HolHost.com Blog Server administrators blog

23Nov/15Off

How to disable RC4 cipher in Apache/ disable RC4 cipher in Amazon load balencer

One of the site security scan report shows me that our webserver has vulnerabilities as it is supporting RC4 cipher in SSL/TLS encryption. So how to disable it?

Disabling RC4 cipher in Apache webserver.

Here are the two steps:

1. Add this line on “/etc/sysconfig/httpd” file (I’m using RedHat OS)

OPENSSL_NO_DEFAULT_ZLIB=1

2. Add the following lines in your virtualhost area created for https.

SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5
SSLCompression Off

Now you almost done !! You can verify it over https://www.ssllabs.com/ssltest/analyze.html

In my case, I’m still getting the same error showing that it is still enabled. Here is the trick, I got to know that Amazon Elastic Loadbalencer is doing SSL acceleration for my project and this should be done on that area.

a. Go to Loadbalencer area and choose your LB, Click on “Change cipher
b. Choose “Custom LB policy”
c. Un check RC4-SHA and ECDHE-ECDSA-RC4-SHA and save

Then re-run the SSL lab test and you will see the result finally !!

LB02

Tagged as: , Comments Off
23Nov/15Off

Basic SSH Linux Commands for every hosting administrator

Here are numerous regular Linux charges that will be useful to you, in the event that you ever even utilize the order line interface in Linux. Most normal clients simply utilize the graphical client interface rather which more often than not has numerous apparatuses and front-finishes to Linux basic summons. This Linux instructional exercise on charge orders will even the normal client in the event that X server accidents, comes up short, is not appropriately designed, and so on. So keep perusing for a portion of the more basic Linux bash charges.

  • ls Displays everything in the current directory
  • ls -a Displays all files, including hidden
  • ls -l Displays all files, along with the size and timestamp
  • tar -zxpf Uncompresses tar.gz files
  • tar -xpf Uncompresses .tar files
  • gunzip Uncompresses .gz files
  • cp /path/to/old /path/to/new Copies a file to a new file
  • mv /path/to/old /path/to/new Moves a file to a new file, or rename
  • mkdir Creates a directory
  • rmdir Deletes a directory
  • rm Deletes a file
  • rm -rf Deletes a directory
  • cd /path/to/dir Moves to a directory
  • cd .. Move up one directory
  • cd ~ Moves to your home directory
  • cd – Moves to the previous directory
  • pwd Displays the present working directory (the one you’re in)
  • pico Edits a file
  • ftp Connect to a FTP server
  • lynx View a webpage
  • df Displays the hard drive stats
  • quota Displays your quota
  • uptime Displays the uptime of the server
  • uname -a Displays the operating system stats
  • whoami Displays your info
  • who Displays others connected to the server
  • last Displays the last login
  • whereis Tells where a file is located
  • BitchX IRC Client
  • mail Check your email
  • ps -x Displays processes your running
  • ps -a Displays all processes running
  • ps -ux Displays running processes, with CPU/Memory usage
  • kill pid# Kills a process
  • kill -9 pid# Kills an eggdrop process
  • killall proc_name Kills all running process of the same type
  • whatis Description of commands
  • man command Displays help on the command (manual)
  • nano Same as Pico (Use yum install nano if it doesn’t first work)
  • Top – gives an overall view of what is going on with the server including memory usage, serve load and running processes “q” to exit top
  • sar -q gives a report of the process list, 1 minute and 5 minute average load every 10 minutes since midnight server time
  • tar -zcf filename.tar.gz file Tars up the file or directory of your choice, replace filename.tar.gzwith the name you want your tar file to have…with the tar.gz extension on the end and replace file with the file or directory you want to tar up. Can also use a path/to/file for both.
  • updatedb – Updates the locate/search DB.

netstat -n -p
Useful to see who is connected to your server, this also resolves hostnames to IP addresses and the -p switch shows you what each person connected is doing and provides a PID for it if there is one… useful if you need to kill something

find / -user username
Replace username with a username of one of your account to find all the files that belong to them. Also useful to add the |more switch so you can scroll one screen at a time. Ever have a client who seems to show a lot more files than are actually in their home directory? This is how you find those files and fix them. Common problem is cpmove files that don’t get properly deleted and get added to a users account.

/scripts/pkgacct2 username
Replace username with a user on your system. This should be done from the home directory. Useful for manually backing up an account if whm copy account doesn’t work. Then just move (mv) the file to a home directory accessible via the web and
chown user.user filename
and chmod to 750 or 755 and you can wget it from a different server if need be.

/scripts/restorepkg username
Once you’ve got the file and need to unpack it you use this command. The file should be in the /home directory to use this though. Remember folks…. username…. not cpmove-username.tar.gz

crontab -e
edit the crontab file and see what is set to run in there.

–help (add to end of the command following a single space)
Such as tar –help, similar to man it digs up info on any given command.

tail -10 filename
gives you the last 10 lines of a file. Can change the # to whatever you want.

cp -R FileOrDirectory path/to/destination
the -R allows you to copy an entire directory to somewhere else.

kill -9
not just for eggdrops… it’s called a “hard kill” and handy for killing off any stubborn process that refuses to die.

whereis filename (use the * as a wildcard or for broader search)
can also use locate or find (although locate is faster)

killall
not just for killing programs.. you can also killall to kill all processes being run by a user. Handy if you have an abuser eating up system resources.

RESTART SERVICES:

service servicename restart

Stop a service:
service servicename stop

Start a service:
service servicename start

Status (doesn’t work on all):
service servicename status

On a RedHat CPanel server, here are the useful services: (CentOS, x10′s default OS for VPSs, is a stripped-down RedHat OS.)
bandmin
chkservd
cpanel
crond
exim
httpd
mysql
named
proftpd

CRON INFO:

Root crontab: (can be used by any user with crontab permissions to edit their crontab. If you are running this as “root” it will edit root’s crontab, and the same goes for any other user. When “bob” runs crontab -e, he will edit his own crontab and not root’s, though he can only edit his own crontab if he has permissions.)
crontab -e

To edit a users cron jobs: (run as a super-user, such as root. not available to regular users.)

crontab -u username -e

Replace username with the actual username of the client you want to edit.

(We’re still talking about RedHat [CentOS] that is running cPanel below. You can do most, if not all, of this from the WHM, so feel free to skip ahead a bit. :P )

  • /scripts/adddns Add a Dns Entry
  • /scripts/addfpmail Install Frontpage Mail Exts
  • /scripts/addservlets Add JavaServlets to an account (jsp plugin required)
  • /scripts/adduser Add a User
  • /scripts/admin Run WHM Lite
  • /scripts/apachelimits Add Rlimits (cpu and mem limits) to apache.
  • /scripts/dnstransfer Resync with a master DNS Server
  • /scripts/editquota Edit A User’s Quota
  • /scripts/finddev Search For Trojans in /dev
  • /scripts/findtrojans Locate Trojan Horses
  • Suggested Usage:
  • /scripts/findtrojans < /var/log/trojans
  • /scripts/fixtrojans < /var/log/trojans
  • /scripts/fixcartwithsuexec Make Interchange work with suexec
  • /scripts/fixinterchange Fix Most Problems with Interchange
  • /scripts/fixtrojans Run on a trojans horse file created by findtrojans to remove them
  • /scripts/fixwebalizer Run this if a user’s stats stop working
  • /scripts/fixvaliases Fix a broken valias file
  • /scripts/hdparamify Turn on DMA and 32bit IDE hard drive access (once per boot)
  • /scripts/initquotas Re-scan quotas. Usually fixes Disk space display problems
  • /scripts/initsuexec Turn on SUEXEC (probably a bad idea)
  • /scripts/installzendopt Fetch + Install Zend Optimizer
  • /scripts/ipusage Display Ipusage Report
  • /scripts/killacct Terminate an Account
  • /scripts/killbadrpms Delete \”Security Problem Infested RPMS\”
  • /scripts/mailperm Fix Various Mail Permission Problems
  • /scripts/mailtroubleshoot Attempt to Troubleshoot a Mail Problem
  • /scripts/mysqlpasswd Change a Mysql Password
  • /scripts/quicksecure Kill Potential Security Problem Services
  • /scripts/rebuildippool Rebuild Ip Address Pool
  • /scripts/remdefssl Delete Nasty SSL entry in apache default httpd.conf
  • /scripts/restartsrv Restart a Service (valid services: httpd,proftpd,exim,sshd,cppop,bind,mysql)
  • /scripts/rpmup Syncup Security Updates from RedHat/Mandrake
  • /scripts/runlogsnow Force a webalizer/analog update.
  • /scripts/secureit Remove non-important suid binaries
  • /scripts/setupfp4 Install Frontpage 4+ on an account.
  • /scripts/simpleps Return a Simple process list. Useful for finding where cgi scripts are running from.
  • /scripts/suspendacct Suspend an account
  • /scripts/sysup Syncup Cpanel RPM Updates
  • /scripts/ulimitnamed RH 6 only. Install a version of bind to handle many many zones.
  • /scripts/unblockip Unblock an IP
  • /scripts/unsuspendacct UnSuspend an account
  • /scripts/upcp Update Cpanel
  • /scripts/updatenow Update /scripts
  • /scripts/wwwacct Create a New Account

 

Empty /tmp folder

rm -R -f /tmp/c*
rm -R -f /tmp/s*
rm -R -f /tmp/p*
rm -R -f /tmp/*_*
rm -R -f /tmp/*-*

Dedicated servers.

23Nov/15Off

Why cPanel AWStats is Not Updating Automatically?

AWStats is one of the maximum usually using cPanel tool to analyse internet site site visitors summary. you may analyse loads of factors from here like range of visits, Pages, Hits, Bandwidth and so on. In some extraordinary conditions, you can get this problem with AWStats, it’s not updating mechanically. There are a variety of reasons at the back of this hassle including document permission. here I’m listing a few points to check if you acquire this problem with AWStats.

Awstats location:
You can simply access and analyse this from the cPanel itself. Please do follow the steps:

1, Log into cPanel.
2, Move to;

Logs >> AWStats

How to update AWStats manually?

You can do this from cPanel and also from the command line. You must have root access to server. You can do this:

1, SSH to server as root.
2, Execute:

/scripts/runweblogs $user-name

Why AWStats is not updating automatically?

1, SSH to server as root.

2, Change the directory to:

/home/user/tmp/awstats

There are the conf files for domains under that particular cPanel account. We need to make sure that the directive “AllowToUpdateStatsFromBrowser” is set to 1.

grep AllowToUpdateStatsFromBrowser awstats.example.com.conf

Example:

root@tsting [/home/****/tmp/awstats]# grep AllowToUpdateStatsFromBrowser awstats.servernoobs.com.conf
# Warning: If you want to be able to use the "AllowToUpdateStatsFromBrowser"
AllowToUpdateStatsFromBrowser=1

Also please check the permission of “/usr/local/cpanel/3rdparty/bin/awstats.pl” file. It must be 775.

# ll /usr/local/cpanel/3rdparty/bin/awstats.pl
-rwxrwxr-x. 1 root root 679172 Aug 23 2009 /usr/local/cpanel/3rdparty/bin/awstats.pl*

You can see our VPS Plans.

2Oct/15Off

How to install Memcache and Memcached on WHM/cPanel

Hello,
Without wasting much time, Let us get started!

Follow these simple instructions to install Memcache and Memcached:

Step 1: Login into your WHM panel and using easyapache enable Memcache (you must recompile apache)

Step 2: SSH into your server and fire this command:
yum install memcached.x86_64 php-pecl-memcache.x86_64

Step 3: Go to Software -> Module Installers -> PHP Pecl, Search for memcache and then install both memcache & memcached

Step 4: Restart apache once, Fire: service httpd restart

Step 5: Start memcache by firing this command: memcached -d -m 512 -l 127.0.0.1 -p 11211 -u nobody
(d = daemon, m = memory, u = user, l = IP to listen to, p = port)

Step 6: Check your memcached server is running successfully: ps -eaf | grep memcached

All Done! If everything goes good, You should now be able to use memcached within your application.

Enjoy Caching!

8Apr/13Off

make: *** [ffmpeg_frame.lo] Error 1 – error when installing ffmpeg-php

If you're obtaining the subsequent error whereas aggregation the most recent unharness of ffmpeg-php-0.6.0 , this article will allow you to savvy to induce this fix.

Error:

/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c: In function âzim_ffmpeg_frame_toGDImageâ:
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: âPIX_FMT_RGBA32â undeclared (first use in this function)
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: (Each undeclared identifier is reported only once
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: for each function it appears in.)
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c: In function âzim_ffmpeg_frame_ffmpeg_frameâ:
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:421: error: âPIX_FMT_RGBA32â undeclared (first use in this function)
make: *** [ffmpeg_frame.lo] Error 1

Solution:-

Under the ffmpeg-php-0.6.0 directory modify the file: ffmpeg_frame.c with nano or vi editor and replace every instance of PIX_FMT_RGBA32 with PIX_FMT_RGB32

# nano ffmpeg_frame.c
# Search for PIX_FMT_RGBA32 and replace it with PIX_FMT_RGB32
# Exit from the editor

Then run the following commands:

# cd /usr/local/src/ffmpeg-php-0.6.0
# cp -aP ffmpeg_frame.loT ffmpeg_frame.lo
# make clean
# ./configure
#   make
#   make install

This should fix the errors given above. Finally add the ffmpeg.so extension in php.ini and check phpinfo for the server you should see ffmpeg listed.