Showing posts with label Linux Commands. Show all posts
Showing posts with label Linux Commands. Show all posts

Sunday, October 17, 2010

Linux Networking Commands: lsof

LSOF command is used to find the status of your machineie, for revealing information about network sockets, familar to netstat command. This command saves a lot of time for the admin to handle and also provides the right direction when trouble shooting what direction your machine is up to. The below are the some examples of this command:


Example:


Show all open TCP files - Will return what service is running, who is running it, the process ID and the connections on all TCP ports:


# lsof -i TCP


Show open TCP files on port 80 -


# lsof -i TCP:80


returns --> httpd2-wo 7010 wwwrun 3u IPv6 14787 TCP *:http (LISTEN)


Show open LDAP connections on TCP -


# lsof -i TCP:636


Want to know what files are open by a particular command (substitute your command after the c, and yes you can abbreviate it matches the closest command)-


# lsof -c mysq


returns -->
mysqld 991 admin cwd DIR 8,3 240 148743 /home/admin/novell/idm/mysql/data
mysqld 991 admin rtd DIR 8,3 536 2 /
mysqld 991 admin txt REG 8,3 5464060 148691 /home/admin/novell/idm/mysql/bin/mysqld
mysqld 991 admin 0r CHR 1,3 41715 /dev/null
mysqld 991 admin 1w REG 8,3 1250 149954 /home/admin/novell/idm/mysql/mysql.log
mysqld 991 admin 2w REG 8,3 1250 149954 /home/admin/novell/idm/mysql/mysql.log
mysqld 991 admin 3u IPv4 86990 TCP *:63306 (LISTEN)...


Want to know what files are open by a particular device?


#lsof /dev/cdrom


returns --> bash 30904 admin cwd
DIR 3,0 2048 63692 /media/cdrecorder/linux/user_application_provisioning


You can change TCP to UDP and narrow down your requests to very specific items you want to target (i.e. is there an established connection from xyz.somesite.com?).


# lsof -i TCP@192.168.0.2:636 (lists LDAP connections to my server)


returns --> java 890 root 18u IPv6 8365030
TCP myserver.somecompany.com:42936->myserver.somecompany.com:ldaps (ESTABLISHED)


ndsd 6520 root 262u IPv4 8390927
TCP myserver.somecompany.com:ldaps->myserver.somecompany.com:43123 (ESTABLISHED)


Environment:


The "lsof" command will work on any SUSE variant - Novell OES, Suse Linux Enterprise Server, Suse Linux Enterprise Desktop, and OpenSUSE.
Posted by black wallpaper at 4:48 AM
Labels: ,

Monday, July 12, 2010

Error deleting FTP account or not able to delete FTP account.






If you have deleted a FTP account and it’s still apearing on the CPanel–>>FTP Accounts, then follow the below steps :

==================================================================
root@server[#] cd /etc/vftp/

root@server[#] vi username

then just remove the entry from the file for the FTP account that you want to delete.

:wq!
===================================================================

Tags:-cpanel,webadmin help,linux,commands,ftp error,cpanel error,ftp cpanel,ftp
Posted by black wallpaper at 6:21 AM
Labels: , , , , ,

Steps to disable website pages download using wget ?






Wget is a network utility to retrieve files from the World Wide Web using HTTP and FTP.It works non-interactively, so it can work in the background, after having logged off. The program supports recursive retrieval of web-authoring pages as well as FTP sites—you can use Wget to make mirrors of archives and home pages or to travel the Web like a WWW robot, checking for broken links.

For disabling wget to grab your site pages then simply add the code below in the .htaccess file under public_html directory [for which you wish to disable the wget grabbing].

===================================
SetEnvIfNoCase User-Agent “^Wget” bad_bot

Order Allow,Deny
Allow from all
Deny from env=bad_bot

===================================

Now, if anybody tries to grab info from your website using wget, he will receive a 403 error.

Please check this link to know more information about wget

http://wget.addictivecode.org/FrequentlyAskedQuestions

Tags:-wget,cpanel,webadmin,serveradmin,apachae,linux,commands,wget,cpanel,whm
Posted by black wallpaper at 6:16 AM
Labels: , , , , , ,

Tuesday, July 6, 2010

Steps to disable Telnet in a Server


Telnet is a network protocol used as "bidirectional interactive text-oriented communications" underlying TCP/IP protocol for accessing remote computers.Telnet is unencrypted and sends clear text passwords and usernames through logins and should be disabled on all web servers and replaced with SSH.Some hosting providers are not disabling telnet by default but you should ensure that it has been turned off as it's a great security risk to your servers. TELNET server listens for incoming messages on port 23, and sends outgoing messages to port 23.

1. Login to your server through SSH and su to root.

2. Type pico /etc/xinetd.d/telnet

3. Look for the line: disable = no and replace with disable = yes

4. Now restart the inetd service: /etc/rc.d/init.d/xinetd restart

5. Turn off it through chkconfig as well because it can still start through that.
/sbin/chkconfig telnet off

6. Scan your server to ensure port 23 is closed.
nmap -sT -O localhost

Also run ps -aux | grep telnet and if you find anything other than "grep telnet" as result kill the process.

Tags:-Linux,telnet,disable telnet,differnece between telnet and ssh,ssh,telnet command,defenition,define telnet,ports
Posted by black wallpaper at 7:01 AM
Labels: , , ,

Wednesday, June 30, 2010

Mod_Security [Defenition and Installation Steps


Mod security is an open source web application firewall for intrusion detection and prevention engine for web applications and is most widely deployed in web applications.Mod Security v2.5.12 (change log) has been released. This release fixes several important issues to help prevent a detection bypass and denial of service attacks against Mod Security. Mode security provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

Requirements:
  • Apache Web Server 1.3x or 2.x
Note: We have confirmed this security addon works with Cpanel based servers.

How to install?
1. Login to your server through SSH and su to the root user.

2. First your going to start out by grabbing the latest version of mod_security
wget http://www.modsecurity.org/download/mod_security-1.7.4.tar.gz

3. Next we untar the archive and cd into the directory:
tar zxvf mod_security-1.7.4.tar.gz
cd mod_security-1.7.4/

4. Now you need to determine which version of apache you use:
APACHE 1.3.x users
cd apache1/
APACHE 2.x users
cd apache2/

5. Lets Compile the module now:
/usr/local/apache/bin/apxs -cia mod_security.c

6. Ok, now its time to edit the httpd conf file. First we will make a backup just incase something goes wrong:

cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup

7. Now that we have backed it all up, we can edit the httpd.conf. Replace pico with nano depending on what you have

pico /usr/local/apache/conf/httpd.conf
8. Lets look for something in the config, do this by holding control and pressing W and you are going to search for

(altho any of the IfModules would work fine)

9. Now add this


SecFilterEngine On

SecServerSignature "Apache"
SecFilterCheckUnicodeEncoding Off
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log
SecFilterScanPOST On

SecFilterDefaultAction "deny,log,status:403"

SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"

SecFilterSelective HTTP_Transfer-Encoding "!^$"

SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
SecFilter "../"

SecFilter "viewtopic\.php\?" chain
SecFilter "chr\(([0-9]{1,3})\)" "deny,log"

SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "scp "
SecFilterSelective THE_REQUEST "ftp "
SecFilterSelective THE_REQUEST "cvs "
SecFilterSelective THE_REQUEST "rcp "
SecFilterSelective THE_REQUEST "curl "
SecFilterSelective THE_REQUEST "telnet "
SecFilterSelective THE_REQUEST "ssh "
SecFilterSelective THE_REQUEST "echo "
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links -dump-charset "
SecFilterSelective THE_REQUEST "links -dump-width "
SecFilterSelective THE_REQUEST "links http:// "
SecFilterSelective THE_REQUEST "links ftp:// "
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "mkdir "
SecFilterSelective THE_REQUEST "cd /tmp "
SecFilterSelective THE_REQUEST "cd /var/tmp "
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
SecFilterSelective THE_REQUEST "/config.php?v=1&DIR "
SecFilterSelective THE_REQUEST "/../../ "
SecFilterSelective THE_REQUEST "&highlight=%2527%252E "
SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php "

# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"

# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script" # Prevent XSS atacks (HTML/Javascript injection) SecFilter "<(.|n)+>"


10. Save the file Ctrl + X then Y

11. Restart Apache

/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd start

Tags:-Mod_Security,mode_security,mode_security installation,mode_security configuration,define,linux,linux admin,linux webhosting
Posted by black wallpaper at 4:54 AM
Labels: , ,

Tuesday, June 29, 2010

Exim Commands and Configuration Files


Configuration Files of Exim :

  • /etc/exim.conf – exim main configuration file
  • /etc/localdomains – list of domains allowed to relay mail
  • Log : /var/log/exim_mainlog – incoming/outgoing mails are logged here
  • /var/log/exim_rejectlog – exim rejected mails are reported here
  • /exim errors are logged here
  • Mail queue: /var/spool/exim/input
  • Cpanel script to restart exim – /scripts/restartsrv_exim
  • Email forwarders and catchall address file – /etc/valiases/domainname.com
  • Email filters file – /etc/vfilters/domainname.com
  • POP user authentication file – /home/username/etc/domainname/passwd
  • catchall inbox – /home/username/mail/inbox
  • POP user inbox – /home/username/mail/domainname/popusername/inbox
  • POP user spambox – /home/username/mail/domainname/popusername/spam
  • Program : /usr/sbin/exim (suid – -rwsr-xr-x 1 root root )
  • Init Script: /etc/rc.d/init.d/exim
Trouble shooting and checking exim mail logs

1) Count the no of messages in the queue

#root@leo [~]# exim -bpc
3506
Here 3506 mails are in the queue.

2) Command To List All The Messages In The Queue.(Time, Size,Message ID,Sender,Receipient):-

#root@localhost# exim -bp
Other Options:- root@localhost#exim -bpru
If you want to list for the message for a particular domain issue the
following command:-
root@localhost# exim -bpru | grep openhelp.info

3) Command To Find The Details Of Messages In The Queue( Count, Volume,Oldest,Newest And Total):-

#root@localhost# exim -bp | exiqsumm
===========================
The result of the comand will be like this:-
1 3686 18h 18h ziro.net
1 1638 4d 4d znormativa.com
1 2662 11m 11m zoominternet.net
1 3174 24m 24m zpub.com
1 2048 2h 2h zufall.de
===========================
3583 18MB 9d 0m TOTAL

4) Command To Create And Display Exim Stats From The Log File:-

#root@localhost# eximstats /var/log/exim_mainlog
===========================================
The result of the command will be like this:-
sree @ openhelp.info = lookuphostT=remote_smtp:SMTP error from remote mail
server after end of data:mail.tripseinc.com [65.106.35.202]: 550 5.7.1
rquested action not taken: message refusedhost smtp.where.xeonerver.net
[18.19.80.14]:553 sorry, mail to that recipient is not accepted
Errors encountered: 9617
===========================================

5) Generate And Display Exim Stats For A Particular Date:-

#root@localhost# fgrep YYYY-MM-DD /var/log/exim_mainlog | eximstats
==============================================
The result of the command will be like this:-
Top 50 host destinations by message count
-----------------------------------------
Messages Bytes Average Host destination
Top 50 host destinations by volume
-----------------------------------------
Messages Bytes Average Host destination
Top 50 rejected ips by message count
-----------------------------------------
Messages Rejected ip
2 [65.98.14.123]
1 [65.98.35.126]
Top 50 temporarily rejected ips by message count
------------------------------------------------
Messages Temporarily rejected ip
8 [69.65.55.100]
============================================

6) To Print What Exim Is Doing Right Now:-

#root@localhost# exiwhat
======================================================
Result of this command will be like this:-
925 handling incoming connection from ([61.152.161.184]) [61.152.161.184]
1951 handling incoming connection from pc-206-216-44-190.cm.vtr.net [
190.44.216.206]
10714 daemon: no queue runs, listening for SMTP on port 26 (IPv4)
10720 daemon: -q1h, listening for SMTP on port 25 (IPv4)
10725 daemon: no queue runs, listening for SMTPS on port 465 (IPv4)
=====================================================

7)For Clearing All The Mails In The Queue:-

root@localhost#exim -bpru|awk {'print $3'}|xargs exim -Mrm

8)Search The Queue For Messages From A Specific Sender:-

root@localhost# exiqgrep -f [luser]@domain

9)Search The Queue For Messages From A Specific Receipient/Domain:-

root@localhost# exiqgrep -r [luser]@domain
Eg:-root@localhost# exiqgrep -r openhelp.info

10)Command To Print The Message ID’s In The Entire Queue:-

#root@localhost# exiqgrep -i
===========================
The Result of the command will be like this:-
1KZyz0-0004wH-6d
1KZzBW-0001sT-1j
===========================

11)Comand To Start A Queue Run:-

root@localhost# exim -q -v

12)Comand To Start A Queue Run For Just Local Deleveries:-

root@localhost# exim -ql -v

13)Counting The No Of Frozen Mails:-

#root@localhost#exim -bpru | grep frozen | wc -l

14)Deleting All The Frozen Mails In The Queue:-

#root@localhost#exiqgrep -z -i | xargs exim -Mrm

15)Deliver a specific Message:-

#root@localhost# exim -M

You need to give message Id After this.
Like :- root@localhost# exim -M 1KZyrO-0006Vy-R2

16)Remove A Message From The Queue:-

#root@localhost# exim -Mrm

17)Command To Freeze All Queued Mail From A Given Sender:-

root@localhost#exiqgrep -i -f l user @ domain.com | xargs exim -Mf

18)Command To View Message Header:-

#root@localhost# exim -Mvh
Eg:-root@localhost#exim -Mvh 1KZzeO-0005up-GW

19)Command To View MessageBody:-

#root@localhost# exim -Mvb
This Command will show the body of the message.
Eg:-root@localhost#exim -Mvb 2345fg-34

20)Command To View A Message’s Logs:-

#root@server1 [~]# exim -Mvl 1KZznJ-0003Wp-Vj

21)Deleting The Bounce Back Message s In The Queue:-

#root@leo [~]exiqgrep -if "<>" | xargs exim -Mrm
OR
#root@leo [~] exim -bp | grep '<>' | awk '{print $3}'| xargs exim -Mrm

Bounce Back Messages Will Be ending with "<>".

Eg:- 17m 3.1K 1KDDkk-0002YT-5G <>barry @ email.net

22)Deleting The Bounce Back Message’s for a particular Domain:-

root@xeon [~] exiqgrep -if openhelp.info | xargs exim -Mrm
root@xeon [~] exiqgrep -ir openhelp.info | xargs exim -Mrm

Tags:-exim,exim commands,exim issues,exim docs,exim troubleshooting,exim configuration files,exim server,exim logs,linux,linux exim,linux updates
Posted by black wallpaper at 4:54 AM
Labels: , , ,