I feel you iSheeps, it should be so hard that everyone pokes fun at you because of your nonsense ideas like golden size or rule of Thumb ? Do you remember calling bigger phones bricks ? NOW YOU HAVE A BIG 5.5″ BRICK. Don’t forget that Galaxy S5 is only 5.2″, smaller than iPhone 6+. Ha, you cant remember right !? Suddenly you cant remember. OK Let me help you then :
http://gizmodo.com/5847981/this-is-why-the-iphones-screen-will-always-be-35-inches
root@X:[/etc/logrotate.d]: cat /etc/logrotate.d/vsftpd
/var/log/vsftpd.log
{
create 640 root adm
# ftpd doesn't handle SIGHUP properly
missingok
notifempty
rotate 4
weekly
prerotate
echo "<html><body><table>$(grep "OK LOGIN" /var/log/vsftpd.log | awk '{print $8" "$12'} | sort | uniq -c | awk '{print "<tr><td>"$2"</td><td>"$3"</td><td>"$1"</td></tr>"}')</table></body></html>" | mail -a "Content-type: text/html" -s 'FTP REPORT' mail@domain.com
endscript
}
For Adaptec Raid you need arcconf tool to check the raid status, you can install it based on the instructions provided on this link (For Debian) :
http://hwraid.le-vert.net/wiki/DebianPackages
After you have arcconf installed, create /usr/bin/raidcheck with following content and make it executable :
#!/bin/bash
RESULT=$(arcconf GETCONFIG 1 | grep Status | grep -v "Not Installed" | grep -v Optimal)
if [ -n "$RESULT" ]; then
wget http://domain.com/notify.php?m=RAID_ERROR -O /dev/null
else echo "Raid is OK"
fi
Note : In my script I have chosen to use a php script on another server to send the alert, this way I wont need to install a mail server on every server which I am monitoring. you can do the same or change the wget line to whatever you want.
Put the script in the cron to check the raid status every 12 hours :
0 */12 * * * /usr/bin/raidcheck
To disable ipv6 on Linux, add following line to /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
Now apply the change :
sysctl -p
Notice : You need root access to cPanel server to be able to use this method.
DropBox is my favorite cloud space provider. Their recent price adjustment (1TB for $10/mo) has made using it a no brainer IMO. It is specially very good for backup purposes because it keeps different versions of your files without using any extra space. The retention period for free accounts is 30 days and for pro accounts is 1 year.
So lets say you take a backup of your website and upload it to DropBox everyday and size of your backup is 100MB. if you keep doing it for 1 year, in fact DropBox is keeping 365 x 100MB of your files which you can retrieve any of them while only 100MB of your space is used! it is crazy good, I know.
In order to be able to backup cPanel accounts directly to DropBox, first we need a method to upload files to DropBox from Linux command line. Fortunately there is a very good solution out there to do it : https://github.com/andreafabrizi/Dropbox-Uploader
Please refer to script documentation on how to install it on your server and link it to your DropBox account. it is fairly easy.
After you linked the script to your DropBox Account, move it to /usr/bin folder.
If you want to test it, run the following command and it should show your DropBox account info :
root@X:[~]: dropbox_uploader.sh info Dropbox Uploader v0.14 > Getting info... Name: X X UID: 012345 Email: email@domain.com Quota: 1021760 Mb Used: 2611 Mb Free: 1019148 Mb
Now create /usr/bin/backup2db with following content and make it executable :
#!/bin/bash for fn in $1; do /scripts/pkgacct $fn /usr/bin/dropbox_uploader.sh upload /home/cpmove-$fn.tar.gz /cpanel-backup/cpmove-$fn.tar.gz rm /home/cpmove-$fn.tar.gz done
Thats it ! We are good to go.
Command to backup cPanel account acct1 :
backup2db 'acct1'
It even support multiple account backup :
backup2db 'acct1 acct2 acct3'
If you need daily backups, you can put it in cron :
0 0 * * * /usr/bin/backup2db 'acct1 acct2 acct3' > /dev/null 2>&1
Sometimes you may need to kill hanged processes with high CPU usage automatically. the following script can help you to do it :
#!/bin/bash
PROCESSNAME=''
HL=10
IFS=$'\n'
L=$(ps aux | grep $PROCESSNAME)
for fn in $L; do
PID=$(echo $fn | awk '{print $2'})
LOAD=$(echo $fn | awk '{print $3'})
if [ $(echo "$LOAD > $HL" | bc -l ) -eq 1 ]
then
kill -9 $PID
echo "Killed $PID"
fi
done
Set PROCESSNAME to the process name which you want to be checked and HL to high load threshold.
Please note the load is based what ‘ps’ command reports and not what you see inside ‘top’.
It is a very good security practice to completely disable password authentication on your Linux server and use public key authentication method.
In order to do that you need to create your own public/private key pair and put the public key in ~/.ssh/authorized_keys
mkdir -p ~/.ssh echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHV80zPWjPAwKo8Be0k1ypBRMdYDC0H2eQchu3MFsEp8av2F/18GNuHsbyMWp0p1uovP5LGZ/oPZ1ISJxLxxOBiqv0fOyb8uTDYWUUITgGvq9Fppj3BNYTjnLCUAVMKdP3VJ7IPk69ygYR1nhAXiv3dSfeG74f2eo3ZYhrylsVS2G84DUh47FuEFOsfn5s2wXVjwAgqdKBhiVQZWrptf6TEK3fZTVg4rCiRJ+YiIwTZr/CfFHbdqOiwDlGR5fWo0PHHq31lrQXzkASfi3C+ahQFnHsy4+8LdCq+TjzC3J6PbuXP1wpLdm1iP35f61hU1wX2hwhyxdvE+SBXT/PpSVB' >> ~/.ssh/authorized_keys
DISCLAIMER : The above key is my public key, if you put it on your server, I will be able to login into your server 😀
Now add/change the following config to the BEGINNING of /etc/ssh/sshd_config
ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no PubkeyAuthentication yes
and restart ssh service :
service ssh restart
In order to check that only public key authentication is available run the following command on the server :
ssh -o PreferredAuthentications=none -o NoHostAuthenticationForLocalhost=yes localhost -p 22
and you should get this error :
Permission denied (publickey).
Note : Before closing your current SSH session, I highly recommend you to test that actually you can login into your server by new method. otherwise you may be locked out of your server.
If you have a compromised cPanel account which is used by spammers to send out spam emails, you can use the following trick to prevent the account from sending out any emails temporarily until you can fix the issue.
Edit “/etc/cpanel_exim_system_filter” and add the following ACL to the end of it.
Change USERNAME to compromised cPanel account.
if ( $received_protocol is "local" or $received_protocol is "esmtpa" ) and ( $h_Received contains "USERNAME" ) then seen finish endif
If you want to make the change permanent, you have to create a file in “/usr/local/cpanel/etc/exim/sysfilter/options” and put above rule in it.
Powered by WordPress
Filter out comments and empty lines from config files