Categories

Tuesday 24 April 2012

MScripts to do migration of containers in OPenVZ from one node to another



*Migration
for CT in $(vzlist -H -o veid);do vzmigrate -r no --keep-dst 77.95.229.43(destinationIP) $CT; done

*Updating SolusVM
for VSERVERID in $`cat vsrvrids.txt`;do /scripts/vm-migrate $VSERVERID 12; done

Thursday 19 April 2012

Domain name Transfer

Domain Name Registration
When a domain is first registered, the process is done under a registrar. This means that the registrar claims a domain name for a user on their behalf. This registrar has user interfaces where users can manage all their domains registered through that specific registrar.
Domain Name Transfer
Domain transfer is a process of moving a domain name from one registrar to another. All relevant information and the domain name remain the same. It is only the administration aspects of that domain and the registrar information that will be changed. This is particularly useful when a user has multiple domains and wishes to administer them all under one panel/registrar.
Terminologies
  • Current registrar: Registrar you currently have a domain with (losing registrar).
  • New registrar: Registrar you want to move your domain to (gaining registrar).
Transferring a domain involves the following steps:
  • The user submits the name of the domain or domains to be transferred to the new registrar.
  • If an authorization or EPP key is required, the current registrar will send an email to the domain owner with the proper key. (Authorization keys are required for all tlds  handles: .com, .net., .org, etc.)
  • Authorization key is provided to the new registrar.
  • The domain transfer is submitted to the registry by the new registrar.
  • An email is sent to the domain owner requesting for approval of the transfer process by the new registrar.
  • The domain owner can either approve or disapprove the transfer request.
  • If the request is approved, the transfer is completed. The transfer period varies between registrars, but it is estimated to be between 5 to 10 days.
Reasons for domain name transfer failure:
  • It is locked with your current registrar.
  • Incorrect EPP/Authorization Key.
  • You are transferring it to the same registrar it is registered with (yes this can happen sometimes).
  • The name includes profanity (some registrars do not allow that).
  • It is privately registered (the email wouldn’t get to the owner).
  • The email address on file is not the most recent email (administrative contact email address is inaccessible).
  • A domain name transfer is prohibited during the first 60 days of initial registration or during the first 60 days after a registrar transfer.
  • The domain name has already expired.
All the information listed above can be obtained by performing a whois check or through the registrar administration interface.
Unlocking a domain can be done easily by:
  • Going to the website of the current domain registrar.
  • Using your username and password to login to your account.
  • Going to the domain management of your domains and choosing the domain you wish to unlock.
  • In the detailed options of your domain, choose to unlock the domain.
Many people use the option for “private registration” or “domain privacy” which hides the personal contact information from the WHOIS database. This privacy feature must be disabled before initiating the domain transfer, or else the email will be sent to the registrar’s anonymous address instead of the domain owner.

Wednesday 18 April 2012

Commands to check linux server attacks

1. How to Detect a TCP/IP Denial of Service Attack This are the commands I use to find out if a loaded Linux server is under a heavy DoS attack, one of the most essential one is of course netstat.
To check if a server is under a DoS attack with netstat, it’s common to use:
linux:~# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n|wc -l
If the output of below command returns a result like 2000 or 3000 connections!, then obviously it’s very likely the server is under a DoS attack.
To check all the IPS currently connected to the Apache Webserver and get a very brief statistics on the number of times each of the IPs connected to my server, I use the cmd:
linux:~# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
221 80.143.207.107 233 145.53.103.70 540 82.176.164.36

As you could see from the above command output the IP 80.143.207.107 is either connected 221 times to the server or is in state of connecting or disconnecting to the node.
Another possible way to check, if a Linux or BSD server is under a Distributed DoS is with the list open files command lsof
Here is how lsof can be used to list the approximate number of ESTABLISHED connections to port 80.
linux:~# lsof -i TCP:80
litespeed 241931 nobody 17u IPv4 18372655 TCP server.pc-freak.net:http (LISTEN)
litespeed 241931 nobody 25u IPv4 18372659 TCP 85.17.159.89:http (LISTEN)
litespeed 241931 nobody 30u IPv4 29149647 TCP server.pc-freak.net:http->83.101.6.41:54565 (ESTABLISHED)
litespeed 241931 nobody 33u IPv4 18372647 TCP 85.17.159.93:http (LISTEN)
litespeed 241931 nobody 34u IPv4 29137514 TCP server.pc-freak.net:http->83.101.6.41:50885 (ESTABLISHED)
litespeed 241931 nobody 35u IPv4 29137831 TCP server.pc-freak.net:http->83.101.6.41:52312 (ESTABLISHED)
litespeed 241931 nobody 37w IPv4 29132085 TCP server.pc-freak.net:http->83.101.6.41:50000 (ESTABLISHED)

Another way to get an approximate number of established connections to let’s say Apache or LiteSpeed webserver with lsof can be achieved like so:
linux:~# lsof -i TCP:80 |wc -l
2100

I find it handy to keep track of above lsof command output every few secs with gnu watch , like so:
linux:~# watch "lsof -i TCP:80"
2. How to Detect if a Linux server is under an ICMP SMURF attack
ICMP attack is still heavily used, even though it’s already old fashioned and there are plenty of other Denial of Service attack types, one of the quickest way to find out if a server is under an ICMP attack is through the command:
server:~# while :; do netstat -s| grep -i icmp | egrep 'received|sent' ; sleep 1; done
120026 ICMP messages received
1769507 ICMP messages sent
120026 ICMP messages received
1769507 ICMP messages sent

As you can see the above one liner in a loop would check for sent and recieved ICMP packets every few seconds, if there are big difference between in the output returned every few secs by above command, then obviously the server is under an ICMP attack and needs to hardened.
3. How to detect a SYN flood with netstat
linux:~# netstat -nap | grep SYN | wc -l
1032

1032 SYNs per second is quite a high number and except if the server is not serving let’s say 5000 user requests per second, therefore as the above output reveals it’s very likely the server is under attack, if however I get results like 100/200 SYNs, then obviously there is no SYN flood targetting the machine ;)
Another two netstat command application, which helps determining if a server is under a Denial of Service attacks are:
server:~# netstat -tuna |wc -l
10012

and
server:~# netstat -tun |wc -l
9606

Of course there also some other ways to check the count the IPs who sent SYN to the webserver, for example:
server:~# netstat -n | grep :80 | grep SYN |wc -l
In many cases of course the top or htop can be useful to find, if many processes of a certain type are hanging around.
4. Checking if UDP Denial of Service is targetting the server
server:~# netstat -nap | grep 'udp' | awk '{print $5}' | cut -d: -f1 | sort |uniq -c |sort -n
The above command will list information concerning possible UDP DoS.
The command can easily be accustomed also to check for both possible TCP and UDP denial of service, like so:
server:~# netstat -nap | grep 'udp|udp' | awk '{print $5}' | cut -d: -f1 | sort |uniq -c |sort -n
104 109.161.198.86
115 112.197.147.216
129 212.10.160.148
227 201.13.27.137
3148 91.121.85.220

If after getting an IP that has too many connections to the server and is almost certainly a DoS host you would like to filter this IP.
You can use the /sbin/route command to filter it out, using route will probably be a better choice instead of iptables, as iptables would load up the CPU more than simply cutting the route to the server.
Here is how I remove hosts to not be able to route packets to my server:
route add 110.92.0.55 reject
The above command would null route the access of IP 110.92.0.55 to my server.
Later on to look up for a null routed IP to my host, I use:
route -n |grep -i 110.92.0.55
Well hopefully this should be enough to give a brief overview on how, one can dig in his server and find if he is under a Distributed Denial of Service, hope it’s helpful to somebody out there.

How to Enable Iptables Modules for a VPS:-



1 . Before enabling the modules to a VPS , make sure that its enabled in the root node of the VPS. You can check it using the command :
lsmod | grep -i module_name
2. If its not enabled, then it can enable by using the modprobe command :-
modprobe iptables_module
modprobe ipt_helper
modprobe ipt_REDIRECT
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_SAME
modprobe ipt_REJECT
modprobe ipt_helper
modprobe ipt_owner
modprobe ip_tables
modprobe ipt_MASQUERADE
modprobe ipt_multiport/xt_multiport
modprobe ipt_state/xt_state
modprobe ipt_limit/xt_limit
modprobe ipt_recent
modprobe xt_connlimit
modprobe ipt_owner/xt_owner
modprobe iptable_nat/ipt_DNAT
modprobe iptable_nat/ipt_REDIRECT
3. Stop the container which one you want to enable the module :
vzctl stop 101
4 . Executing the following command:-
1) By Command:
Execute following command to enable all the modules for the VPS
vzctl set 101 --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save
or
2) Adding Rules manually:
Open the VPS configuration file which exists at /etc/vz/conf/veid.conf and paste following in the last line of the file.
IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc"

5. Restart the container.
vzctl restart 101
----------------------------------error--------------------------------
[root@abc ~]# perl /etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...FAILED [FATAL Error: iptables: Unknown error 4294967295] - Required for csf to function
Testing ipt_multiport/xt_multiport...FAILED [FATAL Error: iptables: Unknown error 4294967295] - Required for csf to function
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: Unknown error 4294967295] - Required for csf to function
Testing ipt_limit/xt_limit...FAILED [FATAL Error: iptables: Unknown error 4294967295] - Required for csf to function
Testing ipt_recent...FAILED [Error: iptables: Unknown error 4294967295] - Required for PORTFLOOD and PORTKNOCKING features
Testing xt_connlimit...FAILED [Error: iptables: Unknown error 4294967295] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...FAILED [Error: iptables: Unknown error 4294967295] - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...FAILED [Error: iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for MESSENGER feature
Testing iptable_nat/ipt_DNAT...FAILED [Error: iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for csf.redirect feature

Monday 16 April 2012

pure-ftp does'nt run unter virtuozzo

There are two easy solutions, if this is your own server, run these command on the host server, replace the ID with the ID of your virtual machine:


#vzctl set <VEID> --capability capname:on|off

VPSID=101
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
do
vzctl set $VPSID --capability ${CAP}:on --save
done

Saturday 14 April 2012

To synchronize time in linux serers

Procedure

Login as the root user
Type the following command to install ntp
# yum install ntp
Turn on service
# chkconfig ntpd on
Synchronize the system clock with 0.pool.ntp.org server:
# ntpdate pool.ntp.org
Start the NTP:
# /etc/init.d/ntpd star

Unable to open pty: No such file or directory

If you come across the problem
enter into CT 1820 failed
Unable to open pty: No such file or directory
To fix this run the following commands

# vzctl exec VEID /sbin/MAKEDEV tty
# vzctl exec VEID /sbin/MAKEDEV pty
# vzctl enter VEID 

VEID-container ID of the VPS

Container already locked

Some times We come across this problem when we try to enter into the VPS.

If you received this message when you try and stop the VE...
[root@server ~]# vzctl stop 104
Container already locked
Here's how to fix it:
  • Delete the lock file
[root@server ~]# rm /vz/lock/104.lck
rm: remove regular file `/vz/lock/104.lck'? y
  • Kill the checkpoint
[root@server ~]# vzctl chkpnt 104 --kill
Killing... 
 
Now try to start the container,It will start working. 

Friday 13 April 2012

Scritpt for massive cpanel migration

First in the server from which the accounts should be migrated use the following command,

for i in `cat /etc/trueuserdomains | awk -F: '{print $2}'`
   do
   /bin/echo "$i"
   /scripts/pkgacct $i
   file=$(ls /home/cpmove*$i*)
   /bin/echo "$file"
   scp -P PORT $file root@IP:/root
   wait
   ls -lh $file
   rm -rf $file
   done


cPanel Data restoration.

The script is given below. Move to the location whether the cpmove files are located and then execute the following.


# ls cpmove-*.tar.gz  | awk -F- '{print $2}' | awk -F. '{print $1}' > file
# for i in `cat file`; do /scripts/restorepkg $i; done

Use of Screen Command

Screen command is very usefull to retain the ssh sessions even if connection to the server is lost.The main advantage is that the ongoing process will continue even if connection was reset.

To use screen command,first we had to begin a screen session with any name
screen -S test(Example)
Then a session named test is started.

To show available screen sessions
use screen -ls


To re-attach to a session, use the re-attach command:
screen -r
31619.ttyp2.gigan
 
Thats all. 

Enable Iptables Modules for a VPS



Enable Iptables/Firewall Modules for a VPS:-
1 . Before enabling the modules to a VPS , make sure that its enabled in the root node of the VPS. You can check it using the command :
lsmod | grep -i module_name    ( lsmod | grep -i ipt_LOG )
2. If its not enabled, then it can enable by using the modprobe command :-
modprobe iptables_module
modprobe ipt_helper
modprobe ipt_REDIRECT
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_SAME
modprobe ipt_REJECT
modprobe ipt_helper
modprobe ipt_owner
modprobe ip_tables
modprobe ipt_MASQUERADE
modprobe ipt_multiport/xt_multiport
modprobe ipt_state/xt_state
modprobe ipt_limit/xt_limit
modprobe ipt_recent
modprobe xt_connlimit
modprobe ipt_owner/xt_owner
modprobe iptable_nat/ipt_DNAT
modprobe iptable_nat/ipt_REDIRECT
3. Stop the container which one you want to enable the module :
vzctl stop 101
4 . Executing the following command:-
1) By Command:
Execute following command to enable all the modules for the VPS
vzctl set 101 – -iptables ipt_REJECT –iptables ipt_tos –iptables ipt_TOS –iptables ipt_LOG –iptables ip_conntrack –iptables ipt_limit –iptables ipt_multiport –iptables iptable_filter –iptables iptable_mangle –iptables ipt_TCPMSS –iptables ipt_tcpmss –iptables ipt_ttl –iptables ipt_length –iptables ipt_state –iptables iptable_nat –iptables ip_nat_ftp –save
or
2) Adding Rules manually:
Open the VPS configuration file which exists at /etc/vz/conf/veid.conf and paste following in the last line of the file.
IPTABLES=”iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc”
5. Restart the container.
vzctl restart 101

Wednesday 4 April 2012

How to configure the ip in cpanel server through back end

The Command Line Method
You can also add IPs via command line in a way that cPanel understands, which is mainly useful when doing automated server setups, or adding multiple IPs across multiple servers. To do this, you’d edit the ipaliases load file, which is /etc/ips . If you already have additional IP addresses on your server added as aliases you may already see how this file is formatted, but here’s an example:
123.456.789.123:255.255.255.0:123.456.789.255
This is a colon-delimited file with each IP address on its own line. The first field is the IP itself, the second is its subnet mask, and the third is its broadcast. You can add as many IPs as you need, putting each on its own line.  When you’re done, run the following commands:
service ipaliases reload (or service ipaliases restart)
/scripts/rebuildippool
To check whether the IPs have been added successfully, you can perform any of the following tests:
/scripts/ipusage  <~ will show the IP usage of the server
ifconfig <~ will show all IPs on the server
ping $ip <~ will ping the IP ($ip) you added to make sure it’s routing

Changing the Nameserver IPs of the WHM

Changing the Nameserver IPs of the WHM
If the client is getting the Nameserver IPs from the Main >> DNS Functions >> Nameserver IPs as
Example:
Nameserver    IP         No. Zones
ns1.localhost.com    64.99.64.32    80
ns2.localhost.com    64.99.64.32    80

>> From WHM to change them you can it from
Main >> Server Configuration >> Basic cPanel & WHM Setup >> Nameservers

>> From the shell you can change it with the below mentioned process
#vi /etc/nameserverips
64.99.64.32=ns1.localhost.com
64.99.64.32=ns2.localhost.com
change it to the appripriate IP address and Local host.
:wq!
>> Then access the file /var/cpanel/nameserverips.yaml
#vi /var/cpanel/nameserverips.yaml
Replace the appropriate nameservers and the IP address. >> After that restart the service
#service named restart OR #/etc/init.d/named restart
#service cpanel restart OR #/etc/init.d/cpanel restart

Check for the changes in the Nameserver IPs of the WHM.
Thats it !!! Done.

how to recover mysql root password

Follow three easy steps  to recover mysql root password.

irst of all stop mysqld service

#service mysqld stop or /etc/init.d/mysqld stop

start with skip grant table option

#mysqld_safe --skip-grant-tables &

now login with root without any password

# mysql -u root

here you got it!
now for own safety change mysql root password

mysql> set password=PASSWORD('yourpasswd');
mysql> flush privileges;

now stop mysql service and start it again 

Fix SolusVM Time Zone Issue with VMS


1- Go to your virtual machine (CTID in solusvm lets say it's 101)
2- rm /etc//localtime
3- ln -s /usr/share/zoneinfo/EST /etc/localtime

Now ssh to you solusvm machine main machine:

rm /etc//localtime
ln -s /usr/share/zoneinfo/EST /etc/localtime

ntpdate us.pool.ntp.org

This will sync the time

now run the cron every night to sync time
crontab -e

0 0 * * * ntpdate us.pool.ntp.org

Fix Cpanel Permissions

Often we get internal error due to incorrect permission. Below are the commands to fix the file and directory permissions.

find $HOMEDIR -type f -exec chmod 644 {} \;
find $HOMEDIR -type d -exec chmod 755 {} \; 

Transfer the reseller account from one Cpanel server to other cPanel server.



EG : From Linux1 server to  Linux2 server.

SSH server as root (to Linux1) .
1) Using following command, this will print all the account user name which are under reseller ownership.
root@Linux1[/home/]#cat /etc/trueuserowners | grep reseller-main-user-name | awk ‘{print$1}’ |  cut -d : -f 1

2) create file backup-user.txt under reseller main account and add all the users listed by above command.

3) Now creating backup for users and move backup files to users home directory.

root@Linux1[/home/resellerusername] # for i in `cat /home/username/backup-user.txt`; do /scripts/pkgacct $i; mv /home/cpmove-$i.tar.gz /home/username/ ; done

Now copy all the backup along with file backup-user.txt  to the destination server (Linux2) in /home partition and execute following command to restore the account. 
SSH server as root (to Linux2) .

root@Linux2[/home/]#for i in `cat backup-user.txt `;do /scripts/restorepkg $i;done

Sunday 1 April 2012

Use Of alias command

The alias command can be useful if you want to create a 'shortcut' to a command.
The format is alias name='command'

alias mv='mv -i'
alias syam=ssh root@192.168.1.200
The above command is a default example of alias command.So by just typing the command mv it will execute What we had given in the right hand side of the alias.


To remove the alias ,use the unalias command.

Ad