Print out kernel message or control ring buffer

Print out kernel message or control ring buffer

dmesg [ -c ] [ -n level ] [ -s bufsize ]

Options

-c
Clear the ring buffer contents after printing.
-sbufsize
Use a buffer of size bufsize to query the kernel ring buffer. This is 16392 by default. (The default kernel syslog buffer size was 4096 at first, 8192 since 1.3.54, 16384 since 2.1.113.) If you have set the kernel buffer to be larger than the default then this option can be used to view the entire buffer.
-nlevel
Set the level at which logging of messages is done to the console. For example, -n 1 prevents all messages, expect panic messages, from appearing on the console. All levels of messages are still written to /proc/kmsg, so syslogd(8) can still be used to control exactly where kernel messages appear. When the -n option is used, dmesg will not print or clear the kernel ring buffer.

When both options are used, only the last option on the command line will have an effect.

Solution for Windows Server 2008 Network Problem

This is to resolve the network issue for Windows Server 2008 cannot be up after reboot:

1.       Check the network adapter device ID using powershell (http://blogs.msdn.com/daiken/archive/2007/02/09/enable-disable-network-connection.aspx) :

a.        Open powershell

b.       key in the following command to find out which network adapter:

Get-wmiobject win32_NetworkAdapter | format-table

You will see the device ID and key in the following command to the detail of the network adapter and open the network properties to reconfirm:

                   Get-WmiObject win32_networkadapter | where {$_.DeviceId -eq 5}

2.       Create a script, in folder C:\Windows\restart_lan.ps1

a.        Content for restart_lan.ps1 (make sure you have the correct "deviceid")

$lannetwork = Get-WmiObject win32_networkadapter | where {$_.DeviceId -eq 5}

$lannetwork.Disable()

$lannetwork.Enable()

3.       Create a bat file to run the powershell script in folder C:\Windows\restart_lan.bat

a.        Content for restart_lan.bat

powershell c:\windows\restart_lan.ps1

4.       Add the script to windows startup (http://www.tutorial5.com/content/view/157/47/ )

a.        Click Start - Run and type mmc

b.       On the Management console that starts, click File -> Add/Remove Snap-in.

c.        On the window that opens, search for Group Policy Object editor on the left panel, click Add and in the properties window that pops out leave the settings that are selected (Local computer) and click ok.

d.       Navigate through the left panel by opening each branch like this: Console Root -> Computer configuration -> Windows Settings -> Scripts (Startup/shutdown)

e.       Open the properties window for Startup or Shutdown as you desire from the right panel; on the window that pops out add, edit or remove scripts that you want.

How to install Cpanel & WHM in Fedora

yum -y install tcp_wrappers-devel perl tar

mkdir /home/cpins

cd /home/cpins

wget http://layer1.cpanel.net/latest

sh latest &

& wait... until the cpanel said "done"

How to install Cpanel & WHM

Get the power of root.

1. cd /home
2. wget http://layer1.cpanel.net/latest
3. sh latest

Count the connection and sort by IP in Linux

Count the connection and sort by ip : -

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

Update cPanel license

The license file can be updated by running

/usr/local/cpanel/cpkeyclt

or

go to directory /usr/local/cpanel/ and execute the cpkeyclt by using

.cpkeyclt

as root via SSH.

Plesk or Horde stop working after installation of Zend Optimizer (Windows)

The Zend Optimizer installer resets the location of the php.ini scripts.

To correct this, open regedit and remove the following key from the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\php\IniFilePath

Horde mail users not authorized (Linux)

Running

'tail /usr/local/psa/var/log/maillog'

shows LOGIN FAILED and "unable to open mail authentication database: No such file or directory"
You can verify this by running

'ls /var/lib/plesk/mail/auth/passwd.db'

which will return "No such file or directory".
Fix this by running the following command as root:

/usr/local/psa/admin/sbin/mail_auth_dump

Checking Rootkits for Linux

Chkrootkit - chkrootkit is a tool to locally check for signs of a rootkit. Type the following command to install chkrootkit

$ sudo apt-get install chkrootkit

Start looking for rootkits, enter:

$ sudo chkrootkit

Look for suspicious strings, enter:

$ sudo chkrootkit -x | less

You need to specify the path for the external commands used by chkrootkit such as awk, grep and others. Mount /mnt/safe using nfs in read-only mode and set /mnt/safe binaries PATH as trusted one, enter:

$ sudo chkrootkit -p /mnt/safe

MTR for network diagnostic

Mtr combines the functionality of the traceroute and ping programs in a single network diagnostic tool.

use MTR

How to install:-

# yum -y install mtr

for windows use WinMTR by download here

http://download.cengkeh.net/software/WinMTR.exe

URL Password Protection

URL Password Protection

Instructions on how to set this up manually on the server for other directories.

1) Place the following in a text file called '.htaccess' under the directory you wish to password protect, replacing "USERNAME" with your username and "HTACCESS_USERNAME" with the username you wish to grant access to:

AuthUserFile /home/USERNAME/.htpasswd
AuthGroupFile /dev/null
AuthName ByPassword
AuthType Basic

require user HTACCESS_USERNAME

2) Login to your domain via ssh and run the following command. This will create a .htpasswd file and an htaccess user.

htpasswd -c /home/USERNAME/.htpasswd HTACCESS_USERNAME

Importing SQL Databases via command

Most backups of databases use utilities such as mysqldump to generate a SQL insert statements and data that describes the old database. SQL files are also used when creating new databases. To import these .sql files, use the following command (when logged into the server via SSH):

mysql -u username -ppassword database_name < your_data.sql

This command loads all the SQL commands from the specified file as if you were to enter them line by line.

Enabling Directory File Listing

Enabling Directory File Listing

Put the following in .htaccess in the directory you want the index enabled for:

Options ExecCGI Indexes Includes FollowSymLinks

NOTICE the filename is .htaccess, that is (dot)htaccess.

Website Error Code 400 / 500

Web Site Error 500

Error 500 is generally caused by a misconfigured CGI or Perl script. Review the contents of your server's error log to debug the error message.

Error 500 is not caused by a server misconfiguration but rather by a script or htaccess misconfiguration.

Web Site Error 400

Error 400 means that you are trying to access a directory with no index.html, or that directory is not world-executable, meaning that the directory can not be browsed by anyone (it can only be browsed by the owner using telnet or an ftp program). It could also mean that the file is not world-readable, meaning that only the owner can view (read) the file.

Missing index.html
Placing the home page file index.html in the directory should resolve the Error 400.

Incorrect permission
Setting the permission on the file / directory to chmod 755 should resolve the Error 400.

Check system info in Windows

systeminfo.exe /s srvmain

How to kill all process by user in Windows

kill all processes belong to user ayam

taskkill /F /FI "USERNAME eq ayam"

Just kill all calc.exe processes that belong to ayam.

taskkill /F /FI "USERNAME eq ayam" /im calc.exe

Optimize Apache & MySQL for Low Memory Systems

Optimize Apache for Low memory Server

/etc/httpd/conf/httpd.conf

KeepAlive On
KeepAliveTimeout 3
<IfModule prefork.c>
StartServers       2
MinSpareServers    2
MaxSpareServers    5
ServerLimit      100
MaxClients       100
MaxRequestsPerChild  500
</IfModule>
<IfModule worker.c>
StartServers         2
MaxClients         150
MinSpareThreads     15
MaxSpareThreads     50
ThreadsPerChild     15
MaxRequestsPerChild  0
</IfModule>

Optimize MySQL for Low Memory Server

/etc/my.cnf

[mysqld]
port               = 3306
socket             = /var/lib/mysql/mysql.sock
skip-locking
key_buffer         = 16K
max_allowed_packet = 1M
table_cache        = 4
sort_buffer_size   = 64K
read_buffer_size   = 256K
read_rnd_buffer_size = 256K
net_buffer_length  = 2K
thread_stack       = 64K

To check ddos attack in Windows OS

To check ddos attack

netstat -ano | find /i /c "80

Start >> cmd >> Type the command

netstat -ano

Note : You can see the attacking IPs in Foreign address

Display Summary Statistics for Each Protocol

Display Summary Statistics for Each Protocol

Simply use netstat -s:

# netstat -s | less
# netstat -t -s | less
# netstat -u -s | less
# netstat -w -s | less
# netstat -s

Domain name missing in "List Accounts" (CPanel)

Domain name missing in "List Accounts"

Check user cPanel config

# cd /var/cpanel/users

Make sure the primary domain exist inside DNS

# nano -w username
DNS=domain.com

Or backup old user cPanel user

# cp /var/cpanel/users/username /var/cpanel/users/username.backup

# nano -w username
DNS=domain.com

Domain name should appear inside List of Accounts now.

If user already exist and all settings are correct, run:

# /scripts/updateuserdomains

Print out list of open connection and sort by ip address

# netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n

Output:

1 10.0.77.52
2 10.1.11.3
4 12.109.42.21
6 12.191.136.3
.....
...
....
13 202.155.209.202
18 208.67.222.222
28 0.0.0.0
233 127.0.0.1

Finding a File containing a particular text string in Linux server

For example search for a string called redeem reward in all text files located in /home/tom/*.txt directory, use

$ grep "redeem reward" /home/tom/*.txt

You can search for a text string all files under each directory, recursively with -roption:

$ grep -r "redeem reward" /home/tom

By default, grep command prints the matching lines You can pass -H option to print the filename for each match.

$ grep -H -r "redeem reward" /home/tom

Flush the DNS cache on Mac OS X

Use this command to flush the DNS cache on Mac OS X:

lookupd -flushcache

It appears that the cache overrides /etc/hosts.

Dig out more information about a specific ip address:

Dig out more information about a specific ip address:

# netstat -nat |grep {IP-address} | awk '{print $6}' | sort | uniq -c | sort -n

OUTPUT:

2 LAST_ACK
2 LISTEN
4 FIN_WAIT1
14 ESTABLISHED
91 TIME_WAIT
130 FIN_WAIT2

Dig out more information about particular IP address

# netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n

Output:

1 CLOSE_WAIT
1 established)
1 Foreign
3 FIN_WAIT1
3 LAST_ACK
13 ESTABLISHED
17 LISTEN
154 FIN_WAIT2
327 TIME_WAIT

How to Login to HELM Control Panel & Webmail

How to Login to HELM Control Panel & Webmail

HELM Control Panel:
http://cp.yourdomain.com

WEBMAIL Login:
http://webmail.yourdomain.com

How to change time/timezone on your vps

Problem
How to change time/timezone on your vps

Solution
We manage the vps time via ntp on the hardware node and it does not need changing.
For changing your timezone, you can setup the correct symlink to the timezone you want to /etc/localtime

For example for GMT, add the following symlink:

ln -sf /usr/share/zoneinfo/GMT /etc/localtime

How to check if IP is blocked from Iptables

How to check if IP is blocked from Iptables

Check if IP is blocked:

# iptables -L -n --line | grep [IP Address]

If IP appear as DROP or REJECT, the IP has been blocked

Unblock the IP Address:

# iptables -I INPUT -s [IP Address] -j ACCEPT

Blocking back an IP Address:

# iptables -A INPUT -d [IP Address] -j DROP

Note: Full path to IPTABLES is /sbin/iptables, you can replace command # iptables with /sbin/iptables

How to enable 'Register Globals'

How to enable 'Register Globals'

register_globals is disabled by default on all servers. This provides greater security on the server and makes it more difficult for hackers to exploit scripts. However, some old scripts still need register_globals enabled to work.

1. Create a file .htaccess
2. Insert the following line into .htaccess

php_flag register_globals on

3. Upload the file into /public_html/ directory

Remove Linux APF firewall

Remove Linux APF firewall

Type the following commands:

# service iptables stop
# chkconfig apf off
# /bin/rm -rfv /etc/apf
# /bin/rm -fv /etc/cron.daily/fw
# /bin/rm -fv /etc/init.d/apf
# iptables -L -n

An A-Z Index of the Bash command line for Linux

An A-Z Index of the Bash command line for Linux.

  alias    Create an alias
  apropos  Search Help manual pages (man -k)
  apt-get  Search for and install software packages (Debian)
  aspell   Spell Checker
  awk      Find and Replace text, database sort/validate/index
b
  bash     GNU Bourne-Again SHell
  bc       Arbitrary precision calculator language
  bg       Send to background
  break    Exit from a loop
  builtin  Run a shell builtin
  bzip2    Compress or decompress named file(s)

How to use nslookup

    nslookup

    Server:  Your.Main.Server
    Address:  123.45.67.8

    set type=mx

Prevent DDOS Attack in Linux

Prevent DDOS Attack in Linux

Apa akan terjadi bila kena attack?

   1.  Programs run very slowly
   2. Services (e.g., HTTP) fail at a high rate
   3. Large number of connection requests from different networks
   4. User complaints about slow (or no) site access
   5. Machine shows a high CPU load 

Macam mana nak prevent dari kena attack?

1) Check CPU load and have a large number of httpd usage.

	Blessen@work >w
	 12:00:36 up 1 day, 20:27, 5 users, load average: 0.70, 0.70, 0.57 

2) Kira jumlah proses httpd

	[root@blessen root]# ps -aux|grep -i HTTP|wc -l
         23 

3) Determine the attacking network

       bash# netstat -lpn|grep :80|awk '{print $5}'|sort

  if you have more than 30 connections from single ip, chane are that you
  under attack. Identify these networks for later reporting, perhaps by using the
   'whois' command. 

   If more than 5 such hosts/IPs connect from the same network, that's a very
   clear sign of DDoS. 

4) Block the attacking network 

        iptables -A INPUT -s <Source IP> -j DROP 

    Edit /etc/apf/deny_hosts.rules for apf

===========================================================

5) How to prevent this issue later.

	http://www.rfxnetworks.com/apf.php
        http://freshmeat.net/projects/aide/

6) Implement Sysctl-based protection. Enable the following in your '/etc/sysctl.conf': 

	# Enable IP spoofing protection, turn on Source Address Verification
          net.ipv4.conf.all.rp_filter = 1 

        # Enable TCP SYN Cookie Protection
          net.ipv4.tcp_syncookies = 1 

7) Conversely, you could add this code to your '/etc/rc.local': 

         for f in /proc/sys/net/ipv4/{conf/*/rp_filter,tcp_syncookies}
            do
	         echo 1 > $f
            done

FreeBSD command to stop IPFW Firewall

To stop the firewall, issue the command:

# /etc/rc.d/ipfw stop

To disable firewall remove following line from /etc/rc.conf file:

firewall_enable="YES"

OR set it as follows:

firewall_enable="NO"

Windows RDC Force Login

mstsc.exe {ConnectionFile | /v:ServerName[:Port]} [/console] [/f] [/w:Width/h:Height]

/v - specifies the remote computer and port (optional) you wish to connect to
/console – connects to the console of a Windows Server 2003 based system
/f – starts the remote desktop connection in full screen mode
/w & /h – specifies the width and height of the remote desktop connection

when /cpanel /webmail shortcut came “Internal Server Error”

when /cpanel /webmail shortcut came “Internal Server Error”

Check ulimit inside httpd, otherwise add the line

# nano -w /etc/init.d/httpd

ulimit -n 1024
ulimit -n 4096
ulimit -l unlimited
ulimit -m unlimited
ulimit -s unlimited

# /etc/init.d/httpd restart

Try again. This should fix the problem.

Otherwise, execute this command to see if it is ‘semaphore’ problem

# for semid in `ipcs -s | grep apache | cut -f2 -d" "`; do ipcrm –s $semid; done

If it is ‘semaphore’

# /etc/init.d/httpd restart
# tail /usr/local/apache/logs/error_log
# /usr/local/apache/bin/apachectl startssl
# tail /usr/local/apache/logs/error_log

Otherwise, reboot server and it should be working & report issue to our technical support department

# shutdown –r now

Checking Windows Firewall Port

netstat -an |find /i "listening" 

netstat -anop TCP

netstat -anop UDP

Zero's out the file without breaking pipe

cat /dev/null > filename

Zero's out the file without breaking pipe

How to install ioncube

1. Download the program and store it on your server using wget or FTP.
http://www.ioncube.com/loader_download.php

--> Linux 64 --> http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz

2. Unpack the program

tar -zxvf ioncube_loaders.tar.gz

3.  cd ioncube

4.  copy ioncube-install-assistant.php to a web directory such as your hosting directory and open it in your browser window.

cp ioncube-install-assistant.php /home/userdirectoryhere/www

** FOR SHAREHOSTING --> location is "cd /home/<username>/public_html"
**
**

Then open it http://www.yourdomain.com/ioncube-install-assistant.php
The output should be something similar to:

Analysis of your system configuration shows:

PHP Version 4.3.3
Operating System Linux
Threaded PHP No
php.ini file /usr/local/lib/php.ini
Required Loader ioncube_loader_lin_4.3.so

5. Now lets move the iconcube directory to a permanent location:

cd ..
mv ioncube /usr/local

6. Now that you know the location of php.ini you need to edit it.

pico /usr/local/lib/php.ini

Now find where other zend extentions are in the file.

ctrl + w: zend_extension

Paste in your new line for ioncube loader

zend_extension = /usr/local/ioncube/ioncube_loader_lin_4.3.so

7. Save the changes

ctrl + X then Y and enter

8. Restart the web server to take effect.

/etc/init.d/httpd restart

Success! You should now see a section in your PHP Info page that says:

Additional Modules
Module Name ionCube Loader

To increase the ip_conntrack

We can check the current ip_conntrack usage by this command:

root@server1301 [/etc]# cat /proc/net/ip_conntrack | wc -l

34427

To increase the ip_conntrack, below is the command:

echo "81920" > /proc/sys/net/ipv4/ip_conntrack_max

Mount & Unmount Partition in Linux

sudo mount -t ntfs -o nls=utf8,umask=0222 /dev/sdb5 /media/a

mount -t ntfs-3g /dev/sdb5 /media/a -o force
mount -t ntfs-3g /dev/sdb1 /media/b -o force
mount -t vfat /dev/sdb5 /media/c -o force

sudo mount -t vfat -o nls=utf8,umask=0222 /dev/sdb5 /media/c

/dev/sdb2   /media/harith/c   vfat   user,fmask=0111,dmask=0000   0   0