Installation

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

After the installation you will need to customize CSF to run on VPS:

edit /etc/sysconfig/iptables and add

-A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
-A FORWARD -j ACCEPT -p all -s 0/0 -o venet0
-A INPUT -i venet0 -j ACCEPT
-A OUTPUT -o venet0 -j ACCEPT

create file /etc/csf/csfpre.sh and enter all the extra rules directly into it prefixed with “iptables” so the contents of that file should look something like:

iptables -A INPUT -i venet0 -j ACCEPT
iptables -A OUTPUT -o venet0 -j ACCEPT
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -o venet0

edit /etc/csf/csf.conf file and add
and search for

ETH_DEVICE = ""

change to

ETH_DEVICE = "venet+"

Restart

/usr/sbin/csf -r

LOCKOUT ISSUES FOR CSF WHEN INSTALLED IN VPS. or Cannot enter into server after CSF installation on VPS

If the required IP table modules are not properly loaded to the container node, you may lockout yourself after the installation. If you have access to the main Hardware node, you can perform the following to get it up or ask your VPS provider to perform this on the Hardware (main) node.

Before enabling iptables on VPS, it needs to make sure that the iptables modules are enabled on the Hardware Node. In order to enable iptables modules on Hardware Node, edit /etc/sysconfig/iptables-config file on a Virtuozzo hardware node and look for the following parameter value: IPTABLES_MODULES=. Edit it as the following.

IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp”

Also edit /etc/sysconfig/vz file on a hardware node and look for the following parameter value: IPTABLES= , change it to the following.

IPTABLES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp” 

Now your Hardware node is fine. You need to enable the iptable modules to the VPS nodes.
(CID — container ID. You can find the value for each node by using the command vzlist -a)

vzctl stop CID

vzctl set CID --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length  --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save

vzctl set CID --numiptent 2000 --save

vzctl start CID

Now try entering into your node and restart CSF. It should start working fine.

Descriptions and Functions

======================

csf+lfd works on all Linux servers on the Operating Systems listed above, with or without cPanel

This suite of scripts provides:

• Straight-forward SPI iptables firewall script
• Daemon process that checks for login authentication failures for:
  • Courier imap, Dovecot, uw-imap, Kerio
  • openSSH
  • cPanel, WHM, Webmail (cPanel servers only)
  • Pure-pftd, vsftpd, Proftpd
  • Password protected web pages (htpasswd)
  • Mod_security failures (v1 and v2)
  • Suhosin failures
  • Exim SMTP AUTH
  • Custom login failures with separate log file and regular expression matching
• POP3/IMAP login tracking to enforce logins per hour
• SSH login notification
• SU login notification
• Excessive connection blocking
• WHM configuration interface (cPanel servers only) or through Webmin
• WHM iptables report log (cPanel servers only)
• Easy upgrade between versions from within WHM (cPanel servers only) or through Webmin
• Easy upgrade between versions from shell
• A standard Webmin Module to configure csf is included in the distribution ready to install into Webmin – csfwebmin.tgz
• Pre-configured to work on a cPanel server with all the standard cPanel ports open (cPanel servers only)
• Auto-configures the SSH port if it’s non-standard on installation
• Block traffic on unused server IP addresses – helps reduce the risk to your server
• Alert when end-user scripts sending excessive emails per hour – for identifying spamming scripts
• Suspicious process reporting – reports potential exploits running on the server
• Excessive user processes reporting
• Excessive user process usage reporting and optional termination
• Suspicious file reporting – reports potential exploit files in /tmp and similar directories
• Directory and file watching – reports if a watched directory or a file changes
• Block traffic on the DShield Block List and the Spamhaus DROP List
• BOGON packet protection
• Pre-configured settings for Low, Medium or High firewall security (cPanel servers only)
• Works with multiple ethernet devices
• Server Security Check – Performs a basic security and settings check on the server (cPanel servers only)
• Allow Dynamic DNS IP addresses – always allow your IP address even if it changes whenever you connect to the internet
• Alert sent if server load average remains high for a specified length of time
• mod_security log reporting (if installed)
• Email relay tracking – tracks all email sent through the server and issues alerts for excessive usage (cPanel servers only)
• IDS (Intrusion Detection System) – the last line of detection alerts you to changes to system and application binaries
• SYN Flood protection
• Ping of death protection
• Port Scan tracking and blocking
• Permanent and Temporary (with TTL) IP blocking
• Exploit checks
• Account modification tracking – sends alerts if an account entry is modified, e.g. if the password is changed or the login shell
• Shared syslog aware
• New in v4: Messenger Service – Allows you to redirect connection requests from blocked IP addresses to preconfigured text and html pages to inform the visitor that they have been blocked in the firewall. This can be particularly useful for those with a large user base and help process support requests more efficiently
• New in v4: Country Code blocking – Allows you to deny or allow access by country – Powered by IPDENY.COM IP database
• New in v4: Port Flooding Detection – Per IP, per Port connection flooding detection and mitigation to help block DOS attacks

The usual error which comes up with phpmyadmin. The issue can either be due to the cPanel’s PHP or its session settings. Try the following fix

Open up the file /usr/local/cpanel/3rdparty/etc/phpmyadmin/php.ini

Change the session path to /tmp

From

session.save_handler = sqlite
session.save_path =/var/cpanel/userhomes/cpanelphpmyadmin/sessions

To

session.save_handler = files
session.save_path = /tmp 

Go to WHM > Tweak Settings > “The maximum memory a cPanel process can use before it is killed off (in megabytes). Values less than 128 megabytes can not be specified. A value of “0″ will disable the memory limits.”

Set this to 0 or a higher value..

In the Awstats case, the cPanel processes memory is getting exhausted.

This can be done also by editing the file /var/cpanel/cpanel.config

maxmem=0
/usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings

When PHP is compiled as CGI, you won’t be able to provide custom php flags in .htaccess or just simply add a php.ini if your home directory.

To enable a custom php.ini for your domain running PHP as cgi, perform the following steps.

Please note that I am considering that the server has PHP4 and PHP5 where PHP4 is default (dso)-not relevant and PHP5 (cgi)

My username is “presoon” so my home directory will be “/home/presoon” (replace with yours)

create a custom cgi script in your cgi-bin directory.

vi /home/presoon/public_html/cgi-bin/php.cgi

add the following contents.

#!/bin/sh
exec /usr/local/cpanel/cgi-sys/php5 -c /home/presoon/public_html/

You should have the custom php.ini at “/home/presoon/public_html/”

chown presoon.presoon /home/presoon/public_html/cgi-bin/php.cgi
chmod 755 /home/presoon/public_html/cgi-bin/php.cgi

Now to the .htaccess file at “/home/presoon/public_html/”
Add the following

AddHandler application/x-httpd-php5 .php
Action application/x-httpd-php5 /cgi-bin/php.cgi

Please note that AddHandler given above is to change default php to PHP5. If you have only PHP5 which is compiled as CGI, you can remove the directive AddHandler from .htaccess.

Now the values given in your php.ini at /home/presoon/public_html/ should reflect you info page.

You might have been facing the error getting logged in /var/log/messages. Deeper research in Google gave the result that it is the issue with the loaded Kernel.

Before going for and upgrade, just confirm the following.

Check whether the following files are present.

/lib/modules/*/modules.*map      depmod output
/proc/sys/kernel/hotplug         specifies hotplug program path
/sbin/hotplug                    hotplug program (default path name)
/etc/hotplug/*                   hotplug files
/etc/hotplug/NAME.agent          hotplug subsystem-specific agents
/etc/hotplug/NAME*               subsystem-specific files, for agents
/etc/hotplug/usb/                   depmod data for user-mode drivers

chmod 755 /etc/hotplug/*.agent
check tail -f /var/log/messages

Now try the following before kernel upgrade.

The issue should have been fixed by now. If the message is still coming up in /var/log/messages, you will need to go for Kernel upgrade.

Thank you guys..

rpm -qa |grep -i imagemagick

Remove the rpms in the following order

rpm -e ImageMagick-c++-devel-6.2.8.0-4.el5_1.1
rpm -e ImageMagick-c++-6.2.8.0-4.el5_1.1
rpm -e ImageMagick-perl-6.2.8.0-4.el5_1.1
rpm -e ImageMagick-devel-6.2.8.0-4.el5_1.1
rpm -e ImageMagick-6.2.8.0-4.el5_1.1

Download the ImageMagick using the following

cd /usr/local/src
wget http://ftp.nluug.nl/ImageMagick/ImageMagick-6.4.3-6.zip
unzip ImageMagick-6.4.3-6.zip
cd ImageMagick-6.4.3

Installation

./configure
make install

This may take a while to complete. Finally,

cd PerlMagick/
perl Makefile.PL
make
make install

Add PHP Pecl extension to access ImageMagick via PHP

Login to WHM,

WHM > Software > Module Installers > PHP Pecl

install imagick

ImageMagick should be installed now.

If WHM can’t find the ImageMagic installation

Firstly install ImageMagick-devel

yum -y install ImageMagick-devel

Once that is done, you need to download the Imagick PHP extensions from:

http://pecl.php.net/package/imagick

cd /usr/local/src/
wget http://pecl.php.net/get/imagick-2.2.0.tgz
tar -zxvf imagick-2.2.0 .tgz
cd imagick-2.2.0
phpize
./configure

make
make install

find the php.ini using the command

php -i |grep php.ini

add the following line to php.ini

extension="imagick.so"

restart Apache and you are done.

you might have faced the issue of /var partition gettting full regularly due to database directory. If you have a larger partition with free space, then it is possible to move the database directory to the larger partition.

Here are the steps

Switch off the database server while we are moving the databases.

/etc/rc.d/init.d/mysql stop

I am considering that I have enough space in /home partition. Here goes my new database data directory as /home/mysql

Now it is better to copy the database first, rather than move.

cp -pr /var/lib/mysql /home
mv /var/lib/mysql /var/lib/mysql-bk

We are copying the database to the new location since it is better to revert back the settings with minimum downtime, if anything goes wrong.

move to /tmp

cd /tmp
unlink mysql.sock
ln -s /home/mysql/mysql.sock /tmp/mysql.sock

Take a backup of /etc/my.cnf

Now edit /etc/my.cnf

vi /etc/my.cnf

add the line
datadir=/home/mysql

If the socket file is specified, comment it out.

Now move to /var/lib/mysql and create a symblink

ln -s /home/mysql /var/lib/mysql

(Please note that you don’t specify the socket file location in my.cnf since it causes issues with phpMyadmin)

For, cPanel server, edit the phpMyadmin configuration
take a backup of “/usr/local/cpanel/base/3rdparty/phpMyAdmin/config.inc.php”

edit this file /usr/local/cpanel/base/3rdparty/phpMyAdmin/config.inc.php
vi /usr/local/cpanel/base/3rdparty/phpMyAdmin/config.inc.php

add the following lines. If they already exist, edit as below.
(the connect_type usually exist at “tcp” change it to “socket”)

$cfg['Servers'][$i]['socket'] = ‘/home/mysql/mysql.sock’;
$cfg['Servers'][$i]['connect_type'] = ’socket’;

Now start the database server.

/etc/rc.d/ini.d/mysql start

If it starts fine, you are done. Check the database connections of your site.
You can now remove the directory /var/lib/mysql-bk

Suggestions, questions are welcome.

I am not sure why did the Ubuntu guys…left out the wvdial package in the latest distributions. In fact, most of the 3G wireless internet connection uses the PPP connection using wvdial. To install wvdial package, you need install some dependencies also.
After some research, I have found out the exact packages and the order to install them. Here are the steps to install wvdial for Ubuntu. You need to download the packages to a thumbdrive so as to copy it to the Ubuntu machine.

Download the wvdial + its dependencies from the following linkDownload.

Copy this package to your thumb drive from the machine which has an internet connection and connect it to the Ubuntu machine.

Assuming that you have copied the package from your thumb drive to the location /usr/local/src of Ubuntu machine. perform the following steps in exact order given below.

sudo su    (type in the admin password)

cd /usr/local/src/
tar -zxvf wvdial-ubuntu-wholepkg.tar.gz
cd wvdial-ubuntu-wholepkg

dpkg -i libxplc0.3.13_0.3.13-1build1_i386.deb
dpkg -i libwvstreams4.4-base_4.4.1-0.2ubuntu2_i386.deb
dpkg -i libwvstreams4.4-extras_4.4.1-0.2ubuntu2_i386.deb
dpkg -i libuniconf4.4_4.4.1-0.2ubuntu2_i386.deb
dpkg -i wvdial_1.60.1+nmu2_i386.deb

Success!  You can run "wvdial" to connect to the internet.
(You can also change your configuration by editing /etc/wvdial.conf)
Processing triggers for man-db ...

For BSNL EVDO users, edit the /etc/wvdial.conf file to add your username password and phone number(also uncomment the line by removing ; from the start of the directive). Also add the following line.

Stupid Mode = 1

to wvdial.conf file.

Use the command “wvdial” to connect to the internet. If the modem is not installed or not detected, you need to fix it first.

Please update me guys, if you need any further help.

mailflag=0
limit=5
mailid=mailaddresshere
chkdate=`date -d "60 minute ago" +%Y-%m-%d\ %k`
#chkdate=2009-11-10
mailfile=$(mktemp)
for i in `mysql --batch --skip-column-names -e " use eximstats; select user,email,msgid from sends where \
 mailtime like '$chkdate%';" | awk '{print $1}' | sort | uniq -c | sort -n | sed 's/^ *//'| sed 's/ /:/'`
do
k=`echo $i | cut -d ':' -f1`
username=`echo $i | cut -d ':' -f2`
if [ "$k" -gt "$limit" ]
then
mailflag=1
echo -e "\n\n\n Excessive mail sent by user : $username \n\n" >> $mailfile
echo -e "============================================================================" >> $mailfile
echo "     mailtime           msgid   email   processed       user    size    ip      auth" >> $mailfile
mysql --batch --skip-column-names -e " use eximstats; select * from sends where mailtime like '$chkdate%' and \
user like '$username';" >> $mailfile
echo -e "============================================================================" >> $mailfile
fi
done
if [ "$mailflag" == 1 ]
then
cat $mailfile | mail -s "Excessive mail sent by user" $mailid
fi
rm -rf $mailfile

You need to edit the limit and mailid variables according to your requirement.
eg:
limit=300
mailid=test@live.com

Lets look how to remove it.

Open Task Manager. Find exactly “msa.exe” from the “processes” tab
Start –> Search
Then select “All files and folders”
Make a search called “msa.exe” (all harddrives) When found, stop the search.

Now kill the process in the task manager named msa.exe(keep mouse on it and right click kill process tree)
Now in the search window, delete the msa.exe found using Shift + delete so that it won’t go to your recycle bin.

Now do this

Start > Run > Type regedit.exe

Navigate to

HKEY_CURRENT_USER\Software\AntiVirus
HKEY_CURRENT_USER\Software\MSA
HKEY_CLASSES_ROOT\.key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
 “Antivirus”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
“Antivirus”

Remove MS Antivirus Registry Values from all of the above locations.

Reboot your system… thats all.