Click on the "Tweak Settings" link under "Server Setup". Within the "Mail" section is a text box with the heading:
"Number of minutes between mail server queue runs (default is 60).:"
Change the value and apply the changes by clicking on the "Save" button at the bottom of the page.
Sunday, March 16, 2008
why do i get this mysql error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 0
You should check that mysqld is running first of all. If it is, check to see that it's looking for the correct UNIX socket.
On FreeBSD it would look something like this :
# netstat -f unix grep mysql
x65b33c0 stream 0 0 e5477840 0 0 0 /tmp/mysql.sock
On Linux is would look something like :
# netstat -ax grep mysql
unix 2 [ ACC ] STREAM LISTENING 362783486 /var/lib/mysql/mysql.sock
If you have one and an application is looking for the other, make a symbolic link (ln -s) from the one you see to the one it wants.
On FreeBSD it would look something like this :
# netstat -f unix grep mysql
x65b33c0 stream 0 0 e5477840 0 0 0 /tmp/mysql.sock
On Linux is would look something like :
# netstat -ax grep mysql
unix 2 [ ACC ] STREAM LISTENING 362783486 /var/lib/mysql/mysql.sock
If you have one and an application is looking for the other, make a symbolic link (ln -s) from the one you see to the one it wants.
Where can I set cPanel to alert users who are close to exceeding disk space limits?
Click on the "Tweak Settings" link under "Server Setup". Within the "Notifications" section is a check box with the heading:
"Disk Space Usage Warnings"
Tick the check box and apply the changes by clicking on the "Save" button at the bottom of the page.
"Disk Space Usage Warnings"
Tick the check box and apply the changes by clicking on the "Save" button at the bottom of the page.
How do I block an IP on my server?
If you want to block access to your server for whatever reason, you will need to log into the shell as root. Your server should either have ipchains or iptables to help accomplish this.
In this example, the attacking IP is 192.168.56.210 .
If you are using ipchains, type "ipchains -A input -j DENY -p all -l -s 192.168.56.210/32"
If you are using iptables, type "iptables -A INPUT -s 192.168.56.210/32 -j DROP"
If you just want to block access to one port from an ip :
iptables -A INPUT -s 192.168.56.210/32 -p tcp --destination-port 23 -j DROP
The above would drop all packets from 192.168.56.210/32 to port 23 (telnet) on the server.
In this example, the attacking IP is 192.168.56.210 .
If you are using ipchains, type "ipchains -A input -j DENY -p all -l -s 192.168.56.210/32"
If you are using iptables, type "iptables -A INPUT -s 192.168.56.210/32 -j DROP"
If you just want to block access to one port from an ip :
iptables -A INPUT -s 192.168.56.210/32 -p tcp --destination-port 23 -j DROP
The above would drop all packets from 192.168.56.210/32 to port 23 (telnet) on the server.
What do I do if CPanel ports 2083 and 2087 do not work?
The stunnel binary listens on these ports and forwards the requests to cpsrvd (the web interface binary). Ensure that it is running.
root@cpdemo [~]# ps wwwaux grep stunnel
cpanel 25180 0.0 0.2 34572 1364 ? S 03:17 0:00 /usr/bin/stunnel-4.04local /usr/local/cpanel/etc/stunnel/mycabundle/stunnel.conf.run
root 31191 0.0 0.1 4764 672 pts/3 S 15:59 0:00 grep stunnel
root@cpdemo [~]#
If it is not running try starting it.
root@cpdemo [~]# ps wwwaux grep stunnel
root 31228 0.0 0.1 4764 672 pts/3 S 16:00 0:00 grep stunnel
root@cpdemo [~]# /usr/local/cpanel/startstunnel
root@cpdemo [~]# ps wwwaux grep stunnelcpanel 31241 0.0 0.3 3696 1656 ? S 16:00 0:00 /usr/bin/stunnel-4.04local /usr/local/cpanel/etc/stunnel/mycabundle/stunnel.conf.runroot 31243 0.0 0.1 4772 672 pts/3 S 16:00 0:00 grep stunnelroot@cpdemo [~]#
root@cpdemo [~]# ps wwwaux grep stunnel
cpanel 25180 0.0 0.2 34572 1364 ? S 03:17 0:00 /usr/bin/stunnel-4.04local /usr/local/cpanel/etc/stunnel/mycabundle/stunnel.conf.run
root 31191 0.0 0.1 4764 672 pts/3 S 15:59 0:00 grep stunnel
root@cpdemo [~]#
If it is not running try starting it.
root@cpdemo [~]# ps wwwaux grep stunnel
root 31228 0.0 0.1 4764 672 pts/3 S 16:00 0:00 grep stunnel
root@cpdemo [~]# /usr/local/cpanel/startstunnel
root@cpdemo [~]# ps wwwaux grep stunnelcpanel 31241 0.0 0.3 3696 1656 ? S 16:00 0:00 /usr/bin/stunnel-4.04local /usr/local/cpanel/etc/stunnel/mycabundle/stunnel.conf.runroot 31243 0.0 0.1 4772 672 pts/3 S 16:00 0:00 grep stunnelroot@cpdemo [~]#
What do I do if my MySql.sock file is missing?
1. THIS IS THE MOST IMPORTANT! Back up the /var/lib/mysql directory!!!!!!!
# cp -fr /var/lib/mysql /var/lib/mysql.old
2. Check /var/lib/mysql and /tmp for the .sock file (is it in both places?)
3. Recreate the symbolic link to the .sock file:
# ln -s /var/lib/mysql/mysql.sock /tmp/mysql.sock
4. Now check the permissions of the /var/lib/mysql. It should be 0755 and mysql:root. If not:
# chmod 0755 /var/lib/mysql
# chown mysql:root /var/lib/mysql
5. cat /etc/passwd to make sure that the mysql user is there.
6. Does /var/lib/mysql/mysql/host.MYI exist? If not then:
# chmod -R 0660 /var/lib/mysql/mysql
# chown -R mysql:mysql /var/lib/mysql/mysql
# /usr/bin/mysql_install_db
7. Now try to force an update:
# /scripts/mysqlup --force
8. If all else fails, then you may have a corrupted table. No before you do this, TRIPLE CHECK that you have backed up the /var/lib/mysql directory. It fact, check it 4 times!
# rm -fr /var/lib/mysql
# rm -f /usr/sbin/mysqld Then force another update:
# /scripts/mysqlup --force
Now if all if this did not help, then try:
# /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --pid-file=/var/lib/mysql/Server_HostName.pid --skip-locking &
# cp -fr /var/lib/mysql /var/lib/mysql.old
2. Check /var/lib/mysql and /tmp for the .sock file (is it in both places?)
3. Recreate the symbolic link to the .sock file:
# ln -s /var/lib/mysql/mysql.sock /tmp/mysql.sock
4. Now check the permissions of the /var/lib/mysql. It should be 0755 and mysql:root. If not:
# chmod 0755 /var/lib/mysql
# chown mysql:root /var/lib/mysql
5. cat /etc/passwd to make sure that the mysql user is there.
6. Does /var/lib/mysql/mysql/host.MYI exist? If not then:
# chmod -R 0660 /var/lib/mysql/mysql
# chown -R mysql:mysql /var/lib/mysql/mysql
# /usr/bin/mysql_install_db
7. Now try to force an update:
# /scripts/mysqlup --force
8. If all else fails, then you may have a corrupted table. No before you do this, TRIPLE CHECK that you have backed up the /var/lib/mysql directory. It fact, check it 4 times!
# rm -fr /var/lib/mysql
# rm -f /usr/sbin/mysqld Then force another update:
# /scripts/mysqlup --force
Now if all if this did not help, then try:
# /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --pid-file=/var/lib/mysql/Server_HostName.pid --skip-locking &
What do I do if my quotas show 0 in WHM?
ssh into the server then issue:
/sbin/quotaoff -av
/sbin/quotacheck -augvm
/sbin/quotaon -av
/sbin/quotaoff -av
/sbin/quotacheck -augvm
/sbin/quotaon -av
What do I do if webmail is pulling a blank page?
SSH into your server and run the following command:
/usr/local/cpanel/3rdparty/bin/php
The error that is produced should give you library that is missing, such as this:
# /usr/local/cpanel/3rdparty/bin/php
/usr/libexec/ld-elf.so.1: Shared object "libintl.so.4" not found
You would then need to find libintl.so.4 and verify that it is pointing to the right shared library. As we can see from the following example, it is actually pointing to a nonexistant library:
# ls -l libintl*
-rw-r--r-- 1 root wheel 51918 Apr 11 20:16 libintl.a
lrwxr-xr-x 1 root wheel 12 Apr 11 20:16 libintl.so -> libintl.so.6
lrwxr-xr-x 1 root wheel 12 Mar 29 12:26 libintl.so.4 -> libintl.so.5
-r--r--r-- 1 root wheel 38925 Apr 11 20:16 libintl.so.6
To fix this, the following command would be run:
# rm libintl.so.4
# ln -s libintl.so.6 libintl.so.4
/usr/local/cpanel/3rdparty/bin/php
The error that is produced should give you library that is missing, such as this:
# /usr/local/cpanel/3rdparty/bin/php
/usr/libexec/ld-elf.so.1: Shared object "libintl.so.4" not found
You would then need to find libintl.so.4 and verify that it is pointing to the right shared library. As we can see from the following example, it is actually pointing to a nonexistant library:
# ls -l libintl*
-rw-r--r-- 1 root wheel 51918 Apr 11 20:16 libintl.a
lrwxr-xr-x 1 root wheel 12 Apr 11 20:16 libintl.so -> libintl.so.6
lrwxr-xr-x 1 root wheel 12 Mar 29 12:26 libintl.so.4 -> libintl.so.5
-r--r--r-- 1 root wheel 38925 Apr 11 20:16 libintl.so.6
To fix this, the following command would be run:
# rm libintl.so.4
# ln -s libintl.so.6 libintl.so.4
What is LAMP?
It's an abreviation of Linux, Apache, MySQL, PHP. The most common way of putting a data driven page on the internet.
What is the difference between parking my domain and creating a subdomain?
When you park a domain, the web traffic goes to a default page with the default user. This works with new domains. A subdomain is an extension of a domain like www.intranet.mycompany.com versus www.mycompany.com. These can be two completely different sites on two completely different servers.
What should I check if my Apache keeps crashing?
Check the log files. On default RHEL installations this is /var/log/httpd/error_log, on cPanel servers this is /usr/local/apache/logs/error_log.
This will usually tell you what the problem is.
This will usually tell you what the problem is.
What do I do if none of my PHP scripts are running?
Check your httpd.conf file. You will need to make sure the following lines are present or included:
LoadModule php_module modules/libphp4.so
AddHandler php-script .php
AddType text/html .php
DirectoryIndex index.php
LoadModule php_module modules/libphp4.so
AddHandler php-script .php
AddType text/html .php
DirectoryIndex index.php
What do I do if httpd (Apache 1.3.33 Unix) will not start?
1) Check the error_log file. Most errors will show up in this file when start/restarting Apache. This can help narrow down what files you need to look at.
2) Check the hostname. Make sure the machine knows it's own name. Type 'hostname' and then check it against nslookup or dig. These should match for best results.
3) Check log file sizes. Most Linux installations don't care much for files over 2GB. You can check for these in your log directories by "using du -a sort -n -r head -n 20". This will show you the 20 largest files in the current directory.
2) Check the hostname. Make sure the machine knows it's own name. Type 'hostname' and then check it against nslookup or dig. These should match for best results.
3) Check log file sizes. Most Linux installations don't care much for files over 2GB. You can check for these in your log directories by "using du -a sort -n -r head -n 20". This will show you the 20 largest files in the current directory.
When sending mail through Exim, it comes back with a 500 - Administrative Prohibition error. How can I find out what is wrong?
In exim, you may set the following option by logging in WHM, clicking on Exim Configuration Editor, and then selecting Advanced Configuration. In the first text box, put:
smtp_return_error_details=yes
nd click on save. This will provide a detailed explanation of exactly what is wrong.
smtp_return_error_details=yes
nd click on save. This will provide a detailed explanation of exactly what is wrong.
What do I do if my cpanel users can not change their passwords?
This is evidence of a minor short coming in cpsrvd. Use 'chage -m 0 ' to permit a password change immediately.
My server is under SYN attack, what can I do?
If under a SYN flood attack, it would look like this:
tcp 0 0 12.34.56.78:80 211.48.6.244:1048 SYN_RECV
tcp 0 0 12.34.56.78:80 128.223.93.135:1167 SYN_RECV
tcp 0 0 12.34.56.78:80 194.15.197.170:1192 SYN_RECV
tcp 0 0 12.34.56.78:80 199.155.53.109:1039 SYN_RECV
tcp 0 0 12.34.56.78:80 4.168.188.28:1048 SYN_RECV
when you run :
netstat -an grep :80 more
but with several hundred of them, not five :)
Assuming your kernel was built with syncookie support, type the following as root.
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
If it's not enabled, there isn't much you can do other than build a new kernel and reboot and use it or wait out the attack. Some datacenters can help with this as well.
tcp 0 0 12.34.56.78:80 211.48.6.244:1048 SYN_RECV
tcp 0 0 12.34.56.78:80 128.223.93.135:1167 SYN_RECV
tcp 0 0 12.34.56.78:80 194.15.197.170:1192 SYN_RECV
tcp 0 0 12.34.56.78:80 199.155.53.109:1039 SYN_RECV
tcp 0 0 12.34.56.78:80 4.168.188.28:1048 SYN_RECV
when you run :
netstat -an grep :80 more
but with several hundred of them, not five :)
Assuming your kernel was built with syncookie support, type the following as root.
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
If it's not enabled, there isn't much you can do other than build a new kernel and reboot and use it or wait out the attack. Some datacenters can help with this as well.
How do I test my Apache configuration without restarting apache?
To test the configuration of your Apache server without restarting the server,is as easy as using the 'configtest' option with Apache's startup script.
This will allow you to make sure the server will actually start after you havemade your changes.
[root@plesk root]# /etc/init.d/httpd configtest
[Mon Nov 14 22:14:44 2005] [warn] module php4_module is already loaded, skipping
Syntax OK
[root@plesk root]#
root@demo [~]# /usr/local/apache/bin/apachectl configtest
[Mon Nov 14 22:12:57 2005] [warn] NameVirtualHost 10.0.0.2:80 has no VirtualHosts
Syntax OK
root@demo [~]#
This will allow you to make sure the server will actually start after you havemade your changes.
[root@plesk root]# /etc/init.d/httpd configtest
[Mon Nov 14 22:14:44 2005] [warn] module php4_module is already loaded, skipping
Syntax OK
[root@plesk root]#
root@demo [~]# /usr/local/apache/bin/apachectl configtest
[Mon Nov 14 22:12:57 2005] [warn] NameVirtualHost 10.0.0.2:80 has no VirtualHosts
Syntax OK
root@demo [~]#
What do I do if /var partition is constantly running out of space?
Make sure your log rotation scripts are configured and working properly. If you've disabled crond for some reason it's likely that none of the log files in /var/log are being compressed and periodically deleted. Another commonly filled directory is /var/spool/mail. If you seldom or never check mail on your server this could consume considerable amounts of space. Make sure you either forward that mail to an address you'll read or read it from the server directly. In either case you will have to delete files before any compression can take place. Be aware that large files may not fit into temporary space so keeping /var tidy can be critically important.
How do I upgrade Apache on my Cpanel box?
There are two ways to update your Apache version on cpanel. The first is fromwithin WHM. Underneath the "Software" section in the menubar, is "Apache Update."
Merely click this link, and then follow the on screen directions. From the commandline, you can run /scripts/easyapache, which will provide an interface to updateapache that provides a few more options than WHM. Either way, you will want togo ahead and make a backup of your Apache configuration before preforming an update to a newer version.
How do I use a different home directory for my CPanel accounts?
CPanel will automatically use directories named in the home[0-9] fashion. Soif you were to add another hard disk, and mount it as /home2, CPanel willbegin to use it for new accounts.
How do I uninstall CPanel?
Unfortunately, there is no way to uninstall CPanel. You can remove some of the services,and turn off the daemons, but there will be countless things that you miss. The bestsolution would be to get an OS-Reload, into the operating system of your choice.
How do I update to the latest version of exim?
In order to manually upgrade to the latest version of exim, you will have to ssh into the server and run the command:
/scripts/eximup
/scripts/eximup
How do I stop all our exim and spamd processes via ssh?
In order to do this through SSH, you can run the init scripts that ar provided. On Redhat, the commands would be:
/etc/init.d/exim stop
/etc/init.d/spamassassin stop
On FreeBSD, the commands would be:
/etc/rc.d/init.d/exim stop
And you will need to also run 'killall spamd'
/etc/init.d/exim stop
/etc/init.d/spamassassin stop
On FreeBSD, the commands would be:
/etc/rc.d/init.d/exim stop
And you will need to also run 'killall spamd'
How do I install a language pack in CPanel?
CPanel does not formally release any language packs. You will first have to findthe language pack that you are wanting to install. This can usually be done bysearching CPanel's forums, located at http://forums.cpanel.net/
After finding a suitable language pack, you can install it by preforming the followingsteps:
Login to WHM as root
After finding a suitable language pack, you can install it by preforming the followingsteps:
Login to WHM as root
- Scroll down to Languages on the left menu bar
- Select Upload a Language file
- Browse your local computer to find the file
- Press upload to upload the file
- You should now have the ability to select the language that you uploaded.
Exploit Removal Guide
The following is a first step in finding and removing exploits and root kits on a Linux or BSD system.
1. EXECUTE THE FOLLOWING COMMANDS TO HELP PREVENT UPLOADS OF EXPLOITS:
chmod 0750 `which curl` 2>&-; chmod 0750 `which fetch` 2>&-; chmod 0750 `which wget` 2>&-
2. EXECUTE THE FOLLOWING COMMANDS TO CHECK FOR POSSIBLE EXISTING EXPLOITS:
shfor x in "/dev/shm /tmp /usr/local/apache/proxy /var/spool /var/tmp"; do ls -loAFR $x 2>&- grep -E "^$^/ apache nobody unknown www web htdocs " grep -E "^$^//$\*$\.pl$" grep -Ev "sess_" tee exploits.txt; done; echo -e "\n\nPossible Exploit Files and Directories: `grep -Ev "^$^/" exploits.txt wc -l tr -d ' '`" tee -a exploits.txtexit
Lines ending with an asterisk '*', '.pl', or a slash '/' are possible exploit files or directories which should be investigated and removed followed by rebooting the server to kill any running exploit processes. You can refer to the exploits.txt file generated by the above commands for later reference.
3. You should also install and run the progam called rkhunter.
Rootkit Hunter is scanning tool to ensure you for about 99.9% you're clean of nasty tools.
This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5/SHA1 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
WWW: http://www.rootkit.nl/
On BSD sytems:
cd /usr/ports/security/rkhunter; make install clean; rehash; rkhunter -c(or for help with rkhunter arguments do: rkhunter -h)
On RedHat, Fedora, CentOS systems:
yum -y install rkhunter;
rkhunter -c
(or for help with rkhunter arguments do: rkhunter -h)
1. EXECUTE THE FOLLOWING COMMANDS TO HELP PREVENT UPLOADS OF EXPLOITS:
chmod 0750 `which curl` 2>&-; chmod 0750 `which fetch` 2>&-; chmod 0750 `which wget` 2>&-
2. EXECUTE THE FOLLOWING COMMANDS TO CHECK FOR POSSIBLE EXISTING EXPLOITS:
shfor x in "/dev/shm /tmp /usr/local/apache/proxy /var/spool /var/tmp"; do ls -loAFR $x 2>&- grep -E "^$^/ apache nobody unknown www web htdocs " grep -E "^$^//$\*$\.pl$" grep -Ev "sess_" tee exploits.txt; done; echo -e "\n\nPossible Exploit Files and Directories: `grep -Ev "^$^/" exploits.txt wc -l tr -d ' '`" tee -a exploits.txtexit
Lines ending with an asterisk '*', '.pl', or a slash '/' are possible exploit files or directories which should be investigated and removed followed by rebooting the server to kill any running exploit processes. You can refer to the exploits.txt file generated by the above commands for later reference.
3. You should also install and run the progam called rkhunter.
Rootkit Hunter is scanning tool to ensure you for about 99.9% you're clean of nasty tools.
This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5/SHA1 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
WWW: http://www.rootkit.nl/
On BSD sytems:
cd /usr/ports/security/rkhunter; make install clean; rehash; rkhunter -c(or for help with rkhunter arguments do: rkhunter -h)
On RedHat, Fedora, CentOS systems:
yum -y install rkhunter;
rkhunter -c
(or for help with rkhunter arguments do: rkhunter -h)
RootCheck Installation
RootCheck scans the system looking for possible trojans ,scans the ports for malicious activity ,and checks for rootkits,and also the logs,permissions and more.
Installation Instructions
Rootcheck is a very simple software. Just unpack, compile and execute it. It will scan the system and print if it found or not any rootkit.
Login to your server and su to root.
tar -xvzf rootcheck-0.7.tar.gz
cd rootcheck-0.7
make all
./ossec-rootcheck
There is also an example file that explains the different options for root checkMore Information about rootcheck is available at http://www.ossec.net/
Rkhunter Installation
Rkhunter is a very useful tool that is used to check for trojans, rootkits, and other security problems. This tutorial will touch on installing and setting up a daily report for rkhunter.Installing:
tar -zxvf rkhunter-1.1.1.tar.gz
cd rkhunter-1.1.1
./installer.sh
Now you can run a test scan with the following command:
/usr/local/bin/rkhunter -c
How to setup a daily scan report?
pico /etc/cron.daily/rkhunter.sh
add the following replacing your email address:
#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 mail -s "Daily Rkhunter Scan Report" email@domain.com)
chmod +x /etc/cron.daily/rkhunter.sh
I just got a false positive!! What do i do?
False positives are warnings which indicates there is a problem, but aren't really a problem. Example: some Linux distro updated a few common used binaries like `ls` and `ps`. You (as a good sysadmin) update the new packages and run (ofcourse) daily Rootkit Hunter. Rootkit Hunter isn't yet aware of these new files and while scanning it resports some "bad" files. In this case we have a false positive. You could always have your datacenter or a system administrator check out the server to verify that it is not compromised.
More information on rkhunter can be found here: http://www.rootkit.nl
Subscribe to:
Posts (Atom)
