PRESOON.COM

How to install CSF Firewall on virtuozzo – Cannot enter into server after CSF installation VPS

CSF is a powerful Firewall for Linux and cPanel servers are here are the steps to get it working with Virtuozzo VPS

Installation

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

After the installation you will need to customize CSF to run on VPS:

edit /etc/sysconfig/iptables and add

-A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
-A FORWARD -j ACCEPT -p all -s 0/0 -o venet0
-A INPUT -i venet0 -j ACCEPT
-A OUTPUT -o venet0 -j ACCEPT

create file /etc/csf/csfpre.sh and enter all the extra rules directly into it prefixed with “iptables” so the contents of that file should look something like:

iptables -A INPUT -i venet0 -j ACCEPT
iptables -A OUTPUT -o venet0 -j ACCEPT
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -o venet0

edit /etc/csf/csf.conf file and add
and search for

ETH_DEVICE = ""

change to

ETH_DEVICE = "venet+"

Restart

/usr/sbin/csf -r

LOCKOUT ISSUES FOR CSF WHEN INSTALLED IN VPS. or Cannot enter into server after CSF installation on VPS

If the required IP table modules are not properly loaded to the container node, you may lockout yourself after the installation. If you have access to the main Hardware node, you can perform the following to get it up or ask your VPS provider to perform this on the Hardware (main) node.

Before enabling iptables on VPS, it needs to make sure that the iptables modules are enabled on the Hardware Node. In order to enable iptables modules on Hardware Node, edit /etc/sysconfig/iptables-config file on a Virtuozzo hardware node and look for the following parameter value: IPTABLES_MODULES=. Edit it as the following.

IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp”

Also edit /etc/sysconfig/vz file on a hardware node and look for the following parameter value: IPTABLES= , change it to the following.

IPTABLES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp” 

Now your Hardware node is fine. You need to enable the iptable modules to the VPS nodes.
(CID — container ID. You can find the value for each node by using the command vzlist -a)

vzctl stop CID

vzctl set CID --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length  --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save

vzctl set CID --numiptent 2000 --save

vzctl start CID

Now try entering into your node and restart CSF. It should start working fine.

Descriptions and Functions

======================

csf+lfd works on all Linux servers on the Operating Systems listed above, with or without cPanel

This suite of scripts provides:

• Straight-forward SPI iptables firewall script
• Daemon process that checks for login authentication failures for:
  • Courier imap, Dovecot, uw-imap, Kerio
  • openSSH
  • cPanel, WHM, Webmail (cPanel servers only)
  • Pure-pftd, vsftpd, Proftpd
  • Password protected web pages (htpasswd)
  • Mod_security failures (v1 and v2)
  • Suhosin failures
  • Exim SMTP AUTH
  • Custom login failures with separate log file and regular expression matching
• POP3/IMAP login tracking to enforce logins per hour
• SSH login notification
• SU login notification
• Excessive connection blocking
• WHM configuration interface (cPanel servers only) or through Webmin
• WHM iptables report log (cPanel servers only)
• Easy upgrade between versions from within WHM (cPanel servers only) or through Webmin
• Easy upgrade between versions from shell
• A standard Webmin Module to configure csf is included in the distribution ready to install into Webmin – csfwebmin.tgz
• Pre-configured to work on a cPanel server with all the standard cPanel ports open (cPanel servers only)
• Auto-configures the SSH port if it’s non-standard on installation
• Block traffic on unused server IP addresses – helps reduce the risk to your server
• Alert when end-user scripts sending excessive emails per hour – for identifying spamming scripts
• Suspicious process reporting – reports potential exploits running on the server
• Excessive user processes reporting
• Excessive user process usage reporting and optional termination
• Suspicious file reporting – reports potential exploit files in /tmp and similar directories
• Directory and file watching – reports if a watched directory or a file changes
• Block traffic on the DShield Block List and the Spamhaus DROP List
• BOGON packet protection
• Pre-configured settings for Low, Medium or High firewall security (cPanel servers only)
• Works with multiple ethernet devices
• Server Security Check – Performs a basic security and settings check on the server (cPanel servers only)
• Allow Dynamic DNS IP addresses – always allow your IP address even if it changes whenever you connect to the internet
• Alert sent if server load average remains high for a specified length of time
• mod_security log reporting (if installed)
• Email relay tracking – tracks all email sent through the server and issues alerts for excessive usage (cPanel servers only)
• IDS (Intrusion Detection System) – the last line of detection alerts you to changes to system and application binaries
• SYN Flood protection
• Ping of death protection
• Port Scan tracking and blocking
• Permanent and Temporary (with TTL) IP blocking
• Exploit checks
• Account modification tracking – sends alerts if an account entry is modified, e.g. if the password is changed or the login shell
• Shared syslog aware
• New in v4: Messenger Service – Allows you to redirect connection requests from blocked IP addresses to preconfigured text and html pages to inform the visitor that they have been blocked in the firewall. This can be particularly useful for those with a large user base and help process support requests more efficiently
• New in v4: Country Code blocking – Allows you to deny or allow access by country – Powered by IPDENY.COM IP database
• New in v4: Port Flooding Detection – Per IP, per Port connection flooding detection and mitigation to help block DOS attacks

phpMyAdmin – Error “cannot start session without errors”

cannot start session without errors, please check errors given in your PHP and/or webserver log file and configure your PHP installation properly.

The usual error which comes up with phpmyadmin. The issue can either be due to the cPanel’s PHP or its session settings. Try the following fix

Open up the file /usr/local/cpanel/3rdparty/etc/phpmyadmin/php.ini

Change the session path to /tmp

From

session.save_handler = sqlite
session.save_path =/var/cpanel/userhomes/cpanelphpmyadmin/sessions

To

session.save_handler = files
session.save_path = /tmp 

Awstats “update now” button shows blank page and cpanel error log shows “Out of Memory”

The cPanel error logs shows Out of Memory! when you click the “update now” button in Awstats. This usually happens when cPanel’s php is set with low memory. But in most of the cases this is not the issue.

Go to WHM > Tweak Settings > “The maximum memory a cPanel process can use before it is killed off (in megabytes). Values less than 128 megabytes can not be specified. A value of “0″ will disable the memory limits.”

Set this to 0 or a higher value..

In the Awstats case, the cPanel processes memory is getting exhausted.

This can be done also by editing the file /var/cpanel/cpanel.config

maxmem=0
/usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings

Custom php.ini for PHP CGI in cPanel.

Hi guys,

When PHP is compiled as CGI, you won’t be able to provide custom php flags in .htaccess or just simply add a php.ini if your home directory.

To enable a custom php.ini for your domain running PHP as cgi, perform the following steps.

Please note that I am considering that the server has PHP4 and PHP5 where PHP4 is default (dso)-not relevant and PHP5 (cgi)

My username is “presoon” so my home directory will be “/home/presoon” (replace with yours)

create a custom cgi script in your cgi-bin directory.

vi /home/presoon/public_html/cgi-bin/php.cgi

add the following contents.

#!/bin/sh
exec /usr/local/cpanel/cgi-sys/php5 -c /home/presoon/public_html/

You should have the custom php.ini at “/home/presoon/public_html/”

chown presoon.presoon /home/presoon/public_html/cgi-bin/php.cgi
chmod 755 /home/presoon/public_html/cgi-bin/php.cgi

Now to the .htaccess file at “/home/presoon/public_html/”
Add the following

AddHandler application/x-httpd-php5 .php
Action application/x-httpd-php5 /cgi-bin/php.cgi

Please note that AddHandler given above is to change default php to PHP5. If you have only PHP5 which is compiled as CGI, you can remove the directive AddHandler from .htaccess.

Now the values given in your php.ini at /home/presoon/public_html/ should reflect you info page.

Installing ImageMagick on a cPanel Server

Make sure that Imagemagick is not installed via Easyapache3. If you already have ImageMagick installed via rpm, you need to remove it. Find the rpms using the following command.

rpm -qa |grep -i imagemagick

Remove the rpms in the following order

rpm -e ImageMagick-c++-devel-6.2.8.0-4.el5_1.1
rpm -e ImageMagick-c++-6.2.8.0-4.el5_1.1
rpm -e ImageMagick-perl-6.2.8.0-4.el5_1.1
rpm -e ImageMagick-devel-6.2.8.0-4.el5_1.1
rpm -e ImageMagick-6.2.8.0-4.el5_1.1

Download the ImageMagick using the following

cd /usr/local/src
wget http://ftp.nluug.nl/ImageMagick/ImageMagick-6.4.3-6.zip
unzip ImageMagick-6.4.3-6.zip
cd ImageMagick-6.4.3

Installation

./configure
make install

This may take a while to complete. Finally,

cd PerlMagick/
perl Makefile.PL
make
make install

Add PHP Pecl extension to access ImageMagick via PHP

Login to WHM,

WHM > Software > Module Installers > PHP Pecl

install imagick

ImageMagick should be installed now.

If WHM can’t find the ImageMagic installation

Firstly install ImageMagick-devel

yum -y install ImageMagick-devel

Once that is done, you need to download the Imagick PHP extensions from:

http://pecl.php.net/package/imagick

cd /usr/local/src/
wget http://pecl.php.net/get/imagick-2.2.0.tgz
tar -zxvf imagick-2.2.0 .tgz
cd imagick-2.2.0
phpize
./configure

make
make install

find the php.ini using the command

php -i |grep php.ini

add the following line to php.ini

extension="imagick.so"

restart Apache and you are done.

How to change Mysql database directory to another partition in cPanel. /var patition full

Hi guys,

you might have faced the issue of /var partition gettting full regularly due to database directory. If you have a larger partition with free space, then it is possible to move the database directory to the larger partition.

Here are the steps

Switch off the database server while we are moving the databases.

/etc/rc.d/init.d/mysql stop

I am considering that I have enough space in /home partition. Here goes my new database data directory as /home/mysql

Now it is better to copy the database first, rather than move.

cp -pr /var/lib/mysql /home
mv /var/lib/mysql /var/lib/mysql-bk

We are copying the database to the new location since it is better to revert back the settings with minimum downtime, if anything goes wrong.

move to /tmp

cd /tmp
unlink mysql.sock
ln -s /home/mysql/mysql.sock /tmp/mysql.sock

Take a backup of /etc/my.cnf

Now edit /etc/my.cnf

vi /etc/my.cnf

add the line
datadir=/home/mysql

If the socket file is specified, comment it out.

Now move to /var/lib/mysql and create a symblink

ln -s /home/mysql /var/lib/mysql

(Please note that you don’t specify the socket file location in my.cnf since it causes issues with phpMyadmin)

For, cPanel server, edit the phpMyadmin configuration
take a backup of “/usr/local/cpanel/base/3rdparty/phpMyAdmin/config.inc.php”

edit this file /usr/local/cpanel/base/3rdparty/phpMyAdmin/config.inc.php
vi /usr/local/cpanel/base/3rdparty/phpMyAdmin/config.inc.php

add the following lines. If they already exist, edit as below.
(the connect_type usually exist at “tcp” change it to “socket”)

$cfg['Servers'][$i]['socket'] = ‘/home/mysql/mysql.sock’;
$cfg['Servers'][$i]['connect_type'] = ’socket’;

Now start the database server.

/etc/rc.d/ini.d/mysql start

If it starts fine, you are done. Check the database connections of your site.
You can now remove the directory /var/lib/mysql-bk

Suggestions, questions are welcome.

Excessive mail sent by an user alert for cPanel

If you need a simple script to alert you by mail when a user exceeds a predefined mail rate limit, then check this out.

mailflag=0
limit=5
mailid=mailaddresshere
chkdate=`date -d "60 minute ago" +%Y-%m-%d\ %k`
#chkdate=2009-11-10
mailfile=$(mktemp)
for i in `mysql --batch --skip-column-names -e " use eximstats; select user,email,msgid from sends where \
 mailtime like '$chkdate%';" | awk '{print $1}' | sort | uniq -c | sort -n | sed 's/^ *//'| sed 's/ /:/'`
do
k=`echo $i | cut -d ':' -f1`
username=`echo $i | cut -d ':' -f2`
if [ "$k" -gt "$limit" ]
then
mailflag=1
echo -e "\n\n\n Excessive mail sent by user : $username \n\n" >> $mailfile
echo -e "============================================================================" >> $mailfile
echo "     mailtime           msgid   email   processed       user    size    ip      auth" >> $mailfile
mysql --batch --skip-column-names -e " use eximstats; select * from sends where mailtime like '$chkdate%' and \
user like '$username';" >> $mailfile
echo -e "============================================================================" >> $mailfile
fi
done
if [ "$mailflag" == 1 ]
then
cat $mailfile | mail -s "Excessive mail sent by user" $mailid
fi
rm -rf $mailfile

You need to edit the limit and mailid variables according to your requirement.
eg:
limit=300
mailid=test@live.com

LWP perl module (libwww-perl) cPanel csf issue.

You may face issue with the perl module LWP libwww-perl .
Just do the following

check whether the following file exist

ls -alh /root/.gnupg

cd /usr/local/src/
wget 

http://perlmirror.indialinks.com/authors/id/G/GA/GAAS/libwww-perl-5.806.tar.gz

or download the available version from http://perlmirror.indialinks.com/authors/id/G/GA/GAAS/
tar zxvf libwww-perl-5.806.tar.gz
cd libwww-perl-5.806
perl Makefile.PL
make
make install
cd ../

Also do the following

wget  http://perlmirror.indialinks.com/authors/id/A/AN/ANDK/CPAN-1.93.tar.gz
tar zxvf CPAN-1.93.tar.gz
Or download the latest from http://perlmirror.indialinks.com/authors/id/A/AN/ANDK/
cd CPAN-1.93
perl Makefile.PL
make
make install

/usr/local/cpanel/bin/checkperlmodules
/scripts/rrdtoolinstall

Now try installing csf.
It should work fine.

Show IP addresss usage in cPanel shows incorrect entries for FTP

Hi guys,

You might have come across the issue in WHM showing incorrect IP address usage for FTP. This is generated by the script /scripts/ipusage

The is is the issue with any of these files.

/usr/local/apache/conf/httpd.conf
/etc/proftpd.conf
/etc/pure-ftpd/ folder.

If there are incorrect entries in you apacha conf. Backup the file and rebuild the conf using /scripts/rebuildhttpdconf
If there are no entries for the usage line in Apache conf check whether you are using pure-ftpd.

check the directory /etc/pure-ftpd
It will have folder names of IPaddress. These are actually symblinks to ftp user folder /home//public_ftp.
just execute unlink ipaddress

cd /etc/pure-ftpd
unlink ipaddress

Hope that works.

How to install ASP.NET with Mysql in Linux server (cPanel)

You should enable mod_mono in easyapache to enable ASP.NET. However, for using Mysql database with ASP.NET, you need to download and install a connector from Mysql site.
The one you need is Windows Binaries, no installer (ZIP).

Installation

cd /usr/local/src/
mkdir asp-connector
cd asp-connector
wget Windows Binaries, no installer (ZIP)
/opt/mono/bin/gacutil -i  /usr/local/src/asp-connector/bin/MySql.Data.dll

Most of you forget the next step and the Mysql connector won’t work.

cd /opt/mono/lib/mono/gac/MySql.Data
cd 5.2.3.0__xxxxxxxxxx/
chmod 755 MySql.Data.dll

Restart Apache

/etc/rc.d/init.d/httpd restart

Now you should be able to connect to mysql using .aspx scripts

Here is a custom script to check the working.
First Create a mysql database first (using command line)

$ mysql -u root -p

mysql> CREATE DATABASE asptest;
Query OK, 1 row affected (0.10 sec)

mysql> USE asptest;
Database changed

mysql> CREATE TABLE testtable ( id INT AUTO_INCREMENT PRIMARY KEY, name VARCHAR(255) );
Query OK, 0 rows affected (0.09 sec)

mysql> INSERT INTO testtable VALUES(null,'Fame');
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO testtable VALUES(null,'Clean');
Query OK, 1 row affected (0.00 sec)

mysql> SELECT * FROM testtable;
+----+----------+
| id | name |
+----+----------+
| 1 | Fame |
| 2 | Clean |
+----+----------+
2 rows in set (0.00 sec)

mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON asptest.* TO asptest@localhost IDENTIFIED BY 'nogesspassword';
Query OK, 0 rows affected (0.12 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.13 sec)

Lets go to the script
Here is it. It will display the contents of the database.

First, create a file called test.aspx in your web directory
Add this code and save it.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="MySql.Data.MySqlClient" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
    <title>ASP test</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

    <script runat="server">
    private void Page_Load(Object sender, EventArgs e)
    {
       string connectionString = "Server=localhost;Database=asptest;User ID=asptest;Password=nogesspassword;Pooling=false;";
       MySqlConnection dbcon = new MySqlConnection(connectionString);
       dbcon.Open();

       MySqlDataAdapter adapter = new MySqlDataAdapter("SELECT * FROM testtable", dbcon);
       DataSet ds = new DataSet();
       adapter.Fill(ds, "result");

       dbcon.Close();
       dbcon = null;

       ArtistsControl.DataSource = ds.Tables["result"];
       ArtistsControl.DataBind();
    }
    </script>

  </head>

  <body>
    <h1>Artists</h1>
    <asp:DataGrid runat="server" id="ArtistsControl" />
  </body>

</html>

Finally, you need a web.config file, in the same web directory where test.aspx . It should contain the following to enable the MySQL libraries to be loaded:

Add the following to web.config

<configuration>
<system.web>
<compilation>
<assemblies>
<add assembly="MySql.Data"/>
</assemblies>
</compilation>
<customErrors mode="Off"/>
</system.web>
</configuration>

Now try accessing the file test.aspx using http://domainname.com/test.aspx

If you need any help, please let me know.