Here is the location of the main Cpanel configuration file. You can configure many of it’s various components, such adding more cpu’s to cpuwatch:
/var/cpanel/cpanel.config
Bash: How to add a line on top of text files with sed
Sometimes you might need to add one or more lines of text to the top of an existing text file. Let ‘sed’ rescue you:
sed -i '1iSTUFF TO ADD' file.txtYou can add multiple lines (separated by \n) to multiple files at once:
sed -i '1iSTUFF TO ADD\nMORE STUFF' *.txtLocation of IMAP and POP3 configuration in Cpanel
Right here:
/usr/lib/courier-imap/etc/...Find files modified/created within N days ago
This proved to be useful in cleaning up a compromised site. List all the files created or modified within a certain time frame — in this case we are looking 30 days in the past:
find . -mtime -30 -type f -printIf you want to delete all files created/modified n days ago, you can do something like this:
find . -mtime -30 -type f -exec rm {} \;Or this:
find . -mtime -30 -type f -print0 | xargs -0 rmNetworking issues when cloning a Debian installation
When cloning a Debian system, be sure to remove everything in:
/etc/udev/rules.d/*persistent-net.rulesThis will allow the new hardware to detect properly.
Sorting disk usage by folder in Linux
Normally you would use something like this:
du -k | sort -nr > sorted.txtBut the output is not pretty since we don’t like counting bytes. This will sort it in human readable format:
du -k | sort -nr | awk '
BEGIN {
split("KB,MB,GB,TB", Units, ",");
}
{
u = 1;
while ($1 >= 1024) {
$1 = $1 / 1024;
u += 1
}
$1 = sprintf("%.1f %s", $1, Units[u]);
print $0;
}
' > sorted.txtPre-analysis of a DDOS attack on a Cpanel or Linux server
Determine the nature of the attack (SYN, GET, ect):
netstat -nat | awk '{print $6}' | sort | uniq -cThe following will list all the IPs connecting to the server in order of most connections.
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1We can see which domains are most active (in the case of a GET style attack):
cd /usr/local/apache/domlogs/
ls -ltr |tail -50Then, we can see which IPs are active on a particular domain and take appropriate action (drop in firewall, ect):
cd /usr/local/apache/domlogs/
tail -f <domainname> | awk {'print $1'}Tracking SPAM on a Cpanel Server
If you are using a cpanel/WHM server then the MTA will be Exim by default.
Enable Mailheaders by running /scripts/easyapache script. After that, check the mail header using:
exim -Mvh <message id>From that you will able to find the source of spam.
Setting up Adaptec Storage Manager on a headless Ubuntu/Debian server
Adaptec RAID cards have huge performance gains over other cards, but the management features in Linux stink. Really bad. If you don’t have a GUI installed, you cannot set up monitoring or alerts, but thankfully you can use a Windows machine to set this up remotely. Additionally, there are no .deb packages so we have to convert the .rpm to a .deb package.
Download the latest installer in RPM format:
sudo bash ### Dang it Debian! LOL
wget http://download.adaptec.com/raid/storage_manager/asm_linux_x64_v6_30_18507.rpm
Convert the .rpm to a .deb package and install it:
apt-get install alien
alien --scripts asm_linux_x64_v6_30_18507.rpm
dpkg -i storman_6.30-18508_amd64.deb
Start the ‘StorMan’ agent:
/usr/StorMan/StorMan.sh
Add the following to /etc/rc.local (before the ‘exit 0’ line) so it starts automatically as the included init script is broken miserably. Don’t forget the ampersand or else you’ll hang up the boot process:
/usr/StorMan/StorMan.sh &
Now you can remotely connect using a remote Windows or Linux GUI to check RAID status and set up email alerts. It’s painfully obvious Adaptec is catering to the Windows crowd on this one, but at least there’s a work around.
Setting up a large disk array in Linux through LVM
A very large disk array (hardware RAID) combined with LVM (Logical Volume Management) will give you a vast amount of flexibility. Without LVM, you’ll have to reboot the entire machine to realize the new space when adding RAID members. Using LVM, you can take advantage of OLE (On Line Expansion) and expand your existing volumes without rebooting. In this post, I discuss the creation of the initial VG (Volume Group), PV (Physical Volume) and LV (Logical Volume) which compose LVM. I’ll discuss OLE later in another post.
In this example, a large RAID array exists at /dev/sdb. There are no partitions on this disk; it is freshly created in the RAID card’s BIOS.
root@rj04:~# fdisk -l
...snip...
Disk /dev/sdb: 2977.4 GB, 2977474543616 bytes
255 heads, 63 sectors/track, 361990 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000
Disk /dev/sdb doesn't contain a valid partition table
1. Create a new PV (Physical Volume) on the new disk. This is the ‘top layer’ of LVM:
pvcreate /dev/hdb
2. Create a new VG (Volume Group) inside the new PV. This is the ‘middle layer’ of LVM:
vgcreate vg0 /dev/hdb
3. Create a new LV (full size). This is the ‘bottom layer’ of LVM where you can put your filesystems:
lvcreate -n lvol0 vg0 -L 2.70T
4. Create and format the filesystem. Remember to choose the correct block size (4k block size allows up to 8Tb size, which is enough for the max our array will expand to):
mkfs -t ext3 -m 0 -v -b 4096 /dev/vg0/lvol0
5. Add mount point, update fstab, and mount the new disk:
mkdir /data ## Create mount
echo "/dev/vg0/lvol0 /data ext3 defaults 0 2" >> /etc/fstab ## Make filesystem aware of the mount
mount /data ## Actually mount the disk
6. Verify your work:
root@rj04:~# df -h
Filesystem Size Used Avail Use% Mounted on
...snip...
/dev/mapper/vg0-lvol0
2.7T 202M 2.7T 1% /data