Tuesday, September 16, 2008

How to Kill user in Linux

How to Kill user in Linux


Greetings Guys..!!
Well if you want to kill some users process ( in unix/linux hosting) or if you want to terminate from the shell then you can use the following commands.
If you want the user jasons process details

ps -aux |grep jason

from the output just kill the process id of that user and that user will be out from the shell without any wall message for him/her.

By other way you can do following.

Task: How to halt/stop user called jason

Type the skill command as follows:
# skill -STOP -u jason

You muse be root to stop other users.
Task: How to resume already halted user called jason

Send CONT single to user jason, type the following command:
# skill -CONT -u jason
Task: How to kill and logout user called jason

You can send KILL single, type the following command:
# skill -KILL -u jason
Task: Kill and logout all users

The ultimate command to kill and logout all users, type the following command:
# skill -KILL -v /dev/pts/*

Please note that you should send users a warning message ora logout notice using the wall command to avoid data loss.

Enjoy..

Fix Cpanel Quotas

Fix Cpanel Quotas

Cpanel/WHM sometimes has problems with the user quota files causing all users accounts to have unlimited disk space available or 0 megs of disk space in use. This obviously confuses your customers and doesn't show a real representation of actual disk space being used by your clients. This guide will take you through fixing any quota issues with Cpanel manually or automated.

Common reasons for quota problems
- There are files owned by the same user elsewhere on the server
- The backup directory is being counted towards the users disk quota
- Extra log files are being counted towards the users quota
- Cpanel was just updated and the quotas are now unlimited

Quick Fix - an easy way to fix quota issues

Step 1. Log into your server through SSH as the root user.

Step 2. Run the following command
/scripts/fixquotas


Advanced Fix - other reasons quotas are not working

Step 1. Find the user account where the quotas are incorrect and login to your server in SSH as root.

Step 2. Go to the users folder and check their disk space being used.
cd /home/username
du -h or try du -hs

Step 3. Check /etc/passwd and /etc/shadow to make sure there is no weirdness where the username shows up multiple times.

Step 4. Try finding other files owned by the user.
find -user username | more
This will list all files owned by this user that could be affecting the quota reported by Cpanel.

Step 5. Uncompressed backups can cause quota problems, ensure your backups are compressed in the WHM backup options.

Step 6. After your determine the source of the files and remove them then run /scripts/fixquotas

We've covered the common ways accounts report invalid disk quotas with Cpanel. If the Quick Fix doesn't work then you'll need to do some digging through our Advanced Fix. Ask any questions in our forums!

Find n block IPs with max connections

SSH to the server and run The following command to see the IPs with most concurrent connections:

/bin/netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n |more

Block un-wanted IPs using IPTables

/sbin/iptables -I INPUT -s 12.34.56.78 -j DROP
/sbin/service iptables save
/sbin/service iptables restart

Can't connect to local MySQL server through socket '/tmp/mysql.sock

Can't connect to local MySQL server through socket '/tmp/mysql.sock

If you get this error message:

/usr/local/bin/mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)'
Check that mysqld is running and that the socket: '/tmp/mysql.sock' exists!

Run the following commands:

ln -s /var/lib/mysql/mysql.sock /tmp/mysql.sock
/scripts/mysqlup --force

Spamd keeps failing. How can I fix it?

Spamd keeps failing. How can I fix it?

SSH to the server and run the following commands (in that order):
ps auxfww | grep spamd
kill -9 PID

/scripts/perlinstaller --force Digest::SHA1
/scripts/fixspamassassinfailedupdate
/etc/init.d/chkservd restart

MySQL deeper!

Description Command
To login (from unix shell) use -h only if needed. [mysql dir]/bin/mysql -h hostname -u root -p
Create a database on the sql server. create database [databasename];
List all databases on the sql server. show databases;
Switch to a database. use [db name];
To see all the tables in the db. show tables;
To see database's field formats. describe [table name];
To delete a db. drop database [database name];
To delete a table. drop table [table name];
Show all data in a table. SELECT * FROM [table name];
Returns the columns and column information pertaining to the designated table. show columns from [table name];
Show certain selected rows with the value "whatever". SELECT * FROM [table name] WHERE [field name] = "whatever";
Show all records containing the name "Bob" AND the phone number '3444444'. SELECT * FROM [table name] WHERE name = "Bob" AND phone_number = '3444444';
Show all records not containing the name "Bob" AND the phone number '3444444' order by the phone_number field. SELECT * FROM [table name] WHERE name != "Bob" AND phone_number = '3444444' order by phone_number;
Show all records starting with the letters 'bob' AND the phone number '3444444'. SELECT * FROM [table name] WHERE name like "Bob%" AND phone_number = '3444444';
Use a regular expression to find records. Use "REGEXP BINARY" to force case-sensitivity. This finds any record beginning with a. SELECT * FROM [table name] WHERE rec RLIKE "^a$";
Show unique records. SELECT DISTINCT [column name] FROM [table name];
Show selected records sorted in an ascending (asc) or descending (desc). SELECT [col1],[col2] FROM [table name] ORDER BY [col2] DESC;
Return number of rows. SELECT COUNT(*) FROM [table name];
Sum column. SELECT SUM(*) FROM [table name];
Join tables on common columns. select lookup.illustrationid, lookup.personid,person.birthday from lookup
left join person on lookup.personid=person.personid=statement to join birthday in person table with primary illustration id;
Switch to the mysql db. Create a new user. INSERT INTO [table name] (Host,User,Password) VALUES('%','user',PASSWORD('password'));
Change a users password.(from unix shell). [mysql dir]/bin/mysqladmin -u root -h hostname.blah.org -p password 'new-password'
Change a users password.(from MySQL prompt). SET PASSWORD FOR 'user'@'hostname' = PASSWORD('passwordhere');
Allow the user "bob" to connect to the server from localhost using the password "passwd" grant usage on *.* to bob@localhost identified by 'passwd';
Switch to mysql db.Give user privilages for a db.

INSERT INTO [table name] (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv) VALUES ('%','databasename','username','Y','Y','Y','Y','Y','N');
or

grant all privileges on databasename.* to username@localhost;
To update info already in a table. UPDATE [table name] SET Select_priv = 'Y',Insert_priv = 'Y',Update_priv = 'Y' where [field name] = 'user';
Delete a row(s) from a table. DELETE from [table name] where [field name] = 'whatever';
Update database permissions/privilages. FLUSH PRIVILEGES;
Delete a column. alter table [table name] drop column [column name];
Add a new column to db. alter table [table name] add column [new column name] varchar (20);
Change column name. alter table [table name] change [old column name] [new column name] varchar (50);
Make a unique column so you get no dupes. alter table [table name] add unique ([column name]);
Make a column bigger. alter table [table name] modify [column name] VARCHAR(3);
Delete unique from table. alter table [table name] drop index [colmn name];
Load a CSV file into a table. LOAD DATA INFILE '/tmp/filename.csv' replace INTO TABLE [table name] FIELDS TERMINATED BY ',' LINES TERMINATED BY '\n' (field1,field2,field3);
Dump all databases for backup. Backup file is sql commands to recreate all db's. [mysql dir]/bin/mysqldump -u root -ppassword --opt >/tmp/alldatabases.sql
Dump one database for backup. [mysql dir]/bin/mysqldump -u username -ppassword --databases databasename >/tmp/databasename.sql
Dump a table from a database. [mysql dir]/bin/mysqldump -c -u username -ppassword databasename tablename > /tmp/databasename.tablename.sql
Restore database (or database table) from backup. [mysql dir]/bin/mysql -u username -ppassword databasename < /tmp/databasename.sql
Create Table Example 1. CREATE TABLE [table name] (firstname VARCHAR(20), middleinitial VARCHAR(3), lastname VARCHAR(35),suffix VARCHAR(3),
officeid VARCHAR(10),userid VARCHAR(15),username VARCHAR(8),email VARCHAR(35),phone VARCHAR(25), groups
VARCHAR(15),datestamp DATE,timestamp time,pgpemail VARCHAR(255));
Create Table Example 2. create table [table name] (personid int(50) not null auto_increment primary key,firstname varchar(35),middlename varchar(50),lastname varchar(50) default 'bato');

MYSQL Statements and clauses

ALTER DATABASE
ALTER TABLE
ALTER VIEW
ANALYZE TABLE
BACKUP TABLE
CACHE INDEX
CHANGE MASTER TO
CHECK TABLE
CHECKSUM TABLE
COMMIT
CREATE DATABASE
CREATE INDEX
CREATE TABLE
CREATE VIEW
DELETE
DESCRIBE
DO
DROP DATABASE
DROP INDEX
DROP TABLE
DROP USER
DROP VIEW
EXPLAIN
FLUSH
GRANT
HANDLER
INSERT
JOIN
KILL
LOAD DATA FROM MASTER
LOAD DATA INFILE
LOAD INDEX INTO CACHE
LOAD TABLE...FROM MASTER
LOCK TABLES
OPTIMIZE TABLE
PURGE MASTER LOGS
RENAME TABLE
REPAIR TABLE
REPLACE
RESET
RESET MASTER
RESET SLAVE
RESTORE TABLE
REVOKE
ROLLBACK
ROLLBACK TO SAVEPOINT
SAVEPOINT
SELECT
SET
SET PASSWORD
SET SQL_LOG_BIN
SET TRANSACTION
SHOW BINLOG EVENTS
SHOW CHARACTER SET
SHOW COLLATION
SHOW COLUMNS
SHOW CREATE DATABASE
SHOW CREATE TABLE
SHOW CREATE VIEW
SHOW DATABASES
SHOW ENGINES
SHOW ERRORS
SHOW GRANTS
SHOW INDEX
SHOW INNODB STATUS
SHOW LOGS
SHOW MASTER LOGS
SHOW MASTER STATUS
SHOW PRIVILEGES
SHOW PROCESSLIST
SHOW SLAVE HOSTS
SHOW SLAVE STATUS
SHOW STATUS
SHOW TABLE STATUS
SHOW TABLES
SHOW VARIABLES
SHOW WARNINGS
START SLAVE
START TRANSACTION
STOP SLAVE
TRUNCATE TABLE
UNION
UNLOCK TABLES
USE

String Functions

AES_DECRYPT
AES_ENCRYPT
ASCII
BIN
BINARY
BIT_LENGTH
CHAR
CHAR_LENGTH
CHARACTER_LENGTH
COMPRESS
CONCAT
CONCAT_WS
CONV
DECODE
DES_DECRYPT
DES_ENCRYPT
ELT
ENCODE
ENCRYPT
EXPORT_SET
FIELD
FIND_IN_SET
HEX
INET_ATON
INET_NTOA
INSERT
INSTR
LCASE
LEFT
LENGTH
LOAD_FILE
LOCATE
LOWER
LPAD
LTRIM
MAKE_SET
MATCH
AGAINST
MD5
MID
OCT
OCTET_LENGTH
OLD_PASSWORD
ORD
PASSWORD
POSITION
QUOTE
REPEAT
REPLACE
REVERSE
RIGHT
RPAD
RTRIM
SHA
SHA1
SOUNDEX
SPACE
STRCMP
SUBSTRING
SUBSTRING_INDEX
TRIM
UCASE
UNCOMPRESS
UNCOMPRESSED_LENGTH
UNHEX
UPPER

Date and Time Functions

ADDDATE
ADDTIME
CONVERT_TZ
CURDATE
CURRENT_DATE
CURRENT_TIME
CURRENT_TIMESTAMP
CURTIME
DATE
DATE_ADD
DATE_FORMAT
DATE_SUB
DATEDIFF
DAY
DAYNAME
DAYOFMONTH
DAYOFWEEK
DAYOFYEAR
EXTRACT
FROM_DAYS
FROM_UNIXTIME
GET_FORMAT
HOUR
LAST_DAY
LOCALTIME
LOCALTIMESTAMP
MAKEDATE
MAKETIME
MICROSECOND
MINUTE
MONTH
MONTHNAME
NOW
PERIOD_ADD
PERIOD_DIFF
QUARTER
SEC_TO_TIME
SECOND
STR_TO_DATE
SUBDATE
SUBTIME
SYSDATE
TIME
TIMEDIFF
TIMESTAMP
TIMESTAMPDIFF
TIMESTAMPADD
TIME_FORMAT
TIME_TO_SEC
TO_DAYS
UNIX_TIMESTAMP
UTC_DATE
UTC_TIME
UTC_TIMESTAMP
WEEK
WEEKDAY
WEEKOFYEAR
YEAR
YEARWEEK

Mathematical and Aggregate Functions

ABS
ACOS
ASIN
ATAN
ATAN2
AVG
BIT_AND
BIT_OR
BIT_XOR
CEIL
CEILING
COS
COT
COUNT
CRC32
DEGREES
EXP
FLOOR
FORMAT
GREATEST
GROUP_CONCAT
LEAST
LN
LOG
LOG2
LOG10
MAX
MIN
MOD
PI
POW
POWER
RADIANS
RAND
ROUND
SIGN
SIN
SQRT
STD
STDDEV
SUM
TAN
TRUNCATE
VARIANCE

Flow Control Functions

CASE
IF
IFNULL
NULLIF


Command-Line Utilities

comp_err
isamchk
make_binary_distribution
msql2mysql
my_print_defaults
myisamchk
myisamlog
myisampack
access
admin
binlog
bug
check
dump
dumpslow
hotcopy
import
show
perror


Perl API - using functions and methods built into the Perl DBI with MySQL

available_drivers
begin_work
bind_col
bind_columns
bind_param
bind_param_array
bind_param_inout
can
clone
column_info
commit
connect
connect_cached
data_sources
disconnect
do
dump_results
err
errstr
execute
execute_array
execute_for_fetch
fetch
fetchall_arrayref
fetchall_hashref
fetchrow_array
fetchrow_arrayref
fetchrow_hashref
finish
foreign_key_info
func
get_info
installed_versions
last_insert_id
looks_like_number
neat
neat_list
parse_dsn
parse_trace_flag
parse_trace_flags
ping
prepare
prepare_cached
primary_key
primary_key_info
quote
quote_identifier
rollback
rows
selectall_arrayref
selectall_hashref
selectcol_arrayref
selectrow_array
selectrow_arrayref
selectrow_hashref
set_err
state
table_info
table_info_all
tables
trace
trace_msg
type_info
type_info_all
Attributes for Handles


PHP API - using functions built into PHP with MySQL

mysql_affected_rows
mysql_change_user
mysql_client_encoding
mysql_close
mysql_connect
mysql_create_db
mysql_data_seek
mysql_db_name
mysql_db_query
mysql_drop_db
mysql_errno
mysql_error
mysql_escape_string
mysql_fetch_array
mysql_fetch_assoc
mysql_fetch_field
mysql_fetch_lengths
mysql_fetch_object
mysql_fetch_row
mysql_field_flags
mysql_field_len
mysql_field_name
mysql_field_seek
mysql_field_table
mysql_field_type
mysql_free_result
mysql_get_client_info
mysql_get_host_info
mysql_get_proto_info
mysql_get_server_info
mysql_info
mysql_insert_id
mysql_list_dbs
mysql_list_fields
mysql_list_processes
mysql_list_tables
mysql_num_fields
mysql_num_rows
mysql_pconnect
mysql_ping
mysql_query
mysql_real_escape_string
mysql_result
mysql_select_db
mysql_stat
mysql_tablename
mysql_thread_id
mysql_unbuffered_query

Using fuser to Identify Users and Processes

Using fuser to Identify Users and Processes
UNIX IN THE ENTERPRISE --- 07/20/2006

Sandra Henry-Stocker

The fuser (pronounced "ef-user") command is a very handy command for determining who is currently using a particular file or directory. If one user can't access a file because another user has it locked in some way, the fuser command can help you determine who that user is so that you can decide how to resolve the apparent conflict.

Who is Using My File?

When you ask fuser about a file, it can tell you both who is using it and how the particular file is being used. For example, if we were to ask fuser who is using the file /var/log/syslog, we would get response like this:

% fuser -u /var/log/syslog
/var/log/syslog: 247o(root)

That string, "247o(root)", in fuser's response tells us that root is using the file, what the particular root process ID happens to be (247) and that this process has the file open (o).

Without the -u (show user) option, the fuser command would not have added "(root)" to this output.

If we track down the process using ps or ptree (i.e., ptree 247), we aren't likely to be startled. The process is the syslog daemon, syslogd, Syslogd opens /var/log/syslog so that it can append system messages. The ptree command identifies the process easily:

$ ptree 247
247 /usr/sbin/syslogd

Further, if we are inclined to verify that syslogd has the syslog file open, we can display the inode for the /var/log/syslog file and then (as root) find it in the open files (pfiles) listing for the process:

# ls -i /var/log/syslog
102337 /var/log/syslog

# pfiles 102337
... 7: S_IFREG mode:0644 dev:102,3 ino:102337 uid:0 gid:1 size:807186 O_WRONLY|O_APPEND|O_LARGEFILE ...

So, if one of your users complains that a file is busy, you can use the fuser command to see who has the file tied up like this:

# fuser -u /data/src/project1/myfile
/data/src/project1/myfile: 10336o(shs)

If the best course of action is to terminate the process that is using the file, you can use the fuser command for that, too, using the -k option:

# fuser -k /data/src/project1/myfile

In fact, you could terminate the process without first looking to see who owns it and what they are doing, but that generally isn't a good idea.

Who is Using this File System?

If you were trying to unmount a file system and found it busy, fuser would be a useful tool for determining why you are unable to unmount it. Let's say you wanted to unmount /data and saw this:

# umount /data
umount: /data busy # fuser -u /data /data: 24271c(shs)

This time, we notice that the character following the process ID is a "c". What can this mean?

Well, there are a number of reasons why a file system might be considered busy. As we have seen, a file system is considered busy if a program has a file open. A file system is also busy if it's shared. In addition, a file system is busy if someone has issued a cd command and moved into one of its directories. The "c" in the output above means that /data is shs's current working directory.

When you see a "c" in the fuser output, you can change the file system's busy status by getting the user to cd to a directory in some other file system or log off. If necessary, you can kill the user process that is keeping the file system busy, though its always better to give the user some warning if you can.

If the file system is busy because it is being shared, you can un-share the file system and then unmount it.

The various file system uses that fuser reports about include a process that is:

using the file as its current directory -- c
mapping the file with mmap -- m having the file open (i.e., for reading or writing) -- o using the file as its root directory -- r using the file as its text file -- t using the file as it controlling terminal -- y

There is one complication, however, to "fuser -u". You might try to find out why you cannot unmount a file system, like /data, and get a response from "fuser -u" that is not entirely satisfactory. For example, let's say you get this output:

# umount /data
umount: /data busy # fuser -u /data /data:

What's going on here? Basically, fuser isn't telling us anything about why /data is busy because /data is not itself the directory that is in use. Just as "fuser -u /var/log" would not have told us that the /var/log/syslog file was open, "fuser -u /data" won't tell use if someone has moved into some directory further down in the /data file system, like /data/src or /data/project/accts. Another fuser option than comes in handy in situations like this is -c. Let's see what it will show us.

# fuser -cu /data
/data: 24271c(shs)

NOTE: The -c option only works with mount points.

With the -c option, fuser reports the process and the user occupying the /data directory even though the /data isn't the user's current directory. The "c" at the end of the string "24271c" tells us that the file system is busy because of a current working directory issue. It just doesn't tell us which directory is in use. If, for some reason, you need to know this, you could check every directory within the file system using as many "fuser -c" commands as it took. But, since the user could be currently located in any subdirectory and might move while you are checking, this process could be both slow and problematical.

You might try looping through all the subdirectories in the file system using a loop and an embedded find command like that shown below, but you would soon discover that the find command, in accessing each subdirectory, also ends up "using" it and, therefore, reporting itself in the process. In fact, every directory would be listed in the output of this command.

for dir in `find /data -type d -print`
do fuser -u $dir done

If you wanted to ignore the effect of fuser's accessing the directories, you could elect to only look at directories with more than one reported use or you could create a directory list using find and then separately run fuser against each directory (after find has finished using the directories) as this script does:

#!/bin/bash

if [ $# == 0 ]; then
echo "Usage: $0 start-location" exit 1 else START=$1 fi

TEMP=/tmp/findbusy$$

# make a list of directories in the file system
find $START -type d -exec fuser -u {} \; 2>$TEMP 1>&2

# ------------------------------------------
# Begin awk script to print busy directories # ------------------------------------------ awk '

{ if (NF > 2) {
print $0 } } END { print "done" }

' "$TEMP"
# --------------- # End awk script. # ---------------

rm $TEMP

If you don't care which directory the user happens to be using, you can simply ask that the user log off or kill the user's login process. While I don't advocate tossing users off systems without due courtesy, I have often found that users who are keeping a file system busy have been idle for hours. Interestingly, editing a file does not, by itself, keep a file system busy.

The -k option doesn't work on a mount point. In other words, you can't type "fuser -k /data" and kill the processes keeping /data busy. Once you identify a process that is using a particular directory or file, you can terminate the process using the kill command. Alternately, if you identify the particular file or directory that is being used, you can use fuser's -k command to kill it.

If a file system is busy because of user activity, the most expedient way to make the file system non-busy is to list the processes keeping it busy and terminate each process with a kill -9. In the commands below, I have verified that the user is not actively working before terminating his or her process, but you will have to weigh the interests of your users' processing needs against your need to unmount the file system.

boson:/ # fuser -cu /data
/data: 10149co(shs) 10140c(shs) boson:/ # finger -i Login TTY When Idle shs pts/1 Sun Jul 16 14:55 15 hours 2 minutes root pts/4 Sun Jul 16 14:07 boson:/ # kill -9 10149 10140

Where will you find the fuser command?

Linux systems also include the fuser command, but with different options than Solaris. If you are administering Linux systems, you should

Error reloading bind on server rndc: subdomain creation error

Error reloading bind on server rndc: subdomain creation error

No Comments

If you are getting following error while creating the subdomain

Error reloading bind on ServerName: rndc:

Then you need to check the named configuration file that is /etc/named.conf something is messed up there.

Try to reload the named and if its giving you any error lke
Error reloading bind then run this script

/scripts/fixrndc

If its that even gives you any error then

!! /var/named/domain.com.db does not exist, unable to locate.
!! Run /scripts/cleandns to remove zone without corresponding files.
!! Or locate the proper zone file and place in /var/named and rerun
!! This script with the following options: /script/fixndc -fv

Then run /scripts/cleandns and reload named that will solve your problem. )

Creating SPF records

Creating SPF records

Sender Policy Framework (SPF) is a method by which the administrator of a domain explicitly specifies which mailservers are allowed to send mail for his domain. As this is just a TXT record that is put into the domains DNS zone file, the setup is fairly straightforward. A very basic SPF for mydomain.com might look like this:

mydomain.com IN TXT "v=spf1 a mx ~all"

The above specifes that this is an SPF record for mydomain.com:
v=spf1: a required header that indicates this is an spf record
a: the A record for mydomain.com is allowed to send email
mx: the MX record for mydomain.com is allowed to send email
~all all other mailservers trying to send mail will return a code of "softfail". The mail will still go through, however it will be a suspect message

If you wished to allow another server to send mail through that had the hostname of mail2.mydomain.com, you would modify the record thusly:

mydomain.com IN TXT "v=spf1 a mx a:mail2.mydomain.com ~all"

Also, if you wish to give a hard fail, and only allow those servers to send mail, the record would look like:

mydomain.com IN TXT "v=spf1 a mx a:mail2.mydomain.com -all"

Clear exim Queu

exim -bp | awk '$6~"frozen" {print $3 }' | xargs exim -Mrm
grep -lr 'nobody@' /var/spool/exim/input/ | \sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g' | xargs exim -Mrm
grep -rl 'From: Mail Delivery System' /var/spool/exim/input/ | \sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g' | xargs exim -Mrm
grep -rl 'X-Spam-Status: Yes' /var/spool/exim/input/ | \sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g' | xargs exim -Mrm
grep -rl 'Subject: Mail delivery failed' /var/spool/exim/input/ | \sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g' | xargs exim -Mrm
grep -rl 'Message rejected' /var/spool/exim/input/ | \sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g' | xargs exim -Mrm
grep -rl 'retry time not reached for any host' /var/spool/exim/input/ | \sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g' | xargs exim -Mrm
grep -lr 'Cialis' /var/spool/exim/input/ | \sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g' | xargs exim -Mrm
grep -lr 'viagra' /var/spool/exim/input/ | \sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g' | xargs exim -Mrm
grep -lr 'Pharmaceutical' /var/spool/exim/input/ | \sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g' | xargs exim -Mrm
grep -lr '***SPAM***' /var/spool/exim/input/ | \sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g' | xargs exim -Mrm

Bash shortcuts

Bash is a default shell on most of the Linux operating system, you should be aware of all the keyboard to avoid typo mistakes.

Following is the list of shortcuts which will save your precious time;
#) Using Ctrl combination :

ctrl+a : jump to begning of line you are typing on ;

ctrl+b : moving back a character ;

ctrl+c : terminate the command;

ctrl+d:delete character at cursor;

ctrl+D : exit the current shell;

ctrl+h : delete character before cursor ;

ctrl+e : jump to end of line you are typing on ;

ctrl+f : move forward by one character ;

ctrl+l : clear the screen :

ctrl+K : clear the line after cursor ;

ctrl+H : works as backspace ;

ctrl+t : transpose 2 characters ;

ctrl+xx : move between end-of-line and current cursor position ;

ctrl+r : search the history backwords ;

ctrl+w : erase word before cursor ;

ctrl+x@ : shows possible hostname completions;

ctrl+y : recover previous deleation ;

ctrl+z : suspend/stop the command which is running ;

#) UsingAlt combination :

Alt + > - Move to the last line in the history ;

Alt + ? - Show current completion list ;

Alt + * - Insert all possible completions ;

Alt + / - Attempt to complete filename ;

Alt + . - Yank last argument to previous command ;

Alt + b - Move backward ;

Alt + c - Capitalize the word ;

Alt + d - Delete word ;

Alt + f - Move word forward ;

Alt + l - Make word lowercase ;

Alt + n - Search the history forwards non-incremental ;

Alt + p - Search the history backwards non-incremental ;

Alt + r - Recall command ;

Alt + t - Move words around ;

Alt + u - Make word uppercase ;

Alt + back-space - Delete backward from cursor ;

#) Using Esc combination :

esc+d : delete word ;

esc+f : move forward a word ;

esc+b : mmove backward a word ;

esc+t : transpose two adjacent words ;

#) Using Tab combination :

*)Press tab twice to see all available commands;

*)Press tab twice after a word to view all commands starting with that word ;

*)Pressing ~along with hitting tab 2 times will give you list of all user on system from /etc/passwd;

*)Pressing $along with hitting tab 2 times will show you all sys variables ;

*)Pressing / along with hitting tab 2 times will give you entire directory structure including hidden ;

#) Some extras :

*) To complete a command you can hit the tab key after typing one or more letters of a command.

*) you can use ! along with first few character of previous command to get previous command fired;

If Apache won't start

If Apache won't start for any of the following reasons:

Invalid command 'BytesLog', perhaps mis-spelled or defined by a module not included in the server configuration
/usr/local/apache/bin/apachectl start: httpd could not be started

OR

Cannot load /usr/local/apache/libexec/mod_bwlimited.so into server:
/usr/local/apache/libexec/mod_bwlimited.so: cannot open shared object file: No such file or directory
/usr/local/apache/bin/apachectl start: httpd could not be started

OR

Cannot load /usr/local/apache/libexec/mod_log_bytes.so into server:
/usr/local/apache/libexec/mod_log_bytes.so: cannot open shared object file: No such file or directory
/usr/local/apache/bin/apachectl start: httpd could not be started

The problem with this kind of symptom is most likely due to the cause that the mod_belimited.so, mod_log_bytes.so, or mod_bandwidth.so are deleted or corrupted. These 3 files are unique to cPanel-powered web hosting service and are used to control, monitor or restrict the bandwidth usage limit.

The resolution and solution to the error is to recompile and redeploy the missing or unable to find shared library modules. You can easily compile these cPanel modules for Apache by using the following commands:

cd /usr/local/cpanel/apache /usr/local/apache/bin/apxs -iac mod_log_bytes.c
/usr/local/apache/bin/apxs -iac mod_bwlimited.c
/usr/local/apache/bin/apxs -iac mod_bandwidth.c /scripts/restartsrv httpd

After compilation, the .so files will automatically copied to libexec directory for Apache HTTPD web server.

Apache fixes

Starting Apache

Sometimes Apache refuses to start. When this happens sweat instantly appears on your forehead because without apache running none of your website's are available. Here are some things you can try based on problems we've come across. Hitting the reset switch isn't the solution and not something you should do when you come across a problem like this.

The correct way to start, stop or restart apache is by using the apachectl program. Such as:

* /sbin/service httpd graceful
* /sbin/service httpd stop
* /sbin/service httpd restart

Checking Apache configuration
Apachectl can also be used to check the apache configuration, such as:

* /sbin/service httpd configtest
This will return warnings and errors.

Check the Apache error logs
Take a look at the error logs (usually "/var/log/httpd/") and see if you can find what's causing the problem.

1) ---------- Error ----------

(98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down

---------- Solution ----------
This is caused by one or more processes running on the 443 (secure socket) port. To fix this problem first find the process ID's that are running on port 443:

* /sbin/fuser 443/tcp

This will return results which look something like:

443/tcp: xxxx yyyy zzzz <- processes using 443

Where xxxx yyyy & zzzz are numbers for the process ID's. Now kill the processes with:

* Kill -9 xxxx yyyy & zzzz

Apache will not start. Error log contains:

2) ---------- Error ----------

(98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
[emerg] (28)No space left on device: Couldn't create accept lock

OR

[crit] (28)No space left on device: mod_rewrite: could not create rewrite_log_lock Configuration Failed

Now, checking your disk shows that you have plenty of space. The problem is that apache didn't shut down properly, and it's left myriads of semaphore-arrays left, owned by my apache-user. Run:

---------- Solution ----------
Run the following commands (in that order):

* /usr/bin/ipcs -s | grep nobody

Removing these semaphores immediately should solve the problem and allow apache to start:

* usr/bin/ipcs -s | grep nobody | perl -e 'while () { @a=split(/\s+/); print `ipcrm sem $a[1]`}'

Thursday, September 4, 2008

php as CGI interpreter and PHP AS AN APACHE MODULE


PHP Secure Installation



As we know that the vulnerabilities in PHP are increasing day by day there comes the need to secure the PHP installation to the highest level. Due to its popularity and its wide usage most of the developers and the administrators will be in trouble if they don't take appropriate steps on security issues during the installation.

First comes the question of choosing the platform for PHP! I have choosen Linux OS and Apache Web server to explain this because of its performance and security aspects. It depends on the developer's need whether he is going to install it as an Apache module or a CGI interpreter. When choosing to build PHP in either of the two ways, you should consider the advantages and drawbacks of each method.

Building as a shared object will mean that you can compile apache separately, and you don't have to recompile everything as you add to, or change PHP. Building PHP into apache staticly means that PHP will load and run faster.

Advantages

  1. Server is more flexible. It can be run as SSL, mod_perl, or php with only one installation.
  2. Servers can be extended with other modules even after installation.
  3. Easier module development and testing as the compiling apache source is not required each time the module is changed.

Disadvantages

  1. DSO is not supported on all platforms.
  2. Startup of the server is 20% slower due to symbol resolving.
  3. The server is approximately 5% slower at execution time under some platforms because position independent code (PIC) sometimes needs complicated assembler tricks for relative addressing which are not necessarily as fast as absolute addressing.
  4. DSO can produce a slightly slower server depending on platform and address resolutioning.
  5. DSO modules cannot be linked with other DSO modules. For example a.out-based platforms usually don't provide this functionality while ELF-based platforms do. You cannot use the DSO mechanism for all types of modules. This requires either the code be referenced directly through the Apache core, or that you compile Apache with chaining available.
  6. Some platforms cannot force the linker to export all global symbols for linking DSO and Apache executables. This is overcome using the SHARED_CORE feature of Apache and is used by default on such platforms.

Advantages/Disadvantages of compiling PHP as a CGI interpreter

  1. PHP can be compiled as a CGI binary, this allows a user to separate PHP from their web server entirely. Each PHP script that is written will need to contain a statement that points to the path of the PHP binary just as in PERL.
    #!/usr/local/bin/php
  2. CERT Advisory CA-96.11 advises against placing any type of interpreter in the CGI-BIN so it is a good idea to create an isolated directory where PHP can be run.
  3. PHP has built in security measure to prevent malicious attacks of this type as well. In the configuration file for PHP, you can specify the following security features:
    • doc_root This options only works when PHP is installed in Safe Mode. This specifies where the root document directory of PHP is. Scripts outside of this directory will not be interpreted.
    • User_dir This option only works when PHP is installed in Safe Mode. This variable specifies user directories so that scripts outside of this directory cannot be executed.
    • --enable-force-CGI-redirect This allows you to force redirection so that scripts cannot be access directly from the internet. Scripts are redirected to a URL, hiding their full path names.
      http://yoursite/test.php#test.cgi

Building as a CGI Binary means efficiency could be improved by having only a single Perl interpreter running in memory, and passing it the Perl scripts. This is where mod_perl comes in to the picture. It provides a single embedded Perl interpreter within the Apache web server. This can be either statically linked, or as a DSO module.

Some of the advantages of mod_perl are:

  • Able to write Apache modules entirely in Perl.
  • Having a persistent interpreter in the server saves on overheads due to starting a perl interpreter for each script.
  • Offers code caching, where the modules and scripts are being loaded and compiled only once.
  • Increased power and speed.
  • Full access to the web server.
  • Allows customized processing of URI to filename translation, authentication, response generation and logging practically no run-time overhead.
  • Improved performance of %200 - %2000 is apparently obtained.

One of the major drawbacks of a CGI interpreter is when PHP is compiled as a CGI. This means a lack of effieciency in handling high traffic applications.

PHP installation is very easy but installing PHP in a secured manner depends on your platform, installation type selection, and configuration options considered. Whatever method you choose please remember to follow the recommended PHP Configuration Options.

There are various options that can be set in PHP to increase the overall security of your server. We will discuss some of the most common and useful options.

Safe_mode
Safe mode is required for nearly all of the following options, safe mode allows PHP to impose more security restrictions than a normal configuration.
Safe_mode_exec_dir
Setting this variable helps you in forceing PHP to only execute scripts from a specified directory.
Open_basedir
This option allows you to control which directories PHP scripts are allowed to access files from. By default PHP will allow a script to access a file from anywhere so it is recommended that is option be set. By predefining valid directories, data can be protected.
Max_execution_time
This variable enables you to set a maximum execution time that a script can have. If a script runs longer than the allocated execution time, it will be terminated. This option will allow you to prevent attackers from tying up your web server with malicious scripts that could cause denial of service.
Memory_limit
This allows you to control the maximum amount of memory that a script can use. Using this will help to prevent buffer overflows which may lead to more serious threats.
Upload_tmp_dir
This designates where PHP will place files that are being uploaded.

We will discuss both cases here.

PHP AS AN APACHE MODULE:

Here Apache should run as an ordinary user with least privileges. Never run apache as a root user. Try to run Apache in a root jail. If you are running PHP as an Apache Module it is fine, means it provides maximum security. Following are the steps to install and configure the same.
  1. gunzip apache_xxx.tar.gz
  2. tar -xvf apache_xxx.tar
  3. gunzip php-xxx.tar.gz
  4. tar -xvf php-xxx.tar
  5. cd apache_xxx
  6. ./configure --prefix=/www --enable-module=so
  7. make
  8. make install
  9. cd ../php-xxx
  10. ./configure --with-mysql --with-apxs=/www/bin/apxs
  11. make
  12. make install

    If you decide to change your configuration options after installation, you just have to repeat the last three steps. You also have to restart apache for the new module to take effect. A recompile of Apache is not needed.

  13. cp php.ini-dist /usr/local/lib/php.ini

    You can edit your .ini file to set PHP options. If you prefer this file in another location, use --with-config-file-path=/path in step 8.

  14. Edit your httpd.conf or srm.conf file and check that these lines are present and not commented out:
    AddType application/x-httpd-php .php
    LoadModule php4_module libexec/libphp4.so

The path on the right hand side of the LoadModule statement must point to the path of the PHP module on your system. The above statement is correct for the steps shown above.

Different examples of compiling PHP for apache are as follows:

./configure --with-apxs --with-pgsql

This will create a libmodphp4.a library, a mod_php4.c and some accompanying files and copy this into the src/modules/php4 directory in the Apache source tree. Then you compile Apache using --activate-module=src/modules/php4/libphp4.a and the Apache build system will create libphp4.a and link it statically into the httpd binary. The PostgreSQL support is included directly into this httpd binary, so the final result here is a single httpd binary that includes all of Apache and all of PHP.

./configure --with-apache=/path/to/apache_source --with-pgsql=shared
./confgure --enable-debug=no Note: Will not disclose the physical path if some error occurs.
./confgure --enable-safe-mode

Banner Off in apache's configuration file httpd.conf, will not disclose the server's banner information. This makes attacks more difficult for would-be intruders.

Lets consider the second case...

PHP AS A CGI INTERPRETER:

Download the latest version of PHP from http://www.php.net/downloads.php.
  1. Extract the package
    # tar zxvf php-x.x.x.tar.gz Where x.x.x. is the version number.
  2. Change to the PHP directory
    # cd php-x.x.x
  3. Configure it with the various options present
    #./configure --without-apache --without-apxs --enable-force-cgi-redirect

This is to tell PHP that it isis built without Apache support and as a CGI binary. You should get the binary in /usr/local/bin/php.

Now you know why it is compiled with the --enable-force-cgi-redirect option.

The CGI binary isn't compiled within Apache, it runs under a separate process and user. Hence the question comes of placing the CGI binary in a proper location. I would suggest that the CGI binary should be placed outside the web directory, as the risk would be greatly reduced and also make sure that you have enabled safe mode in the php.ini configuration file.

Most commonly attacks arise in the form of getting access to files. Therefore you can prevent the user from calling the CGI binary directly by forcing a CGI to redirect within Apache. For this, just add the following directives in Apache's httpd.conf file:

Action php-script /cgi-bin/php.cgi
AddHandler php-script .php

Now you will see that URL is rewritten

http;//test.com/application/test.htm
into:
http://test.com/cgi-bin/php/application/test.htm
Note: Ensure that you perform permission checks on the application/directory in the process.

This gives you the added benefit of making the URL a little shorter. Lastly, change your doc_root and user_dir options in the php.ini appropriately.

SUMMARY:

Here we have discussed the issues on how best the user can secure PHP installation considering both cases and I hope this will be helpful to all those who are keen in securing PHP and thus eliminating the many of the security risks involved.