User:Kj4
1. Centos/cPanel Scripts
Fix file permissions for *all* files under /home/username (entire cPanel account). I recommend running it screened, it can take a while on larger accounts:
curl -s http://git.grou.pl/pawel/cpanel-scripts/raw/master/fixperms | bash /dev/stdin username
Install and run eximreport2, which generates a neatly sorted view of the last 24 hours of /var/log/exim_mainlog , suitable to include in emailed reports.
cd /usr/local/sbin && wget http://huhwh.at/scripts/eximreport2/eximreport2 && chmod +x ./eximreport2
- Once installed, can be run as
/usr/local/sbin/eximreport2
List relevant account information, with a given domain, example.com
curl -s http://143.95.62.148/scripts/acctinfo.sh | sh /dev/stdin example.com
2. Centos/cPanel/Exim
Print a count of the messages in the queue:
root@localhost# exim -bpc
Print a listing of the messages in the queue (time queued, size, message-id, sender, recipient):
root@localhost# exim -bp
Remove all messages older than five days (86400 * 5 = 432000 seconds):
root@localhost# exiqgrep -o 432000 -i | xargs exim -Mrm
Print a list of messages in queue, sorted by To: address, least to greatest count.
exim -bp | egrep --only-matching '[A-Za-z0-9.-]+@[A-Za-z0-9.-]+' | sort | uniq -c | sort -n
SPAM Triage for a suspect cPanel/CentOS Server:
- Go To: http://www.spamcop.net/bl.shtml
- Enter IP Address, click
Enter IP Addressbutton. - Record any reported blacklists.
- click
(SenderBase Lookup) - Verify rDNS is correct, review SPAM volume report, additional blacklists, record information.
- Search for any additional blacklisting at: http://multirbl.valli.org and http://mxtoolbox.com/
Note: It is recommended that all SPAM activity be abated before attempting delist of any host.
3. Wordpress
Determine installed versions and locations of Wordpress under current working directory:
find ./ -name "version.php" | xargs grep "wp_version ="
Determine all installed versions on Centos/WHM/cPanel server:
find /home/*/public_html/ -name "version.php" | xargs grep "wp_version ="
Wordpress Comment Spam
Here follows the procedure to disable core Wordpress scripts for the purpose of mitigating Comment Spam http://en.wikipedia.org/wiki/Comment_spam
- Note: Be aware that this will render the site inoperative, including wp-admin access. Also, it will disable all Wordpress sites under the directory it is run from. The intent with this script is to avoid suspending the account, and prevent blacklisting, whilst allowing the customer access via cPanel/SSH/FTP, so they can address the issue.
find . -type f \( -name "wp-comments-post.php" -o -name "wp-cron.php" -o -name "wp-login.php" -o -name "wp-signup.php" -o -name "wp-register.php" -o -name "wp-mail.php" -o -name "xmlrpc.php" -o -name "admin-ajax.php" \) |xargs chmod 000
List the current permissions of the same disabled scripts:
find . -type f \( -name "wp-comments-post.php" -o -name "wp-cron.php" -o -name "wp-login.php" -o -name "wp-signup.php" -o -name "wp-register.php" -o -name "wp-mail.php" -o -name "xmlrpc.php" -o -name "admin-ajax.php" \) |xargs ls -al
Re-enables the same scripts that were disabled, above:
find . -type f \( -name "wp-comments-post.php" -o -name "wp-cron.php" -o -name "wp-login.php" -o -name "wp-signup.php" -o -name "wp-register.php" -o -name "wp-mail.php" -o -name "xmlrpc.php" -o -name "admin-ajax.php" \) |xargs chmod 644
4. LVM2
- Installed centos 6.5 minimal
- disabled SE Linux, rebooted
- Added new Hard Disk and attached, under Virtual Machine properties.
Here is the current output of pvdisplay, partition schema created by CentOS install:
[root@node101 ~]# pvdisplay --- Physical volume --- PV Name /dev/sda2 VG Name VolGroup PV Size 24.51 GiB / not usable 3.00 MiB Allocatable yes (but full) PE Size 4.00 MiB Total PE 6274 Free PE 0 Allocated PE 6274 PV UUID 2YSN6Q-JWxH-PzFy-NB6M-Jq5p-tPbw-CFGebg
current output of mount:
[root@node101 ~]# mount | column -t /dev/mapper/VolGroup-lv_root on / type ext4 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) tmpfs on /dev/shm type tmpfs (rw) /dev/sda1 on /boot type ext4 (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
[root@node101 ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sr0 11:0 1 61.7M 0 rom sda 8:0 0 25G 0 disk ??sda1 8:1 0 500M 0 part /boot ??sda2 8:2 0 24.5G 0 part ??VolGroup-lv_root (dm-0) 253:0 0 22G 0 lvm / ??VolGroup-lv_swap (dm-1) 253:1 0 2.5G 0 lvm [SWAP] sdb 8:16 0 16G 0 disk
from: http://www.centos.org/docs/5/html/Cluster_Logical_Volume_Manager/physvol_create.html If you are using a whole disk device for your physical volume, the disk must have no partition table. For DOS disk partitions, the partition id should be set to 0x8e using the fdisk or cfdisk command or an equivalent. For whole disk devices only the partition table must be erased, which will effectively destroy all data on that disk. You can remove an existing partition table by zeroing the first sector with the following command:
[root@node101 ~]# dd if=/dev/zero of=/dev/sdb bs=512 count=1 **** be sure before using dd!!!*** 1+0 records in 1+0 records out 512 bytes (512 B) copied, 0.111475 s, 4.6 kB/s
[root@node101 ~]# lvmdiskscan /dev/ram0 [ 16.00 MiB] /dev/root [ 22.01 GiB] /dev/ram1 [ 16.00 MiB] /dev/sda1 [ 500.00 MiB] /dev/VolGroup/lv_swap [ 2.50 GiB] /dev/ram2 [ 16.00 MiB] /dev/sda2 [ 24.51 GiB] LVM physical volume /dev/ram3 [ 16.00 MiB] /dev/ram4 [ 16.00 MiB] /dev/ram5 [ 16.00 MiB] /dev/ram6 [ 16.00 MiB] /dev/ram7 [ 16.00 MiB] /dev/ram8 [ 16.00 MiB] /dev/ram9 [ 16.00 MiB] /dev/ram10 [ 16.00 MiB] /dev/ram11 [ 16.00 MiB] /dev/ram12 [ 16.00 MiB] /dev/ram13 [ 16.00 MiB] /dev/ram14 [ 16.00 MiB] /dev/ram15 [ 16.00 MiB] /dev/sdb [ 16.00 GiB] 3 disks 17 partitions 0 LVM physical volume whole disks 1 LVM physical volume
[root@node101 ~]# pvcreate /dev/sdb Physical volume "/dev/sdb" successfully created
[root@node101 ~]# pvscan PV /dev/sda2 VG VolGroup lvm2 [24.51 GiB / 0 free] PV /dev/sdb lvm2 [16.00 GiB] Total: 2 [40.51 GiB] / in use: 1 [24.51 GiB] / in no VG: 1 [16.00 GiB]
[root@node101 ~]# vgextend VolGroup /dev/sdb Volume group "VolGroup" successfully extended
[root@node101 ~]# vgdisplay --- Volume group --- VG Name VolGroup System ID Format lvm2 Metadata Areas 2 Metadata Sequence No 4 VG Access read/write VG Status resizable MAX LV 0 Cur LV 2 Open LV 2 Max PV 0 Cur PV 2 Act PV 2 VG Size 40.50 GiB PE Size 4.00 MiB Total PE 1036 Alloc PE / Size 6274 / 24.51 GiB Free PE / Size 4095 / 16.00 GiB VG UUID pJziHG-WXWL-Ycow-oOMm-pCJo-vxz6-4HK1Nd
[root@node101 ~]# lvextend -l +100%FREE /dev/VolGroup/lv_root Extending logical volume lv_root to 38.00 GiB Logical volume lv_root successfully resized
To ensure changes are written to LVM2
[root@node101 ~]# vgchange -ay 2 logical volume(s) in volume group "VolGroup" now active
although the logical volume is extended, the filesystem has not yet:
[root@node101 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/VolGroup-lv_root 22G 804M 20G 4% / tmpfs 1.9G 0 1.9G 0% /dev/shm /dev/sda1 485M 32M 428M 7% /boot
Warning: Not all file systems support growing without loss of data and/or growing online.
Note: If you do not resize your filesystem, there will not be more free space available on the filesystem. The logical volume will be larger but only partly utilized.
[root@node101 ~]# resize2fs /dev/VolGroup/lv_root 38G resize2fs 1.41.12 (17-May-2010) Filesystem at /dev/VolGroup/lv_root is mounted on /; on-line resizing required old desc_blocks = 2, new_desc_blocks = 3 Performing an on-line resize of /dev/VolGroup/lv_root to 9961472 (4k) blocks. The filesystem on /dev/VolGroup/lv_root is now 9961472 blocks long.
[root@node101 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/VolGroup-lv_root 38G 808M 35G 3% / tmpfs 1.9G 0 1.9G 0% /dev/shm /dev/sda1 485M 32M 428M 7% /boot
[root@node101 ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sr0 11:0 1 61.7M 0 rom sda 8:0 0 25G 0 disk ??sda1 8:1 0 500M 0 part /boot ??sda2 8:2 0 24.5G 0 part ??VolGroup-lv_root (dm-0) 253:0 0 38G 0 lvm / ??VolGroup-lv_swap (dm-1) 253:1 0 2.5G 0 lvm [SWAP] sdb 8:16 0 16G 0 disk ??VolGroup-lv_root (dm-0) 253:0 0 38G 0 lvm /