once a day. If you check the code I have added a cron for it which you can use which will execute the script on 6th hour daily.

Wednesday, 31 July 2013

view external: query (cache) denied

I have registered my nameserver  at registrar. I have properly updated the zone file in the server. But for some reason while checking the dig result the new name-server details were not showing correctly. I have checked the logs and got the following error.
view external: query (cache) denied
Reason : in the view external section in named.conf, the entry for my domain was commented. Once I un-comment, everything was correct.
If you got similar type of error, check your named.conf and also check whether named.conf and the zone file is ok using the following commands
named-checkzone /var/named/

Sunday, 28 July 2013


Drop DDOS attack
20 04 2009

1. Find.. to which IP address in the server is targeted by the ddos attack

netstat -plan  | grep  :80 | awk ‘{print $4}’ | cut -d: -f1 |sort |uniq -c

2. Find… from which IPs, the attack is coming

netstat -plan  | grep  :80 | awk '{print $5}' | cut -d: -f1 |sort |uniq -c
netstat -plan |grep :25 | awk '{print $5}' |cut -d: -f1 |sort |uniq -c |sort -n

give thie command in destination server.

rsync --progress --stats -avzxl --rsh='ssh -p22' [source] [destination]/home/ekozasti/

rsync --progress --stats -avzxl --rsh='ssh -p22' /home/ekozasti/

rsync -avz -e  /var/named/cpanelphp.txt root@

scp -P 2255 villaaqu_hotel.sql root@

                          rewrite rule
 Options +FollowSymLinks RewriteEngine On RewriteRule ^.*$ index.html

iptables -vnL --line // show the iptable rule with line //

iptables -D INPUT line no.  // to delete the rule //

                   to find mail script

grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

less /var/log/exim_mainlog | grep /home or /tmp

less /var/log/exim_mainlog | grep cwd | grep /home/<username>

grep "cwd=" /var/log/exim_mainlog|awk '{for(i=1;i<=10;i++){print $i}}'|sort|uniq -c|grep cwd|sort -n



postcat -q 7ECB9C36BF4 | more
grep POST */statistics/logs/access_log
  grep POST */statistics/logs/access_log | grep wp-cont
 grep POST */statistics/logs/access_log | grep wp-cont | grep the
 grep POST */statistics/logs/access_log | grep wp-cont | grep themes

To remove frozen mails
exim -bpu | grep frozen | awk {'print $3'} | xargs exim -Mrm

                 database backup

   grep -i '`website`' mydbbkp2013.sql > website.sql

 mysqladmin variable | grep -i innodb [to find innodb run or not]         

   Perl script to find injection files.

  add spf for all domains

for user in `ls /var/cpanel/users`; do /usr/local/cpanel/bin/spf_installer $user; done

for user in `ls /var/cpanel/users`; do /usr/local/cpanel/bin/dkim_keys_install $user; done

to see perl module

To find the userid ownership and changed to another.

find . -gid 1011 -uid 1009 -exec chown www-data.www-data {} \;

To view the imap connection for domain
ps ax | grep ""

smtp port


The roundcube database uses InnoDB tables in its database:

mysql -e "show table status" roundcube |grep -i innodb |awk '{print $1,$2}'

-> The DB has been re-rysnc from old server to new server with the command
"mysqldump --compatible" so that all version are supported.

Reinstalled the spamassasin in cpanel:

/scripts/realperlinstaller --force Mail::SpamAssassin

Grep command

grep -rw xxxx .
grep -irl xxxx .
grep xxxx *

0 11 * * * /usr/local/sbin/maldet --scan-all /home?/?/public_html > /dev/null 2>&1
11 1 * * * /usr/local/bin/clamscan -ir /home -l /var/log/clamscan.log --move=/root/results

ffmpeg tool.
check video conversion,
ffmpeg -i 500.mp4 -ar 22050 -acodec libmp3lame -ab 32K -r 25 -s 320x240 -vcodec flv testvideo1.flv

clear memory cache in ram

echo 1 > /proc/sys/vm/drop_caches

/usr/local/cpanel/bin/tailwatchd --disable=Cpanel::TailWatch::ChkServd
/usr/local/cpanel/bin/tailwatchd --enable=Cpanel::TailWatch::ChkServd


my script[change NS]under named dir--->bcoz sed command find this in all files under which dir you are currently present.[if you want change two NS] use this,

Sed provides -e option to run multiple sed commands in a single sed command. The above output can be achieved in a single sed command as shown below.

>sed -e 's/unix/linux/' -e 's/os/system/' file.txt
linux is great system. unix is opensource. unix is free os.

for i in `cat test.txt` ; do sed -e 's/find/replace/g' -e 's/find/replace/g' $i ; done[PLEASE USE -i INSTEAD OF -e]

 for x in `cat testtangeran_zonefiles.txt`; do sed -i 's/' $x; done;
for x in `cat testtangeran_zonefiles.txt`; do sed -i "s/" $x ; done;

find /home/*/public_html -name php.ini -maxdepth 1 > testaz.txt
for i in `cat testaz.txt` ; do mv $i $i"_moved" ; done
for i in `cat testaz.txt` ; do chown root.root $i"_moved" ; done

mail issue in plesk[recreate mail handlers]
/usr/local/psa/admin/sbin/mailmng --stop-service
/usr/local/psa/admin/sbin/mchk --with-spam
/usr/local/psa/admin/sbin/mailmng --start-service

key_buffer_size = 1024MB + (read_buffer_size = 1MB + sort_buffer_size = 4MB) * 200 ~= 2GB[myaql optimization]

Script to optimize apache webserver

# Credits Gus Maskowitz, Rob Wilderspin, Dan Farmer, Mark Hyde
# ===================================== DO SECTION =====================================
if [ "$ME" != "root" ]; then
echo “You’ll need to be root to run this”
  exit 1
/sbin/service httpd status 2>&1 >/dev/null
if [ $? -ne 0 ]; then
exit 0
apachetuner_version=”Apachetuner v1.0″
if [ -f /etc/redhat-release ]; then
system=$(cat /etc/redhat-release)
echo “This does not appear to be Red-Hat and is unfortunately not yet supported”
  exit 0
# This was written specifically for a Rackspace environment
if [ -f /root/.rackspace/server_number ]; then
server_number=$(cat /root/.rackspace/server_number)
server_name=$(uname -n)
server_httpd_rpm=$(rpm -qf $(which httpd))
memtotal_mb=$(awk ‘/MemTotal/ {printf “%d”, $2/1024}’ /proc/meminfo)
# mem_alert_level=$(echo $memtotal_mb | awk ‘{printf “%d”, $0 * 0.9}’)
#### The following cointributed by Mark Hyde
apache_architecture=$(awk -F’: +’ ‘$1~/^Architecture/{print $2}’ ${HTTPD_V_TMPFILE} )
apache_mpm=$(awk -F’: +’ ‘$1~/^Server MPM/{print $2}’ ${HTTPD_V_TMPFILE} )
apache_server_version=$(awk -F’: +’ ‘$1~/^Server version/{print $2}’ ${HTTPD_V_TMPFILE} )
# Thank you to Rob Wilderspin for this magic…
eval $(awk ‘/\<IfModule prefork.c\>/,/<\/IfModule/ \
{/^ServerLimit/ && s=$2; /^MaxClients/ && m=$2} \
END {printf “serverlimit=%d maxclients=%d”, s, m}’ $config_file)
httpd_root=$(awk -F\” ‘/HTTPD_ROOT/ {print $2}’ $HTTPD_V_TMPFILE)
httpd_server_config_file=$(awk -F\” ‘/SERVER_CONFIG_FILE/ {print $2}’ $HTTPD_V_TMPFILE)
httpd_default_errorlog=$(awk -F\” ‘/DEFAULT_ERRORLOG/ {print $2}’ $HTTPD_V_TMPFILE)
# Dan Farmer created this logic to find the size of each additional apache in memory.
apacheuser=$(ps -ef|awk ‘/httpd/ && !/root/ {print $1}’ | uniq)
num_of_apache_children=$(ps -u $apacheuser -o pid= | wc -l)
apache_in_ram=$(ps -u $apacheuser -o pid= | xargs pmap -d | awk ‘/private/ {c+=1; sum+=$4} END {printf “%.2f”, sum/c/1024}’)
apache_footprint=$(echo $apache_in_ram*$num_of_apache_children | bc -l)
ram_at_maxc=$(echo $maxclients*$apache_in_ram|bc -l)
mem_percentage_at_max=$(echo $ram_at_maxc/$memtotal_mb*100 | bc -l)
# echo $mem_percentage_at_max
if [ -f /etc/php.ini ]; then
php_meml=$(awk ‘/^memory_limit/ {print $3}’ /etc/php.ini);
echo “Checking for /etc/php.ini Not found”;
http_binary=$(netstat -plnt |grep :80|awk -F/ ‘{print $2′})
# =================================== DISPLAY SECTION ===================================
echo “
echo “$system
# This was written specifically for a Rackspace environment
if [ -f /root/.rackspace/server_number ]; then
echo “Server Number: $server_number
echo “Server Name: $server_name
Total Physical Memory: $memtotal_mb MB
echo “Version: $apache_server_version
RPM: $server_httpd_rpm
httpd binary: $(which $http_binary)
Whats running on port 80 $(netstat -plnt |grep :80|awk ‘{print $7}’)
Apache Architecture: $apache_architecture”
echo “Serverlimit is: $serverlimit
MaxClients is: $maxclients”
echo “httpd root $httpd_root
httpd server config file $httpd_root/$httpd_server_config_file
httpd default errorlog $httpd_root/$httpd_default_errorlog”
echo “
/etc/php.ini memory_limit is: $php_meml
=====================APACHE RUNTIME=====================
Apache user: $apacheuser
Average Memory use: $apache_in_ram MB per child
Number of children: $num_of_apache_children
Current memory footprint $apache_footprint MB
Maximum memory footprint $ram_at_maxc MB ($(printf %0.f $mem_percentage_at_max)% of installed RAM)
System memory divided by MaxClients $(printf %0.00f $(echo $memtotal_mb/$maxclients |bc -l))
System memory divided by Apache child size $(printf %0.f $(echo $memtotal_mb/$apache_in_ram | bc -l))