Admins eHow SysAdmin Tips & Tricks

June 7, 2009

Change Linux Password from PHP Script

Filed under: CentOS,Debian,General,PHP — Tags: , , , — admin @ 8:48 pm

There are a few scripts available on net which allow you to change a linux user password from PHP. but all of them are very complex and hard to implement , so after some hours of work , I’ve written this PHP script 🙂 it is very simple , in order for this to work you need to allow your webserver to run sed command as root through sudoers , or allow your webserver to write on your /etc/shadow file.

$username='USERNAME';
$password='PASSWORD';  // New Password
$sed='/bin/sed'; //Path to sed command
$salt = substr($username, 0, 2);
$pass_crypt = crypt($password, $salt);
$pass_crypt=str_replace("/","\/",$pass_crypt);
system($sed." -i 's/".$username.":[a-zA-z0-9/$\.]*/".$username.":".$pass_crypt."/g' /etc/shadow",$retval);

May 16, 2009

Guide to secure the server using DenyHosts

Filed under: CentOS,Debian,General,Security — Tags: , , , , — admin @ 9:20 am

One of the greatest tools I have found to secure the server from brute force attacks and keep your server out of the reach of hackers is DenyHosts.
What DenyHosts does is very simple , but very effective , it processes auth.log ( in Debian based distros ) or secure.log ( in Redhat based distros ) and finds unsuccessful login attempts through ssh and blocks the attacker through /etc/hosts.deny file.
also it has a central server which can synchronize all DenyHosts instances around the world , so if there is an attacker detected in US , it will be blocked in all of the world very fast ! but this option needs to be enabled in config file.
DenyHosts is an open source project and is available to download at sourceforge : http://denyhosts.sourceforge.net

As my favorite distro is Debian , I guide you how to install and use it on Debian. but steps are almost the same on CentOs.
DenyHosts is available through Debian repos so you can simply install it by :

apt-get install denyhosts

then you need to configure it , configuration file is located at /etc/denyhosts.conf
I suggest you to read the whole file and understand it , it worth’s the time. but in case you need a good working configuration, you can use mine :

SECURE_LOG = /var/log/auth.log
HOSTS_DENY = /etc/hosts.deny
PURGE_DENY = 1w
PURGE_THRESHOLD = 2
BLOCK_SERVICE  = sshd
DENY_THRESHOLD_INVALID = 5
DENY_THRESHOLD_VALID = 10
DENY_THRESHOLD_ROOT = 1
DENY_THRESHOLD_RESTRICTED = 1
WORK_DIR = /var/lib/denyhosts
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES
LOCK_FILE = /var/run/denyhosts.pid
ADMIN_EMAIL = youremail@domain.com
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts <nobody@domain.com>
SMTP_SUBJECT = DenyHosts Report
AGE_RESET_VALID=5d
AGE_RESET_ROOT=25d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h
SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
SYNC_INTERVAL = 1h
SYNC_UPLOAD = yes
SYNC_DOWNLOAD = yes
SYNC_DOWNLOAD_THRESHOLD = 3
SYNC_DOWNLOAD_RESILIENCY = 5h

Don’t Forget to set ADMIN_EMAIL and SMTP_FROM to your own emails.
One of the important steps that you should do is to add your own IP address to white list so it doesn’t get blocked.
to do this , open /var/lib/denyhosts/allowed-hosts file and enter your own IP in it.
if you have forgotten to do this and now you are blocked from server , you need to connect to server from another IP address and do the following steps :

1.Stop DenyHosts :

/etc/init.d/denyhosts stop

2.Remove the IP address from /etc/hosts.deny
3.Also you need to remove your IP address from any file located in /var/lib/denyhosts , first look which files contain your IP :

grep Your_IP *

The remove the IP from files using your favorite editor or method 😉

Edit : I have found a great solution to delete your IP from all files all at once.

sed -i '/Your IP/d' *

4.Consider adding the IP address to /var/lib/allowed-hosts
5.Start DenyHosts

May 12, 2009

Secure Your WebServer by Disabling Dangerous PHP Functions

Filed under: CentOS,cPanel,Debian,General,Security — Tags: , , , — admin @ 8:02 pm

In order to secure your web server you need to disable some php functions which may be used to hack your server.
open your php.ini file and search for “disable_functions” then replace it with following directive :

disable_functions = "apache_child_terminate, apache_setenv, define_syslog_variables, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode"

after this step you need to restart apache server.
if you have cPanel installed on your server , you need to run the following command from SSH for cPanel work properly :

/scripts/makecpphp

it will make another instance of PHP for internal cPanel/WHM use.

Check Memory Usage in Linux

Filed under: CentOS,Debian,General — Tags: , — admin @ 5:39 pm

In order to check memory usage in Linux , there are several commands , but the most useful commands I have found are the following :

Check total memory usage :

# free -m
total       used       free     shared    buffers     cached
Mem:           512        490         21          0         16        160
-/+ buffers/cache:        314        197
Swap:         1023         76        947

what you are looking for is in front of “-/+ buffers/cache:” , in above example Total memory is 512MB , Used memory is 314MB and Free memory is 197MB.
it also shows the usage of Swap which is 76MB from 1023MB Total.

Check detailed processes memory usage :

# ps aux | awk '{print $4"\t"$11}' | sort | uniq -c | awk '{print $2" "$1" "$3}' | sort -nr
10.0 1 (squid)
2.7 1 python
1.5 1 /usr/sbin/pdns_recursor
1.3 1 sshd:
1.3 1 /usr/sbin/apache2
.........

This command is a little complex , we dont want to go into the details of command. we are only interested in the output.
The First column shows the percent of memory which this process is using , second column shows the number of instances of the process and the third column is the name of process. in the above example , process “squid” is using 10% of my server memory and python is using 2.7% of memory.

May 9, 2009

How to autostart a service on Debian, CentOs and RedHat

Filed under: CentOS,Debian,General — Tags: , , , — admin @ 3:31 pm

For Debian based distros run the following command as root :

update-rc.d servicename defaults

For CentOS and RedHat run the following command as root :

chkconfig servicename on
« Newer Posts

Powered by WordPress