Archive for July, 2010

Securing SSH

July 29th, 2010

Best Security Practice
The ideal ssh daemon would only allow login via SSH keys. This setup can easily be configured within WHM >> Manage SSH Keys, where you’ll create a SSH key for you to login with. Once you’ve created your key, and verified that you can login with it, you’ll want to go to WHM >> SSH Password Authorization Tweak, which will disable PasswordAuthentication in /etc/ssh/sshd_config.

Medium-security Configuration
If you have clients on your server that require PasswordAuthentication, you can still lock down SSH pretty well.

    Open /etc/ssh/sshd_config in your favorite editor 
 # vi /etc/ssh/sshd_config
    Disable direct root login

First, be sure that you have an alternate user configured in your environment that you can use to login via SSH. This user must also have privileges to “su” to root.

Then, set the “PermitRootLogin” directive to “no”. 

PermitRootLogin no
    Change the port that sshd listens on 
Port 221

Be sure to use a port equal to or less than 1024, as these are privileged ports that only root or a super-user can set daemons to listen on. If you were to configure sshd to listen on port 11223, and a user was able to take down sshd, they could then start their own sshd daemon in place of yours.

    State which users may login via SSH

If you want to only allow certain users to login via SSH, implement the “AllowUsers” directive:

AllowUsers bob frank

This will only allow ‘bob’ and ‘frank’ to login via SSH.

    Save and Restart SSH

Now save the file and restart the sshd service:

service sshd restart
Share

No comments »

Posted in Command Line, Security

Tags:

Locate command not found

July 29th, 2010

Error:

# locate filename
-bash: locate: command not found

This indicates that the “slocate” package is not installed. Install it with:

yum -y install slocate

Then update the database with:

# updatedb
Share

No comments »

Posted in Command Line, Linux

Tags:

cPanel Log Locations

July 29th, 2010

cPanel Log File Locations

This is a shortlist of various log files for various applications on your Cpanel VPS.

cPanel Installation Logs:
/var/log/cpanel-install-thread0.log

Apache:
/usr/local/apache/logs/access_log
/usr/local/apache/logs/error_log

Apache domlogs:
/usr/local/apache/domlogs/example.com

Apache SUEXEC Logs:
/usr/local/apache/logs/suexec_log

MySQL
/var/lib/mysql/hostname.err

BIND (named) Log:
/var/log/messages

Exim
/var/log/exim_mainlog
/var/log/exim_paniclog
/var/log/exim_rejectlog

Courier or Dovecot IMAP
/var/log/maillog

Tomcat Logs:
/usr/local/jakarta/tomcat/logs/catalina.err
/usr/local/jakarta/tomcat/logs/catalina.out

cPanel Access Log:
/usr/local/cpanel/logs/access_log

cPanel Error Log:
/usr/local/cpanel/logs/error_log

cPanel License Log:
/usr/local/cpanel/logs/license_log

Stats Execution Logs:
/usr/local/cpanel/logs/stats_log

ChkServd (cPanel Monitoring Daemon) Logs:
/var/log/chkservd.log

cPHulkd
/usr/local/cpanel/logs/cphulkd.log

cPanel Backup Logs:
/usr/local/cpanel/logs/cpbackup/*.log

Pure-FTP
/var/log/messages
/var/log/xferlog (symlinked to /usr/local/apache/domlogs/ftpxferlog)

Cron Logs:
/var/log/cron

SSH Logs:
/var/log/secure

ModSecurity:
/usr/local/apache/logs/modsec_audit.log
/usr/local/apache/logs/modsec_debug_log

Share

No comments »

Posted in cPanel, Logs

Tags:

How to Install CSF

July 29th, 2010

How to install CSF (ConfigServer Security & Firewall)

# cd /usr/src/
# wget http://www.configserver.com/free/csf.tgz
# tar -xzf csf.tgz
# cd csf
# ./install.sh
(On cPanel servers, run ./install.cpanel.sh instead — it will auto-configure the ports opened).

The initial installation is complete, and you can now view the plugin at WHM >> Plugins >> “Config Server Security and Firewall”.

To configure CSF via SSH, edit /etc/csf/csf.conf and make your changes.

When your configuration is complete, you need to set the following in /etc/csf/csf.conf to disable “TESTING” mode and enable your firewall:

TESTING = “1″
to
TESTING = “0″

Lastly, restart CSF to enable all settings:

# csf -r

Share

No comments »

Posted in Security, Third Party Software

Lowest numbered MX record points to localhost

July 29th, 2010

If you see the following in exim’s main_log:

temporarily rejected RCPT : lowest numbered MX record points to local host

This indicates that the domain doesn’t exist in /etc/localdomains. Edit the file with your favorite editor and ensure it’s listed there.

At the same time, you’ll want to ensure it isn’t listed in /etc/remotedomains.

Share

No comments »

Posted in Exim

Yum rpmdb open failed

July 29th, 2010

Error: rpmdb open failed

This error occurs most frequently when the rpm database is corrupted. See below for instructions on how to rebuild the rpm database.

# yum update
Loaded plugins: fastestmirror
error: no dbpath has been set
error: cannot open Packages database in /%{_dbpath}
Traceback (most recent call last):
File "/usr/bin/yum", line 29, in ?
yummain.user_main(sys.argv[1:], exit_code=True)
File "/usr/share/yum-cli/yummain.py", line 309, in user_main
errcode = main(args)
File "/usr/share/yum-cli/yummain.py", line 157, in main
base.getOptionsConfig(args)
File "/usr/share/yum-cli/cli.py", line 187, in getOptionsConfig
self.conf
File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 664, in
conf = property(fget=lambda self: self._getConfig(),
File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 239, in _getConfig
self._conf = config.readMainConfig(startupconf)
File "/usr/lib/python2.4/site-packages/yum/config.py", line 804, in readMainConfig
yumvars['releasever'] = _getsysver(startupconf.installroot, startupconf.distroverpkg)
File "/usr/lib/python2.4/site-packages/yum/config.py", line 877, in _getsysver
idx = ts.dbMatch('provides', distroverpkg)
TypeError: rpmdb open failed

The most common fix is as follows:

# yum clean all
# rm -f /var/lib/rpm/__db*
# rpm –rebuilddb
# yum update

However, if this is a VZ container (VPS), the following may be required:

#mv /dev/urandom /dev/urandom.back
#mknod -m 644 /dev/urandom c 1 9

Share

No comments »

Posted in Command Line, OpenVZ

Tags:

Reinstall Mailman

July 29th, 2010

If you run into an issue where you need to reinstall Mailman, you can do so with the following:

# /usr/local/cpanel/bin/mailman-install --force

Share

No comments »

Posted in Mail

Tags:

Install chkrootkit

July 29th, 2010

How to Install chkrootkit:

# cd /usr/src
# wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
# tar -xvzf chkrootkit.tar.gz
# cd chkrootkit-*/
# make sense

After that it is ready to use and you can simply type:
# ./chkrootkit

Share

No comments »

Posted in Command Line

Tags:

Troubleshooting cPanel License Issues

July 29th, 2010

If you get an error message that your cPanel instance is not activated, and you believe this to be in error, here are some steps for troubleshooting:

1. Re-check in with the license servers:
/usr/local/cpanel/cpkeyclt

If you see the following, you’re in good shape:

# /usr/local/cpanel/cpkeyclt
Updating cPanel license...Done. Update succeeded.
Building global cache for cpanel...Done

2. If that doesn’t work, you’ll want to go to the cPanel License Verification System to ensure your license is still valid.

3. If the IP is licensed properly, check the server to see if cPanel is detecting the correct IP address for your install:
# curl cpanel.net/apps/myip/

Running that command should return your base IP address. If it doesn’t, then there is a networking issue, or the wrong IP address is licensed.

4. If all else fails, open a ticket with cPanel Customer Service.

Share

No comments »

Posted in cPanel

Tags:

How to Increase the Serial Number For All DNS Zones

July 29th, 2010

NDCHost has made available a nice script that will increase the serial numbers for all DNS zones:

# cd /sbin
# rm -f updateserial
# wget http://www.ndchost.com/cpanel-whm/scripts/updateserial/download.php
# chown root.root updateserial
# chmod 0750 updateserial
# /sbin/updateserial -d /var/named

To activate your changes, be sure to reload rndc:
# rndc reload

Share

No comments »

Posted in Command Line, DNS, Scripts

Tags:


cPanel Web Site Hosting by IntraHost