After plesk first installation, plesk panel loading blank page. Its an error caused due to license key.
Type this command :
# /usr/local/psa/admin/sbin/keymng --install --source-file <source path>
where < source path > is the license key.
Saturday, 13 October 2012
Blank page loading after Plesk panel Installation
After plesk first installation, plesk panel loading blank page. Its an error caused due to license key.
Type this command :
# /usr/local/psa/admin/sbin/keymng --install --source-file <source path>
where < source path > is the license key.
Working of Email
Email is based around the use of electronic mailboxes. When an email is sent, the message is routed from server to server, all the way to the recipient's email server.
More precisely, the message is sent to the mail server tasked with transporting emails (called the MTA, for Mail Transport Agent) to the recipient's MTA.
On the Internet, MTAs communicate with one another using the protocol SMTP, and so are logically called SMTP servers (or sometimes outgoing mail servers).
The recipient's MTA then delivers the email to the incoming mail server (called the MDA, for Mail Delivery Agent), which stores the email as it waits for the user to accept it.
There are two main protocols used for retrieving email on an MDA:
1. POP3 (Post Office Protocol), the older of the two, which is used for retrieving email and, in certain cases, leaving a copy of it on the server.
2. IMAP (Internet Message Access Protocol), which is used for coordinating the status of emails (read, deleted, moved) across multiple email clients.
With IMAP, a copy of every message is saved on the server, so that this synchronisation task can be completed.
Difference between Imap amd Pop :
The main difference, as far as we are concerned here, is the way in which IMAP or POP controls your e-mail inbox.
When you use IMAP you are accessing your inbox on the central mail server. IMAP does not actually move messages onto your computer.
You can think of an e-mail program using IMAP as a window to your messages on the server.
Although the messages appear on your computer while you work with them, they remain on the central mail server.
POP does the opposite. Instead of just showing you what is in your inbox on the U's mail server, it checks the server for new messages.
Downloads all the new messages in your inbox onto your computer, and then deletes them from the server.
This means that every time you use POP to view your new messages, they are no longer on the central mail server.
Figure 1 illustrates these concepts :
Because IMAP leaves all of your messages on the central mail server, you can view these messages from any location with Internet access.
This means the your e-mail inbox you view from home will be the same one you see at work.
Since POP downloads new messages to your computer and removes them from the server, you will not be able to see those new messages on another computer when you check your inbox.
Those messages exist only on the computer that downloaded them using POP.
However, if you use IMAP and create e-mail folders on the server, these folders are accessible from anywhere you read your e-mail using IMAP.
If you use POP and create e-mail folders, they are stored locally, and you cannot access these folders from anywhere except the computer on which you created them.
For these reasons,incoming mail servers are called POP servers or IMAP servers, depending on which protocol is used
To use a real-world analogy, MTAs act as the post office (the sorting area and mail carrier, which handle message transportation).
while MDAs act as mailboxes, which store messages (as much as their volume will allow) until the recipients check the box.
This means that it is not necessary for recipients to be connected in order for them to be sent email.
To keep everyone from checking other users' emails, MDA is protected by a user name called a login and by a password.
Retrieving mail is done using a software program called an MUA (Mail User Agent).
When the MUA is a program installed on the user's system, it is called an email client (such as Mozilla Thunderbird, Microsoft Outlook, Eudora Mail, Incredimail or Lotus Notes).
When it is a web interface used for interacting with the incoming mail server, it is called webmail.
More precisely, the message is sent to the mail server tasked with transporting emails (called the MTA, for Mail Transport Agent) to the recipient's MTA.
On the Internet, MTAs communicate with one another using the protocol SMTP, and so are logically called SMTP servers (or sometimes outgoing mail servers).
The recipient's MTA then delivers the email to the incoming mail server (called the MDA, for Mail Delivery Agent), which stores the email as it waits for the user to accept it.
There are two main protocols used for retrieving email on an MDA:
1. POP3 (Post Office Protocol), the older of the two, which is used for retrieving email and, in certain cases, leaving a copy of it on the server.
2. IMAP (Internet Message Access Protocol), which is used for coordinating the status of emails (read, deleted, moved) across multiple email clients.
With IMAP, a copy of every message is saved on the server, so that this synchronisation task can be completed.
Difference between Imap amd Pop :
The main difference, as far as we are concerned here, is the way in which IMAP or POP controls your e-mail inbox.
When you use IMAP you are accessing your inbox on the central mail server. IMAP does not actually move messages onto your computer.
You can think of an e-mail program using IMAP as a window to your messages on the server.
Although the messages appear on your computer while you work with them, they remain on the central mail server.
POP does the opposite. Instead of just showing you what is in your inbox on the U's mail server, it checks the server for new messages.
Downloads all the new messages in your inbox onto your computer, and then deletes them from the server.
This means that every time you use POP to view your new messages, they are no longer on the central mail server.
Figure 1 illustrates these concepts :
Because IMAP leaves all of your messages on the central mail server, you can view these messages from any location with Internet access.
This means the your e-mail inbox you view from home will be the same one you see at work.
Since POP downloads new messages to your computer and removes them from the server, you will not be able to see those new messages on another computer when you check your inbox.
Those messages exist only on the computer that downloaded them using POP.
However, if you use IMAP and create e-mail folders on the server, these folders are accessible from anywhere you read your e-mail using IMAP.
If you use POP and create e-mail folders, they are stored locally, and you cannot access these folders from anywhere except the computer on which you created them.
For these reasons,incoming mail servers are called POP servers or IMAP servers, depending on which protocol is used
To use a real-world analogy, MTAs act as the post office (the sorting area and mail carrier, which handle message transportation).
while MDAs act as mailboxes, which store messages (as much as their volume will allow) until the recipients check the box.
This means that it is not necessary for recipients to be connected in order for them to be sent email.
To keep everyone from checking other users' emails, MDA is protected by a user name called a login and by a password.
Retrieving mail is done using a software program called an MUA (Mail User Agent).
When the MUA is a program installed on the user's system, it is called an email client (such as Mozilla Thunderbird, Microsoft Outlook, Eudora Mail, Incredimail or Lotus Notes).
When it is a web interface used for interacting with the incoming mail server, it is called webmail.
Wednesday, 10 October 2012
Unauthorised access to database
While taking the output of the command mysqladmin proc stat, If you are getting logs like
056 | unauthenticated user | Ip address | | Connect | | Reading from net |
To avoid such problem add following lines in /etc/my.cnf file to avoid access for
unauthenticated user.
root@server [~]# vi /etc/my.cnf
skip-networking
skip-name-resolve
skip-host-cache
skip-locking
Now restart the mysql service and check mysql process logs again.
By doing this we are disabling networking in /etc/my.cnf
The only limitation would be the users are not able to connect to MYSQL using an external
connection MYSQL manager,But they can still use PHPMyAdmin via cpanel.
You can also block the Ip address using Csf :
Csf -d Ip address {unauthenticated mysql user}
Csf -r
Tuesday, 9 October 2012
Exim commands
Shows the total no of email in qmail
exim –bpc
Print a listing of the messages in the queue
exim -bp
Shows no of frozen emails
exim -bpr | grep frozen | wc -l
To remove FROZEN mails from the server
exim -bp | exiqgrep -i | xargs exim -Mrm
exiqgrep -z -i | xargs exim –Mrm
To shows the domain name and the no of emails sent by that domain
exim -bp | exiqsumm | more
Following command will show path to the script being utilized to send mail
ps -C exim -fH eww
ps -C exim -fH eww | grep home
cd /var/spool/exim/input/
egrep "X-PHP-Script" * -R
Check for spamming if anybody is using php script for sending mail through home
tail -f /var/log/exim_mainlog | grep home
If anyone is spamming from /tmp
tail -f /var/log/exim_mainlog | grep /tmp
To display the IP and no of tries done by the IP to send mail but rejected by the server.
tail -3000 /var/log/exim_mainlog |grep ‘rejected RCPT’ |awk ‘{print$4}’|awk -F\[ '{print $2} '|awk -F\] ‘{print $1} ‘|sort | uniq -c | sort -k 1 -nr | head -n 5
Shows the connections from a certain ip to the SMTP server
netstat -plan|grep :25|awk {‘print $5′}|cut -d: -f 1|sort|uniq -c|sort -nk 1
If spamming from outside domain then you can block that domain or email id on the server
pico /etc/antivirus.exim
Add the following lines:
if $header_from: contains “name@domain.com”
then
seen finish
endif
Following command will show you the maximum no of email currently in the mail queue have from or to the email address in the mail queue with exact figure.
exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” | sort | uniq -c | sort -n
That will show you the maximum no of email currently in the mail queue have for the domain or from the domain with number.
exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” |awk -F “@” ‘{ print $2}’ | sort | uniq -c | sort -n
Check if any php script is causing the mass mailing with
cd /var/spool/exim/input
egrep “X-PHP-Script” * -R
Just cat the ID that you get and you will be able to check which script is here causing problem for you.
To Remove particular email account email
exim -bpr |grep “ragnarockradio.org”|awk {‘print $3′}|xargs exim -Mrm
Reading Email header
exim -Mvh (ID)
To view a particular message body
exim - Mvb(ID)
To view mails under a particular user
exim -bp | grep alpha.com(domain)
To view the no of mails under a particular user
exim -bp | grep alpha.com(domain) | wc -l
To remove messages under the domain
exiqgrep -f (domain) -i | xargs exim -Mrm
To clear the Mail queue
exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash
Monday, 1 October 2012
Mencoder & Mplayer in Centos
Essential packages :
yum install libjpeg-devel libpng-devel libungif-devel pkgconfig libdv-devel
speex-devel libmad-devel lame-devel xvidcore-devel x264-devel libmpcdec-devel
faac-devel
Download the following archives:
wget -c http://www.mplayerhq.hu/MPlayer/releases/MPlayer-1.0rc1.tar.bz2
wget -c http://www.mplayerhq.hu/MPlayer/releases/codecs/all-20071007.tar.bz2
Install the codecs:
tar xjf all-20071007.tar.bz2
mkdir -p /usr/local/lib/codecs
cp -a all-20071007/* /usr/local/lib/codecs/
cd ..
Install mencoder and mplayer:
tar xjf MPlayer-1.0rc1.tar.bz2
cd MPlayer-1.0rc1
TMPDIR=/root ./configure --prefix=/usr/local
make
make install
Once finished mencoder will be installed in /usr/local/bin/mencoder, and mplayer in /usr/local/bin/mplayer.
If there is a problem with the ivtv libraries in 64 bit environments. Just try the whole process again without ivtv - you won't need it on a webserver anyway.
cd /path-to-mplayer-src/
make clean && make distclean
./configure --disable-ivtv
make && make install
Inorder to check whether Mplayer is working :
mplayer -v
ChkRootkit
chkrootkit (Check Rootkit) is a common Unix-based program intended to help system
administrators check their system for known rootkits. It is a shell script using common
UNIX/Linux tools like the strings and grep commands to search core system programs for signatures and for comparing a traversalof the /proc filesystem with the output of the ps (process status) command to look for discrepancies.
There are inherent limitations to the reliability
of any program that attempts to detect compromises (such as rootkits and computer
viruses). Newer rootkits may specifically attempt to detect and compromise copies of
the chkrootkit programs or take other measures to evade detection by them.
Follow these steps to install ChkRootKit :
cd /usr/local/src/
wget http://www.spenneberg.org/chkrootkit-mirror/files/chkrootkit.tar.gz
tar -xvzf chkrootkit.tar.gz
Change to new directory :
cd chkrootkit-* (select the version)
Compile chkrootkit :
make sense
Run chkrootkit :
./chkrootkit
To setup a daily scan report
-----------------------------
Load crontab :
crontab -e
Add this line to the top:
-----------------------------------------------------------------------------------
0 1 * * * (cd /usr/local/src/chkrootkit*; ./chkrootkit 2>&1 | mail -s “chkrootkit
output” email@domain.com)
-----------------------------------------------------------------------------------
Securing /tmp - Server Hardening
Before securing the tmp directories, we need to understand the importance of securing
it and why we are doing this. As you know that most of the application uses /tmp
directory for storing data temporarily. So this directory can be used by rootkits,
trojans if it’s not secured properly.These are steps to secure temp directories (/tmp,
/var/tmp, /dev/shm).
We’re going to secure temp direcotries with noexec,nosuid paramaters. Before that we
need to find out whether /tmp directories are already secured. You can check this by
executing the command mount and also checking the fstab entries.
Securing /tmp
-----------------
First we need to take a backup of your present fstab entries so that if anything goes
wrong we can change it back to the old configuration.
cp -p /etc/fstab /etc/fstab_bkp
Create a separate partition for /tmp. For that we need to create a separate device with
a certain space. The space allocation is actually depending on the apps running on your
machine. Here I’m creating a separate device of size 100M and formatting it with ext3
filesystem.
dd if=/dev/zero of=/dev/tmpFS bs=1024 count=100000
mke2fs –j /dev/tmpFS
Copying existing data which is in the /tmp directory to a sperate temporary directory.
cp –pRf /tmp /tmp_bkp
Mounting the new partition that we’ve created in the /tmp directory and setting the
necessary permissions.
mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
chmod 1777 /tmp
Copy the old data which is int /tmp_bkp directory to the new /tmp directory.
cp –pRf /tmp_bkp/* /tmp
Finally add the following entry to the fstab to make the changes permanent.
/dev/tmpFS /tmp ext3 loop,nosuid,noexec,rw 0 0
Now we’ve completed securing the /tmp directory.
Securing /var/tmp
--------------------
First move the contents of /var/tmp to a temporary location.
mv /var/tmp /var/tmp_bkp
Create a symlink of /var/tmp to the /tmp
ln –s /tmp /var/tmp
Lastly copy the contents back to the /tmp folder.
mv /var/tmp_bkp/* /var/tmp
Securing /dev/shm
---------------------
Edit your fstab entry and locate the line which specifies the mount point of shm.
vi /etc/fstab
And the line should be something like this.
tmpfs /dev/shm tmpfs defaults 0 0
You need to modify it with nosuid,noexec parameters.
tmpfs /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
After that remount /dev/shm
mount –o remount /dev/shm
Note: After securing the /tmp folder, you must restart the services (mysql) that uses /tmp.
.
Subscribe to:
Posts (Atom)