Account level filters:
/home/user/.filter
User Level Filters:
/home/user/.cpanel/filter.yaml
Change directories and download the source
# cd /usr/src/
# wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.3.6/rkhunter-1.3.6.tar.gz?use_mirror=cdnetworks-us-1
Extract the source
# tar -xvzf rkhunter-1.3.6.tar.gz
Change into the directory and do a default install
# cd rkhunter-1.3.6
# sh installer.sh --install --layout default
If you want to do a custom install, run the installer to see usage:
# sh installer.sh
Your PHP handler and SuExec configuration can be modified in WHM >> Apache Configuration >> PHP and SuExec Configuration, but if you’d like to make your change via SSH, you can use rebuild_phpconf.
Note: with this utility, you can not add new handlers, or enable an alternate PHP version if it’s not installed. You’d need to use EasyApache to enable that change.
What’s my current configuration?
# /usr/local/cpanel/bin/rebuild_phpconf --current
Available handlers: suphp dso cgi none
DEFAULT PHP: 5
PHP4 SAPI: none
PHP5 SAPI: suphp
SUEXEC: enabled
Let’s say I wanted to switch to DSO, keeping PHP4 disabled, and SuExec enabled:
# /usr/local/cpanel/bin/rebuild_phpconf 5 none fcgi 1
For reference, the usage details:
Usage: /usr/local/cpanel/bin/rebuild_phpconf [--dryrun] [--no-restart] [--no-htaccess] [--current|--available]
--dryrun : Only display the changes that would be made
--no-restart : Don't restart Apache after updating the php.conf link
--no-htaccess : Don't update user configurable PHP mime mapping.
--current : Show current settings
--available : Show available handlers and PHP SAPIs
cPanel disables the installation of a number of RPMs, and with good reason. cPanel installs some of these packages via source, and others are modified by cPanel prior to installing them via “upcp”.
This post is here for reference of the default excludes. Excluded packages should not be removed from /etc/yum.conf, as doing so is very likely to break integration with cPanel!
# grep exclude /etc/yum.conf
exclude=apache* bind-chroot courier* dovecot* exim* httpd* mod_ssl* mysql* nsd* perl* php* proftpd* pure-ftpd* ruby* spamassassin* squirrelmail*
ERROR: RESULT: csf will not function on this server due to FATAL errors from missing modules [4]
CSF will work well in VZ containers, but needs specific iptables modules enabled. Below you’ll see how to enable these modules for use for all containers.
root@server [/csf]# perl csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...FAILED [FATAL Error: iptables: Unknown error 18446744073709551615] - Required for csf to function
Testing ipt_multiport/xt_multiport...FAILED [FATAL Error: iptables: Unknown error 18446744073709551615] - Required for csf to function
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: Unknown error 18446744073709551615] - Required for csf to function
Testing ipt_limit/xt_limit...FAILED [FATAL Error: iptables: Unknown error 18446744073709551615] - Required for csf to function
Testing ipt_recent...FAILED [Error: iptables: Unknown error 18446744073709551615] - Required for PORTFLOOD feature
Testing ipt_owner...FAILED [Error: iptables: Unknown error 18446744073709551615] - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...FAILED [Error: iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for MESSENGER feature
RESULT: csf will not function on this server due to FATAL errors from missing modules [4]
SOLUTION
Edit /etc/vz/vz.conf, and comment out the line starting with IPTABLES. Then, insert the following:
IPTABLES="ipt_REDIRECT ipt_owner ipt_recent iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc"
Be sure that the entire IPTABLES string is on a single line, and you’re all set.
http://code.google.com/p/clamav-cron/
Download clamav-cron somewhere like /usr/local/bin/ and give it execute permission:
# wget http://clamav-cron.googlecode.com/files/clamav-cron-0.6 -O /usr/local/bin/clamav-cron
# chmod 755 /usr/local/bin/clamav-cron
Open the clamav-cron script with your editor and edit the “User configuration” section following the instructions.
Schedule the task using crond. Run crontab -e from the command-line and schedule your run of the task.
45 23 * * 6 /usr/local/bin/clamav-cron /home
If you’re lacking notes on what motherboard or RAM you’ve got, and don’t want to take your server offline to check, dmidecode comes to the rescue!
root@gamma [~]# dmidecode
# dmidecode 2.10
SMBIOS version fixup (2.31 -> 2.3).
SMBIOS 2.3 present.
Handle 0x0012, DMI type 16, 15 bytes
Physical Memory Array
Location: System Board Or Motherboard
Use: System Memory
Error Correction Type: Single-bit ECC
Maximum Capacity: 512 MB
Error Information Handle: Not Provided
Number Of Devices: 6
Handle 0x0013, DMI type 17, 27 bytes
Memory Device
Array Handle: 0x0012
Error Information Handle: No Error
Total Width: 72 bits
Data Width: 64 bits
Size: 1024 MB
Form Factor: DIMM
Set: 1
Locator: DIMM#1A
Bank Locator: BANK1
Type: DDR
Type Detail: Synchronous
Speed: 266 MHz
Manufacturer: Not Specified
Serial Number: Not Specified
Asset Tag: Not Specified
Part Number: Not Specified
Handle 0x0014, DMI type 17, 27 bytes
Memory Device
Array Handle: 0x0012
Error Information Handle: No Error
Total Width: 72 bits
Data Width: 64 bits
Size: 1024 MB
Form Factor: DIMM
Set: 1
Locator: DIMM#1B
Bank Locator: BANK1
Type: DDR
Type Detail: Synchronous
Speed: 266 MHz
Manufacturer: Not Specified
Serial Number: Not Specified
Asset Tag: Not Specified
Part Number: Not Specified