Monthly Archives: April 2020

How to install Rkhunter on cPanel Server

Hi,

Security is always our concern when we have servers contain very sensitive data. There are many security enhancement tools for Linux/Unix bases systems. We go for firewalls and malware detectors sometimes. Here the Rkhunter is also a tool like that but it’s more powerful than the rest of the tools available.

The Rkhunter can help us to find rootkits, backdoors and other exploits and vulnerable scripts, programs etc running on the servers. Are familiar with AIDE? The Rkhunter has the same logic that used by AIDE, it detects file modifications, inspects file permissions, suspicious file names and kernel modules etc.

This can be uses as a auditing tool if the data are so fragile and if we are so concerned about it. I will explain how we can install this tool on a cPanel server. You can also follow the same method even if your server does not have cPanel installed on it. The steps are common.

Install Rkhunter on cPanel servers

  1. Login to the server as root user.
  2. Run the following commands on the server to install Rkhunter.

cd /usr wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz tar -zxvf rkhunter-1.4.2.tar.gz cd rkhunter-1.4.2 ./installer.sh --layout default --install

The next step is to update the Rkhunter database, it’s basically copy or save the current system info, like info about the files, permissions etc. Later a modification is done, it will compare that with this saved info.

Run the below commands to update the database for Rkhunter:
# /usr/local/bin/rkhunter --update # /usr/local/bin/rkhunter --propupd

Output:

Run rkhunter for the first time

We will go for the command mentioned below to run the tool for the first time:
# rkhunter -c

Output:

Automation: add a cronjob to execute Rkhunter

To set cron job and audit the server on daily basis, please do the steps below:
nano -w /etc/cron.daily/rkhunter.sh
Paste this text inside:
#!/bin/sh ( /usr/local/bin/rkhunter --versioncheck /usr/local/bin/rkhunter --update /usr/local/bin/rkhunter --cronjob --report-warnings-only ) | /bin/mail -s 'rkhunter Daily Run ($hostname) your_address@mail.com

Set file permissions:
# chmod 700 /etc/cron.daily/rkhunter.sh

That’s all guys, please note that the Rkhunter will not always give the perfect info or output, you can also go for AIDE, OSSEC etc to explore more! Thanks ! ๐Ÿ™‚

Install Logwatch and Log analyzer – Linux

Hi all,

The log files help us to get information about the activities taking place on a server. The Logwatch is a management tool for analyzing and reporting on a server’s log files. It can be used to send information to the system administrator about the log activity as mentioned earlier.

What are log files? Logs are application-generated files useful for tracking down and understanding what has happened in the past.

Step 1: Install Logwatch
As a matter of best practice weโ€™ll update our packages:
yum -y update
Then letโ€™s install Logwatch and any required packages:
yum -y install logwatch
Step 2: Configuration File Locations
Local Configuration Options can be found in:
/etc/logwatch/conf/logwatch.conf
Default Configuration Options can be found in:
/usr/share/logwatch/default.conf/logwatch.conf
It is best practice to leave the Default Configuration as is, and edit the Local Configuration option, which is under /etc as listed above.
Step 3: Configuring Logwatch

  1. The e-mail address to which daily digest (reports) should be sent:
    MailTo = root
    Replace root with your email address required.
    Example: MailTo = admin@nixlinux.com
  2. The e-mail address from which reports originate:
    MailFrom = Logwatch
    You might wish to replace Logwatch with your own again.
    Example: MailFrom = admin@nixlinux.com
  3. Setting the range for the reports:
    Range = yesterday
    You have options of receiving reports for All (all available since the beginning), Today (just today) or Yesterday (just yesterday).
    Example: Range = Today
  4. Setting the reports’ detail:
    Detail = Low
    You can modify the reports’ detail here. Options are: Low, Medium and High.
    Example: Detail = Medium
  5. Setting services (applications) to be analysed:
    By default, Logwatch covers a really wide range of services. If you would like to see a full list, you can query the contents of the file scripts/services located at /usr/share/logwatch/.
    Example: ls -l /usr/share/logwatch/scripts/services
    Service = All
    You can choose to receive reports for all services or some specific ones.
    For all services, keep the line as: Service = All
    If you wish to receive reports for specific ones, modify it similar to the following example, listing each service on a new line (e.g. Service = [name]).
    Example:
    Service = sendmail Service = http Service = identd Service = sshd2 Service = sudo ..
  6. Disabling daily reports:
    #DailyReport = No
    If you do not wish to have daily repots generated, you should uncomment this line.
    Example: DailyReport = No instead of # DailyReport = No
    That’s all, now you will be able to receive daily reports based on log files from your server automatically.

Install NGINX on WHM / Cpanel

The NIGIX Admin is integrated with Cpanel, there are lot of advantages of using NGINX as plugin increases your server speed and managing load balance. It can be managed from your WHM panel, it protects server from DDOS attacks too.

To install the NGINX Admin, you can follow the below steps.
You may first download the package using wget command, do the following.

  1. Login to the server as root user and run the following commands.
    root# cd /usr/local/src root# wget http://nginxcp.com/latest/nginxadmin.tar root# tar xf nginxadmin.tar root# cd publicnginx root# ./nginxinstaller install
    You may receive a warning message while installing
    root# ./nginxinstaller install access key doesn't exist
    Go to WHM > Cluster/Remote Access > Setup Remote Access Key
    and click on the Generate New Key button
    root# ./nginxinstaller install /usr/local/src/publicnginx Welcome to the Nginx Admin installer......Starting Install Please Wait ....... ^[[BGenerating vhosts... Installing WHM interface... Installing mod_remoteip... Updating cPanel Configuration Reading Apache Configuration updating Apache configuration **************************************************** * Installation Complete * *run /etc/init.d/httpd restart to start Nginx Admin*
    Note : After installing it the HTTPD port will be switched to 8081 and NGINX port
    pointing to 80
    root# /etc/init.d/nginx start Starting nginx daemon: nginxnginx: [emerg] unknown "no_cache" variable already running.
    solution :
    The NGINX does not starting which means may have server without a single account in WHM. So login into
    your WHM Panel to create a new account and restart NGINX.
    Nginx Admin Uninstall instruction:
    root# cd /usr/local/src # wget http://nginxcp.com/latest/nginxadmin.tar # tar xf nginxadmin.tar # cd publicnginx # ./nginxinstaller uninstall
    That’s all!
    Thanks!

Add PHP handler – URL issues with website

Hi friends,

Sometimes when we access a URL, it gets downloaded to the local machine where it not meant to be. In such scenarios, you can check the PHP handlers that mentioned in the .htaccess file of your problematic site. First you must know what’s a PHP handler, please continue reading before going to the steps.

A PHP handler defines the method that Apache uses to communicate back and forth with your PHP scripts. In order for a site to run on PHP, the server must interpret the PHP code and generate a page when visitors access the website. It interprets the code based on which PHP library you are using, such as PHP 4 or PHP 5. A PHP handler is what actually loads the libraries so that they can be used for interpretation. PHP handlers determine how PHP is loaded on the server.

STEPS:

  1. ssh to the server as root user
  2. Open the .htaccess file under the problematic domain using a text editor
  3. Please add the following lines at the end of the file then write quit the file and check if the issue gets fixed. Done!!
    AddType application/x-httpd-php .html .htm
    UPDATE 1
    It may be PHP version specific. If you’re using PHP5 try:
    AddType application/x-httpd-php5 .html .htm
    UPDATE 2
    Try:
    RemoveHandler .html .htm AddType application/x-httpd-php .php .htm .html

Now try to access the URL and see if it works for you, thanks!!

Commonly Used Port Numbers

Hi all,

We are familiar with the term port, we use various applications and they all need specific port numbers for communicating with the computer/server, some commonly used port numbers are shown below ๐Ÿ™‚

cPanel
cPanel 2082 cPanel - SSL 2083 WHM 2086 WHM - SSL 2087 Webmail 2095 Webmail - SSL 2096
Email
POP3 110 POP3 - SSL 995 IMAP 143 IMAP - SSL 993 SMTP 25 SMTP Alternate 26 SMTP Alternate 587 SMTP - SSL 465
Web
HTTP 80 SSL 443 FTP 21 FTPs 990 SFTP 22 SFTP Shared/Reseller Servers 2222 Webdisk 2077 Webdisk - SSL 2078 MySQL 3306 MSSQL 1433 SSH 22 SSH Shared/Reseller Servers 2222
Other
Plesk Control Panel 8880 Plesk Control Panel - SSL 8443 Plesk Linux Webmail N/A Plesk Windows Webmail (SmarterMail) 9998* Virtuozzo 4643 DotNet Panel 9001 DotNet Panel Login 80
Hope the above can help you !!
 

Install iftop command CentOS

The iftop command helps us to monitor the server by providing frequently-updated list of network connections to the server. The connections are normally ordered by bandwidth usage. It listens to the network traffic and displays the bandwidth usage by hosts.

The installation steps of iftop command are shown below.

IFTOP Pre-requisite

  1. libpcap : module provides a user-level network packet capture information and statistics.
  • libncurses : is a API programming library that enables programmers to provide text-based interfaces in a terminal.

Install libpcap and libncurses

Installation of the libpcap and libncurses library with YUM command for error-free iftop installation.

# yum -y install libpcap libpcap-devel ncurses ncurses-devel

Install IFTOP

Download iftop from itโ€™s website with Wget command as shown below.

# wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz

Follow the below all commands to install iftop.

# tar -zxvf iftop-0.17.tar.gz
# cd iftop-0.17
# ./configure
# make
# make install
Hope that the above post helped you a bit !!
Thank you!!

Find number of connections from an IP to the server Linux

When a client machine connects to a server via network, a connection is established and opened on the system. The load on the server goes high as the number of connections to the server are high, the number can be in thousands. It also help in finding out and get a list of connections on the server by each node, client or IP address is useful for system scaling planning, and in most cases, detect and determine whether a web server is under DoS or DDoS attack (Distributed Denial of Service), where an IP sends large amount of connections to the server.

We use the ‘netstat’ command to find the number of connections from each IP to the server.

Login to the server via SSH and execute the following on the command line.
netstat -an |grep tcp|awk '{print $5}'|cut -d: -f1|sort|uniq -c|sort -n

The output will be like as follows.

2   123.345.576 26  121.123.123 124 111.111.111 1   222.222.222

The first column indicates the number of connections from the IP that listed in the second column.

That’s it, hope the above helped you. Thank you!

DirectAdmin log files location/path

Hi all,

In this article I am not going to write more words, you ca n just go through the article and fine the log file locations which may probably help you to troubleshoot issues you face with Direct-admin control panel. Every time the front end will not help us also the log files via back end will give more precise information regarding errors and all.The locations of some common Direct-admin log files are mentioned below, it can help to troubleshoot issues related to your server. Please go through them.

DirectAdmin:

/var/log/directadmin/error.log /var/log/directadmin/errortaskq.log /var/log/directadmin/system.log /var/log/directadmin/security.log
Apache:

/var/log/httpd/error_log /var/log/httpd/access_log /var/log/httpd/suexec_log /var/log/httpd/fpexec_log /var/log/httpd/domains/domain.com.error.log /var/log/httpd/domains/domain.com.log
Proftpd:

/var/log/proftpd/access.log /var/log/proftpd/auth.log
pop3/imap:

/var/log/maillog /var/log/messages
Bind(named):

/var/log/messages
exim(smtp):

/var/log/exim/mainlog /var/log/exim/paniclog /var/log/exim/processlog /var/log/exim/rejectlog NOTE: On FreeBSD there may be prefix โ€œexim_โ€

MySQL:
RedHat:

/var/lib/mysql/server.hostname.com.err
FreeBSD:

/usr/local/mysql/data/server.hostname.com.err
Cronlog:

/var/log/cron

Check the related posts, Thank you !!

Cron Job Linux

About Cron: The Linux Cron Job is a utility that can be used to execute or shedule a particular task
in the background at a specific time/date on an on-going basis. It is very helpful to get done the tasks automatically at the background and also time saving.

Linux Crontab Format

MIN
Minute field

0 to 59

HOUR
Hour Field

0 to 23

DOM
Day of Month

1 to 31

MON
Month Filed

1 to 12

DOW
Day of Week

0 to 6

CMD
Command

Command to be executed

Commands:

1. Scheduling a Job For a Specific Time
As already said, the basic intention behind the cron is to execute or run a specific job(task) in a specified time.

The cron given below will trigger the full back-up shell script(full-backup) on the specified time in the job.

30 07 08 09 * /home/sam/full-backup


30 – 30th Minute
07 – 07 AM
08 – 08th Day
09 – 9th Month (sept)

* – Every day of the week

2. Schedule a Job For Multiple Instance
We can schedule the cron to run at multiple instances, this will help to run the scripts at two different time specofied in the script. (for example twice a day).
The time instances are seperated using a comma operator in the script.
The following command will take the incremental backup (incremental-backup) shell script in the times specified.

00 11,16 * * * /home/sam/bin/incremental-backup


00 -0th Minute (Top of the hour)
11,16 – 11 AM and 4 PM

  • – Every day
  • – Every month

* – Every day of the week

3. Schedule a Job for Specific Range of Time
It helps to schedule a job for a specic range of time or in certain intervals.
An example to check the dabase status is shown below(every day) during the specified hours.

00 09-18 * * * /home/sam/bin/check-db-status


00 – 0th Minute (Top of the hour)
09-18 – 9 am, 10 am,11 am, 12 am, 1 pm, 2 pm, 3 pm, 4 pm, 5 pm, 6 pm

  • -Every day
  • -Every month

* -Every day of the week

The above cron job can be also set to check-db-status on every week days using the command shown below.
00 09-18 * * 1-5 /home/sam/bin/check-db-status

4. Command to view current cronjob entries for a user

The current logged-in user’s crontab entries can be viewed using the following command.

veeble@EcLinux:~$ crontab -l

no crontab for veeble

5. Command to view current cronjob entries for the root
The current root crontab entries can be viewed using the following command.


root@NixLinux:~$ crontab -l @monthly /home/veeble/monthly-backup 00 09-18 * * * /home/sathiya/check-db-status


6. Schedule a Job for Every Minute Using Cron

Ideally you may not have a requirement to schedule a job every minute. But understanding this example will will help you understand the other examples mentioned below in this article.

  • * * * * CMD

*/5 in minute field indicates every 5 minutes.
0-10/2 in minute field inidicates every 2 minutes in the first 10 minute.
So, we can use the above method for all the other 4 fields.

Schedule a Background Cron Job For Every 10 Minutes

*/10 * * * * /home/sam/check-disk-space

Instead of specifying values in the 5 fields, we can specify it using a single keyword as mentioned below.
There are special cases in which instead of the above 5 fields we can use @ followed by a keyword such as reboot, midnight, yearly, hourly.

Keyword Equivalent
@yearly 0 0 1 1 *
@daily 0 0 * * *
@hourly 0 * * * *
@reboot Run at start up

a) Schedule a Job For First Minute of Every Year using @yearly

@yearly /home/sam/red-hat/bin/annual-maintenance

b) Schedule a Cron Job Beginning of Every Month using @monthly

@monthly /home/sam/red-hat/bin/annual-maintenance

c) Schedule a Background Job Every Day using @daily

@daily /home/sam/red-hat/bin/annual-maintenance

d) How to Execute a Linux Command After Every Reboot using @reboot?

@reboot CMD

Enjoy freedom with Linux, its awesome ๐Ÿ™‚