cat /usr/local/directadmin/scripts/setup.txt
directadmin mysql root password
Leave a reply
Monthly Archives: December 2015
linux split file
dd if=/dev/zero of=testas bs=1M count=1000
split -b 500M testas test.
-rw-r–r–. 1 root root 524288000 Dec 30 19:09 test.aa
-rw-r–r–. 1 root root 524288000 Dec 30 19:09 test.ab
Putting back:
cat test.* > t1
Check:
e5c834fbdaa6bfd8eac5eb9404eefdd4 testas
e5c834fbdaa6bfd8eac5eb9404eefdd4 t1
cpanel to directadmin
You need use this script: da.cpanel.import.9.4.tar
md5sum da.cpanel.import.9.4.tar.gz
410d0706a4ef4b35677621ecdbf23308 da.cpanel.import.9.4.tar.gz
linux secure smtp
iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mail -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mailman -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable
directadmin enable wildcard
ServerAlias *.|DOMAIN|
PHP Startup: : Unable to initialize module
php -v
PHP Startup: : Unable to initialize module.
If module file exists, so you need to check module with ldd if all shared libraries are correctly linked.
iptables block outgoing website bruteforce
iptables -I OUTPUT 1 -p tcp --syn --dport 80 -m owner --uid-owner 777 -j DROP
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 flags:0x17/0x02 owner UID match 777
Where 777 USERID
linux find outgoing bruteforce login
To detect potential WP bruteforce, for example hacked-joomla/brobot:
iptables -I OUTPUT 1 -p tcp -m tcp --dport 80 -m string --string "wp-login.php" --algo kmp --to 1024 -j LOG --log-prefix "WP Attack detected" --log-level 1 --log-uid
Joomla:
iptables -I OUTPUT 1 -p tcp -m tcp --dport 80 -m string --string "com_jce" --algo kmp --to 1024 -j LOG --log-prefix "Joomla Attack detected" --log-level 1 --log-uid
Output:
Dec 29 23:52:12 srv3 kernel: [22412308.314039] Potential WP Attack detectedIN= OUT=eth0 SRC=xx.xx.xx.xx DST=198.252.100.85 LEN=188 TOS=0x00 PREC=0x00 TTL=64 ID=37222 DF PROTO=TCP SPT=46450 DPT=80 WINDOW=115 RES=0x00 ACK PSH URGP=0 UID=715 GID=713
Dec 29 23:52:12 srv3 kernel: [22412308.328190] Potential WP Attack detectedIN= OUT=eth0 SRC=xx.xx.xx.xx DST=104.131.217.204 LEN=190 TOS=0x00 PREC=0x00 TTL=64 ID=13301 DF PROTO=TCP SPT=42115 DPT=80 WINDOW=115 RES=0x00 ACK PSH URGP=0 UID=715 GID=713
Dec 29 23:52:12 srv3 kernel: [22412308.329115] Potential WP Attack detectedIN= OUT=eth0 SRC=xx.xx.xx.xx DST=212.193.244.153 LEN=196 TOS=0x00 PREC=0x00 TTL=64 ID=38575 DF PROTO=TCP SPT=47104 DPT=80 WINDOW=115 RES=0x00 ACK PSH URGP=0 UID=715 GID=713
Dec 29 23:52:12 srv3 kernel: [22412308.356597] Potential WP Attack detectedIN= OUT=eth0 SRC=xx.xx.xx.xx 1 DST=64.14.68.57 LEN=206 TOS=0x00 PREC=0x00 TTL=64 ID=26797 DF PROTO=TCP SPT=35146 DPT=80 WINDOW=115 RES=0x00 ACK PSH URGP=0 UID=715 GID=713
Dec 29 23:52:12 srv3 kernel: [22412308.363773] Potential WP Attack detectedIN= OUT=eth0 SRC=xx.xx.xx.xx DST=67.208.74.94 LEN=201 TOS=0x00 PREC=0x00 TTL=64 ID=6945 DF PROTO=TCP SPT=54748 DPT=80 WINDOW=115 RES=0x00 ACK PSH URGP=0 UID=715 GID=713
linux find user name by id
id
uid=1004(vit) gid=1004(vit) groups=1004(vit)
getent passwd 1004
vit:x:1004:1004::/home/vit:/bin/bash
or just:
grep 1004 /etc/passwd
php apc cache magento
extension = apc.so
[APC]
apc.enabled = 1
apc.optimization = 0
apc.shm_segments = 1
apc.shm_size = 128
apc.ttl = 7200
apc.user_ttl = 7200
apc.num_files_hint = 1024
apc.mmap_file_mask = /tmp/apc.XXXXXX
apc.enable_cli = 1
apc.cache_by_default = 1
apc.max_file_size = 10M
apc.stat = 1
;apc.include_once_override = 1
wget save location
wget -P …
initrd vs initramfs linux
initramfs is a Linux 2.6 and above feature made up from a cpio archive of files that enables an initial root filesystem and init program to reside in kernel memory cache, rather than on a ramdisk, as with initrd filesystems.
with initramfs, you create an archive with the files which the kernel extracts to a tmpfs.
intramfs can increase boot-time flexibility, memory efficiency, and simplicity
dracut is the tool used to create the initramfs image.
initramfs location of init : /init
initrd is for Linux kernels 2.4 and lower
initrd is deprecated and is replaced by initramfs
initrd requires at least one file system driver be compiled into the kernel
initrd is a ram based block device which means that it required a fixed block of memory even if unused and as a block device, it requires a file-system, initramfs is file based (cpio of files)
kdump uses initrd -> /boot/initrd-2.6.32-358.2.1.el6.x86_64kdump.img
mkinitrd is the tool used to create the initrd image.
initrd location of init : /sbin/init
mkdumprd -v -d -f /boot/initrd-`uname -r`kdump.img `uname -r`
mkdumprd creates the initrd for kdump.
Lets create initramfs:
yum install -y dracut-network
# /etc/dracut.conf
# add the VMware network driver
sed -i 's/add_drivers+=\"\"/add_drivers+=\"vmxnet3\"/' /etc/dracut.conf
sed -i 's/#add_dracutmodules+=\"\"/#add_dracutmodules+=\"network nfs\"/' /etc/dracut.conf
# Re-Build /boot/initramfs-2.6.32-358.2.1.el6.x86_64.img
dracut -f
# lsinitrd | grep vmxnet3.ko
-rwxr--r-- 1 root root 78040 Apr 4 10:51 lib/modules/2.6.32-358.2.1.el6.x86_64/kernel/drivers/net/vmxnet3/vmxnet3.ko
# grep initramfs-$(uname -r) /etc/grub.conf
initrd /initramfs-2.6.32-358.2.1.el6.x86_64.img
linux search only root partition
find / -xdev -name messages
If /var have separate partition you will not find messages file.
directadmin install soap
mkdir /usr/local/DirectAdmin/custombuild/custom
mkdir /usr/local/DirectAdmin/custombuild/custom/ap2
cp /usr/local/DirectAdmin/custombuild/configure/ap2/configure.php5 /usr/local/DirectAdmin/custombuild/custom/ap2/configure.php5
echo “–enable-soap” >> /usr/local/DirectAdmin/custombuild/custom/ap2/configure.php5
cd /usr/local/DirectAdmin/custombuild/
./build php n
fastest way delete files
perl -e 'for(<*>){((stat)[9]<(unlink))}' it more faster than find ./ -type f -delete or using rsync --delete