cpanel server changing /tmp permissions during upcp to clamav / 711

Posted on June 14, 2013 by admin

This was an odd one. I found a few servers which had their /tmp permissions changed to user clamav with permissions 711.

Turned out clamav home was set to /tmp causing this during an upcp. A which script to check / fix


tmpcheck='cat /etc/passwd | grep ^clamav: | cut -d: -f6';
echo "Warning /tmp set as homedir for user clamav";
if [ "$tmpcheck" = "/tmp" ]; then
if [ ! -e /usr/local/clamav ]; then
mkdir -p /usr/local/clamav
chown clamav:clamav /usr/local/clamav
usermod -d /usr/local/clamav clamav
else
echo '/usr/local/clamav already exists, no changes made';
fi
fi

This will create clamav home as /usr/local/clamav, only if it does not exist already. Another option may be /home/clamav

Posted in cPanel | Leave a comment

InterServer’s in house customer portal features

Posted on June 13, 2013 by admin

InterServer’s customer portal at https://my.interserver.net provides a lot addons included in the price. Many of these are for VPS’s (kvm/openvz) or InterServer quickservers. Here is a small list of features:

1) Backup creation – under system management under the VPS you can create a backup of a running VPS. For KVM there is no downtime, and with openvz there is a small amount of downtime for backups. These are stored on interserver cloud storage systems and does not count toward your space usage. These backups can be restored onto a new VPS or a reinstall with the same VPS.

2) Server monitoring – under the monitoring tab in my.interserver.net you can monitor an external IP address for services like ping or httpd. Email can be sent on failure.

3) DNS Control – using cdns1/cdns2/cdns3.interserver.net under my.interserver.net -> domains -> dns manager create and manage your own dns records. These dns servers are geo distributed (NJ and LA). Great for a small vps looking to lower memory usage by not running a separate dns server.

4) Reboot / stop / start and reinstall under system management.

5) Out of band VNC – KVM only – set up vnc to connect out of band to your system. You can connect even if networking is down on your VPS. A similar feature coming soon for openvz.

6) Tons of OS choices available now – Gentoo / Centos / Debian / Ubuntu / Windows 2008/2012 and more.

7) Purchase additional harddrive space – under system management. You don’t need to add additional slices to increase just disk space on your VPS.

8) Add additional slices – under system management. Increase cpu / memory / disk space and bandwidth limit all at once.

All of the above can be done with out contacting support for assistance.

Posted in InterServer | Leave a comment

database is locked (sqlite / yum issue not rpm issue)

Posted on June 11, 2013 by admin

On occasion an RPM db can get corrupt on RHEL based systems. Running rpm -vv –rebuilddb after backing up /var/lib/rpm is a quick fix to the problem.

I came across the following error during a yum update, on an openvz container


(process:7450): GLib-CRITICAL **: g_timer_stop: assertion `timer != NULL' failed

(process:7450): GLib-CRITICAL **: g_timer_destroy: assertion `timer !=

TypeError: Can not create db_info table: database is locked

Now my immediate thought was rpm db, but that was not the case. This was from a sqlite file in /var/cache/yum.

Cleaning the headers / all in yum did not help, in this case I had to restart the openvz container to release the lock on the database.

Posted in Linux | Leave a comment

The easy way to remove javascript inserts (viruses) from php javascript (js) and html using sed.

Posted on May 28, 2013 by admin

Client site have lots of javascripts inserted into it? If there are comments between this, then you can remove them with sed in ssh/shell.

I generally see these ftp inserts through a client side password stealer. First, find out where it is coming from (kindly ask your user to use SCP / SFTP in the future as well).

Now on to the cleaning, and hopefully my own domain doesn’t get picked up as as unsafe by google.

Here is my example from previous work on the example issue:

Client got javascript virus, nice guy virus inserted comments like 4d9f97 for the virus. html, php and javascript are all different but in each 4d9f97 is commented between them. We can use sed and a regex to remove data between these:

example showing what exactly is happening:

cat index.htm | grep 4d9f97
                    </div><!--4d9f97--><script type="text/javascript" language="javascript">
VIRUS GOES HERE
<!--/4d9f97-->

PHP and javascript follow the same pattern, commented as well.

1) backup the file
cp index.htm index.htm.old

2) run script

 cat index.htm |  sed ':a;N;$!ba;s/\(\/\*\|\#\|<!--\)4d9f97\(\*\/\|\#\|-->\).*\(\/\*\/\|\#\/\|<!--\/\)4d9f97\(\*\/\|\#\|-->\)/ /g' -i index.htm

3) compare

diff index.htm index.htm.old 
165c165
<                   </div> 
---
>                   </div><!--4d9f97-->><script type="text/javascript" language="javascript" >                                                                                                                                                      VIRUS                                                                                                                                                      <!--/4d9f97-->

Coverts html comments and php/js comments, removing the text in between

Notes:
* Always backup first, I’ve only tested this a few times.
* Normal IFS does not handle files with spaces in them.
* change 4d9f97 to whatever your comments are.

Full example on an entire directory:

cd /home/username
tar -zcf public_html.tgz public_html
cd public_html
OIFS=$IFS 
IFS="
"
for i in `grep -lri 4d9f97 .`; do cat "$i" | sed ':a;N;$!ba;s/\(\/\*\|\#\|<!--\)4d9f97\(\*\/\|\#\|-->\).*\(\/\*\/\|\#\/\|<!--\/\)4d9f97\(\*\/\|\#\|-->\)/ /g' -i "$i"; done
IFS=$OIFS;

Credit to InterServer sysadmin Detain for the sed work.

Posted in Security | Leave a comment

Converting to nginx on a cpanel server

Posted on May 22, 2013 by admin

Moved to http://forum.interserver.net/forum/threads/beta-convert-to-nginx-on-a-centos-cpanel-server.1857/

I’ve been working on a script slowly to convert a cpanel server to nginx for a while. I consider the script now to be good enough to allow others to use it. Some things to consider:

* tested on centos 5/6
* only available for cpanel
* I don’t have an easy way to convert back yet (but will add this in and show below how it can be easily removed.
* You must be able to run commands as root in SSH
* non static content is proxied to apache

Converting to nginx
Run the following ssh commands
Code:

rsync -a rsync://mirror.trouble-free.net/admin /admin
/admin/upscripts

1) Install + convert

/admin/convert2nginx yes all

Nginx will be installed, the apache vhosts converted and started up. But you are not done, you should also

2) Add to cron

*/2 * * * * /admin/nginx_monitor.sh >/dev/null 2>&1

3) Remove fileprotect

/scripts/disablefileprotect

4) Configure mod_rpaf by adding the below to /usr/local/apache/conf/includes/pre_virtualhost_global.conf

The install process also configured mod_rpaf. Note change RPAFproxy_ips to your server IPs.

LoadModule rpaf_module modules/mod_rpaf-2.0.so

RPAFenable On
# Enable reverse proxy add forward
RPAFproxy_ips 127.0.0.1 10.0.0.1
# which ips are forwarding requests to us
RPAFsethostname On
# let rpaf update vhost settings
# allows to have the same hostnames as in the "real"
# configuration for the forwarding Apache
RPAFheader X-Forwarded-For
# Allows you to change which header mod_rpaf looks
# for when trying to find the ip the that is forwarding
# our requests


Once done restart apache with /scripts/restartsrv_httpd

So what just happened? /admin/convert2nginx did the following

* installed nginx
* installed mod_rpaf
* converted the vhosts to nginx (/usr/local/nginx/conf/virtual.include)
* added /admin/nginx_monitor.sh to /etc/rc.d/rc.local
* created /scripts/legacypostwwwacct and /etc/logrotate.d/nginx
* change /var/cpanel/cpanel.config to reflect apache_port=0.0.0.0:81

Your steps are to add the cron and configure mod_rpaf, and if needed disable file protect.

Disabling nginx

To disable edit /var/cpanel/cpanel.config and change apache_port=0.0.0.0:81 to apache_port=0.0.0.0:80

Save and run
killall -9 nginx
/usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings
/usr/local/cpanel/bin/build_apache_conf
/scripts/restartsrv_httpd

nginx_monitor.sh will not run if the apache port is not set to 81

To remove completely: delete /usr/local/nginx, /etc/logrotate.d/nginx, /scripts/legacypostwwwacct, nginx_monitor from cron and /etc/rc.d/rc.local startup of nginx

To do

Add in support for file protect (better to get cloudlinux with cagefs anyway)
Add in DA support
Add in removal script

John Quaglieri
InterServer Inc

Posted in cPanel | Leave a comment

Install clamavconnector (cpanel addon) from SSH

Posted on May 15, 2013 by admin

I avoid logging into WHM whenever possible, relying on ssh, and normally cpanel as script or command so WHM can be avoided. I’ve been looking around for a way to install clamavconnector with out logging into WHM and enabling it in the addons section. Unfortunatly there is no script to do this with cpanel. However after enabling it a few times in WHM, I was able to write my own script to do this.

The script is below, if the plugin is installed already the update addon WHM script is called. This has been tested in i686 and x86_64 only.

[code]
#!/bin/bash

# small sanity checks
if [ ! -e /etc/redhat-release ]; then
echo 'Tested on rhel only';
exit;
fi

if [ ! -e /usr/local/cpanel ]; then
echo 'Requires cpanel';
exit;
fi

#make dir if it doesn't exist
mkdir -p /usr/local/cpanel/modules-install
cd /usr/local/cpanel/modules-install

# supports i686 and x86_64
arch=`uname -m`;

if [ ! -d clamavconnector-Linux-${arch} ]; then
if [ -f clamavconnector-Linux-${arch}.tar.bz2 ]; then
/bin/rm clamavconnector-Linux-${arch}.tar.bz2
fi
wget http://httpupdate.cpanel.net/cpanelsync/addons/modules/clamavconnector-Linux-${arch}.tar.bz2
if [ -e clamavconnector-Linux-${arch}.tar.bz2 ]; then
tar -jxvf clamavconnector-Linux-${arch}.tar.bz2
rm clamavconnector-Linux-${arch}.tar.bz2
cd clamavconnector-Linux-${arch}
./install
fi
else
echo "clamav installed already, updating";
/usr/local/cpanel/whostmgr/bin/whostmgr2 --updateaddons
fi

[/code]

Posted in cPanel | Leave a comment

Kernel too old on centos5 hostnode for ubuntu 12.04 and 12.10

Posted on March 29, 2013 by admin

Getting kernel too old (and a failure to start up) for the ubuntu 12.04 and 12.10 templates on openvz? The newer templates may only work on centos 6 servers, and you may not want to upgrade systems to centos6 yet. Updates continue until Mar 31, 2017 anyway.

You can use the following ubuntu templates instead which are tested to work on centos 5 openvz systems:

ubuntu-12.04-x86_64

https://storage-nj.interserver.net:8080/v1/AUTH_251d29dc-76c2-4ea1-bd6d-08bcd0097596/pub/ubuntu-12.04-x86_64.tar.gz

ubuntu-12.04-x86

https://storage-nj.interserver.net:8080/v1/AUTH_251d29dc-76c2-4ea1-bd6d-08bcd0097596/pub/ubuntu-12.04-x86.tar.gz

ubuntu-12.10-x86_64

https://storage-nj.interserver.net:8080/v1/AUTH_251d29dc-76c2-4ea1-bd6d-08bcd0097596/pub/ubuntu-12.10-x86_64.tar.gz

ubuntu-12.10

https://storage-nj.interserver.net:8080/v1/AUTH_251d29dc-76c2-4ea1-bd6d-08bcd0097596/pub/ubuntu-12.10-x86.tar.gz

You will need to add

ubuntu-12.04 2.6.32

ubuntu-12.10 2.6.32

to /etc/vz/osrelease.conf

Posted in OpenVZ | 2 Comments

Restore cpanel incremental backups in ssh

Posted on March 24, 2013 by admin

If you try to restore incremental backups with pkgacct you’ll find at first the backup will not restore. An undocumented feature is you can rename the backup file to cpmove-username and then run restorepkg. In the default set up cpanel will also remove the backup file when done, with “Cleaning up extract directory”, so before the restore you can run chattr +i cpmove-username to keep the directory. When done run chattr -ia cpmove-username and move the folder back to its original name.

I wrote up a script that can be used to restore all incremental backups in a folder as well. Set DIR to be the full path where the files are located. The ARGS variable can be set with restorepkg options like –skipres and/or –force.


#!/bin/bash

DIR='/mnt/cpbackup/daily'
# add restorepkg args like --skipres --force
ARGS='';

cd $DIR
for i in *; do
#format username/cp/username
if [ -e $i/cp/$i ]; then
# rename backup
mv -v $i cpmove-$i
if [ ! -d cpmove-$i ]; then
echo "Error: cpmove-$i does not exist, is the file system read only?";
return;
fi
# otherwise cpanel will "Cleaning up extract directory" and remove the backup
chattr +iv cpmove-$i
/scripts/restorepkg $ARGS $DIR/cpmove-$i
# move backup file back
chattr -iv cpmove-$i
mv -v cpmove-$i $i
fi
done

Posted in cPanel | Leave a comment

Linux boot hang at pci msi quirk

Posted on January 29, 2013 by admin

I had an older server that randomly locked up during boot at

pci msi quirk

All kernel’s were giving an issue. The issue was fixed by disabling legacy USB in bios (set to auto, turned off)

Posted in Linux | Leave a comment

cPanel’s spamassassin outgoing mail scan

Posted on January 16, 2013 by admin

cPanel now can have spamassassin scan outgoing mail. This is something that is a great feature to enable. You may have a secure server setup, emails per hour limited, php mail header patch on or other ability to track mail – but there is no sure way to keep every spam script out of your servers.

With this feature enabled, spamassassin will drop mail over a certain score. Originally you could only have the feature on or off, and not set a spam score but recent updates allow you to set a score.

If you are like me, you might rarely log into WHM, but want to enable this feature. Luckily you can from SSH.

For a score of 10 on outgoing spam set

acl_outgoing_spam_scan_over_int=100

in /etc/exim.conf.localopts

To use the default spamassasin score set
acl_outgoing_spam_scan=1

In the /etc/exim.conf.localopts file and do not set acl_outgoing_spam_scan_over_int

When done run

/scripts/buildeximconf

Posted in cPanel | Leave a comment