MyTrueHost launched Web Hosting for Indian clients just in Rs 60/Month with various payment options(netbanking, debit card, credit card,cash card or paypal).
Please Visit at https://www.mytruehost.in

How to install mod_evasive(DDOS protection tool) on 64 bit linux machine?

You should follow below steps :

========
cd /usr/local/src
wget http://www.sfr-fresh.com/unix/privat/mod_evasive_1.10.1.tar.gz
tar -zxvf mod_evasive_1.10.1.tar.gz
cd mod_evasive

For apache 2.0.x :

/usr/sbin/apxs -cia mod_evasive20.c //integrating with apache.

Then add these in httpd.conf :
DOSHashTableSize 3097
DOSPageCount 6
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600

 

For apache 1.3.x :

/usr/local/apache/bin/apxs -cia mod_evasive.c //integrating with apache.

Then add this too httpd.conf
DOSHashTableSize 3097
DOSPageCount 6
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600

========

That’s it. Try 🙂

 

How to install suPHP on linux server?

You should follow below steps :

=======================================
suPHP is a tool that allows PHP scripts to be executed with the permissions of their owners. By not running PHP script using web server’s user rights, suPHP increase the server security.

First install httpd-devel and compiler tools:
yum install httpd-devel gcc gcc-c++ make
Download suPHP source code and extract it
wget http://www.suphp.org/download/suphp-0.7.1.tar.gz
tar -xvzf suphp-0.7.1.tar.gz
cd suphp-0.7.1
Now we compile suPHP
./configure –with-apxs=/usr/sbin/apxs –with-apache-user=apache –with-logfile=/var/log/httpd/suphp_log –with-setid-mode=paranoid –sysconfdir=/etc –with-apr=/usr/bin/apr-1-config –with-php=/usr/bin/php-cgi –enable-SUPHP_USE_USERGROUP=yes

make
make install
Next create suphp.conf to configure Apache so it will call suPHP for interpreting PHP scripts
nano /etc/httpd/conf.d/suphp.conf
Add this configuration:
LoadModule suphp_module modules/mod_suphp.so
suPHP_Engine on
AddType application/x-httpd-php .php

suPHP_AddHandler application/x-httpd-php

Save the file and the next step is to disable mod_php configuration as we are now using suPHP
mv /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php.conf.disabled
After we finished with Apache configuration, next we create suphp.conf file which contain suPHP configuration
nano /etc/suphp.conf
and copy this to the new file:
[global]
;Path to logfile
logfile=/var/log/suphp.log

;Loglevel
loglevel=info

;User Apache is running as
webserver_user=apache

;Path all scripts have to be in
docroot=/var/www:${HOME}/public_html

;Path to chroot() to before executing script
;chroot=/mychroot

; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true

;Send minor error messages to browser
errors_to_browser=false

;PATH environment variable
env_path=/bin:/usr/bin

;Umask to set, specify in octal notation
umask=0077

; Minimum UID
min_uid=0

; Minimum GID
After Apache and suPHP is configured, we need to add suPHP_UserGroup option on each virtual hosting we hosted on the server. For example, the domain.com virtual host would look like:

DocumentRoot /home/user/public_html

allow from all
Options +Indexes

ServerName domain.com
ErrorLog /var/log/httpd/domain.com
LogLevel warn
suPHP_UserGroup user user

“user” should be replaced with the real username on your server who own the PHP scripts. Make sure all file owned by the “user” username otherwise you’ll get 500 error code (Internal Server Error).
Now let’s test the configuration
service httpd configtest
if everything is OK, restart the Apache server
=======================================

Try 🙂

 

How to install RMS(Ray Media Server) server on 64 bit linux machine?

You should follow below steps :

====================
cd /usr/local
mkdir RMS
cd RMS
wget http://get.boonex.com/RMS-LINUX-v.7.0
tar xzvf RMS-LINUX-v.7.0

Steps for configuring RMS :

1. access.dat – input all domain names which will be allowed to access RMS. Every domain name should be written on a separate line and should not contain “http://” and “www”, just yourdomain.com;
2. .in red5.sh (UNIX only) – set the value for JAVA_HOME variable. It should be the path to the folder where JRE is installed. For example:
JAVA_HOME=/opt/ray_server/jre1.x; or /usr/local/jdk_1.6.0 or /usr/java/jdk1.6.0_05

Note : java might not be installed on the server. I have published another article about the jdk installation and you can get help from there.

3. in run_daemon.sh (UNIX only) – set the value for RAY_SERVER_PATH variable. It should be the path to the RMS folder on your server. For example:

RAY_SERVER_PATH=/opt/ray_server; in my case RAY_SERVER_PATH=/usr/local/src/RMS_7.0

4. change the IP addresses in the files located in

path_to_rms/webapps/widget_name/WEB-INF/red5-web.properties

where “path_to_rms” stands for path to your Ray Media Server folder, and “widget_name” stands for board, chat, im, video and global (“global” is only for 3.5 version). For example: open

/opt/ray_server/webapps/chat/WEB-INF/red5.properties or /usr/local/src/RMS_7.0/webapps/chat/WEB-INF/red5-web.properties and replace the following line:

webapp.virtualHosts=0.0.0.0 with webapp.virtualHosts=server ip address
5. RMS Test launch: ./red5.sh
6. RMS runtime : ./run_daemon.sh
7. set the following lines in /etc/rc.local
cd /usr/local/src/RMS_7.0
./run_daemon.sh &
======================

That’s it try 🙂



Install xen virtual server on linux platform

Install xen virtual server on linux platform

Before installing xen on the linux (centos or Redhat), please check the compatiblity. Then check whether the server has already installed xen. There packages should be checked. I checked using RPM.

.1 xenserver# rpm -qa |grep xen 
xen-libs-3.1.0-13.el5 
xen-3.1.0-13.el5 
xenserver #rpm -qa |grep kernel-xen 
kernel-xen-2.6.21-2950.el5
xenserver-dev #rpm –qa |fgrep virt-manager //for GUI 
virt-manager-0.5.2-2.el5

Install :
1.
xenserver# yum install xen 
xenserver # yum install kernel-xen 
xenserver # yum install virt-manager

2. Edit default=1 in /boot/grub/grub.conf and make sure xen kernel will load. 
3. Reboot system : [root@xenserver]# init 6
4. check kernel :
[root@xenserver]# uname -r 
2.6.21-2950.el5xen
=====
To check if Xen is running use xm from command line: 
[root@xensever]# xm list
Now you can create Xen virtual machines using Xen command lines or xen GUI (virt-manager): 

[xenserver@ldev ~]# virt-manager



Linux Kernel Security Hardening /etc/sysctl.conf

Sysctl is an interface that allows you to make changes to a running Linux kernel. With /etc/sysctl.conf you can configure various Linux networking and system settings such as…

1. Limit network-transmitted configuration for IPv4
2. Limit network-transmitted configuration for IPv6
3. Turn on execshield protection
4. Prevent against the common ‘syn flood attack’
5. Turn on source IP address verification
6. Prevents a cracker from using a spoofing attack against the IP address of the server.
7. Logs several types of suspicious packets, such as spoofed packets, source-routed packets, and redirects.

Sysctl command:
The sysctl command is used to modify kernel parameters at runtime. /etc/sysctl.conf is a text file containing sysctl values to be read in and set by sysct at boot time. To view current values, enter:

# sysctl -a
# sysctl -A
# sysctl mib
# sysctl net.ipv4.conf.all.rp_filter

To load settings, enter: # sysctl -p

Sample /etc/sysctl.conf

Edit /etc/sysctl.confand update it as follows. I would recommend reading the
official Linux kernel sysctl tuning help file (see below):

=================================================================
# The following is suitable for dedicated web server, mail, ftp server etc.
# ---------------------------------------
# BOOLEAN Values:
# a) 0 (zero) - disabled / no / false
# b) Non zero - enabled / yes / true
# --------------------------------------
# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
#net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 2

########## IPv4 networking start ##############
# Send redirects, if router, but this is just server
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0

# Accept packets with SRR option? No
net.ipv4.conf.all.accept_source_route = 0

# Accept Redirects? No, this is not router
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0

# Log packets with impossible addresses to kernel log? yes
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.secure_redirects = 0

# Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Prevent against the common 'syn flood attack'
net.ipv4.tcp_syncookies = 1

# Enable source validation by reversed path, as specified in RFC1812
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

########## IPv6 networking start ##############
# Number of Router Solicitations to send until assuming no routers are present.
# This is host and not router
net.ipv6.conf.default.router_solicitations = 0

# Accept Router Preference in RA?
net.ipv6.conf.default.accept_ra_rtr_pref = 0

# Learn Prefix Information in Router Advertisement
net.ipv6.conf.default.accept_ra_pinfo = 0

# Setting controls whether the system will accept Hop Limit settings
# from a router advertisement
net.ipv6.conf.default.accept_ra_defrtr = 0

#router advertisements can cause the system to assign a global unicast
#address to an interface
net.ipv6.conf.default.autoconf = 0

#how many neighbor solicitations to send out per address?
net.ipv6.conf.default.dad_transmits = 0

# How many global unicast IPv6 addresses can be assigned to each interface?
net.ipv6.conf.default.max_addresses = 1

########## IPv6 networking ends ##############

#Enable ExecShield protection
kernel.exec-shield = 1
kernel.randomize_va_space = 1

# TCP and memory optimization
# increase TCP max buffer size setable using setsockopt()
#net.ipv4.tcp_rmem = 4096 87380 8388608
#net.ipv4.tcp_wmem = 4096 87380 8388608

# increase Linux auto tuning TCP buffer limits
#net.core.rmem_max = 8388608
#net.core.wmem_max = 8388608
#net.core.netdev_max_backlog = 5000
#net.ipv4.tcp_window_scaling = 1

# increase system file descriptor limit
fs.file-max = 65535

#Allow for more PIDs
kernel.pid_max = 65536

#Increase system IP port limits
net.ipv4.ip_local_port_range = 2000 65000

=================================================================

							

Repairing corrupted mysql database

Sometimes it happens that your database get corrupted due to many reason like it does nto get restored properly or server get rebooted while updating database etc…. and you have tried to repait it using phpmyadmin and it does shows that it has repaired but it is not.

Solution :

Login to server with root access

Stop mysql using following command

/etc/init.d/mysql stop

Run following command to check all teh tables in teh database

/usr/bin/myisamchk /var/lib/mysql/databasename/*.MYI

Run following command to repair all teh tables in the database

/usr/bin/myisamchk -r /var/lib/mysql/databasename/*.MYI

Then recheck again using following command

/usr/bin/myisamchk /var/lib/mysql/databasename/*.MYI

Restrart MySql service using following command

/etc/init.d/mysql restart



 

Mysql error : Can’t create new tempfile: ‘*.TMD file

If you are getting error like Can’t create new tempfile: ‘tablesname.TMD file error while repairing corrupted database tables please try use following command to fix it.

Solution : 

You need to just run below command on the shell.

# myisamchk -r -f  tables.MYI

Thats all.

 

 


How to Enable html view for horde?

Login to shell using root user and follow the following steps to enable HTML view of horde webmail.

root@server[~]# vi /usr/local/cpanel/base/horde/imp/config/mime_drivers.php

Search for the line
—-
/**
* HTML driver settings
*/
$mime_drivers[‘imp’][‘html’][‘inline’] = false;
—–

and replace it with

——–
/**
* HTML driver settings
*/
$mime_drivers[‘imp’][‘html’][‘inline’] = true;
——–
Save the changes and restart the following services.
root@server[~]#service cpanel restart
root@server[~]#/scripts/restartsrv_courier

 

Not able to login to Horde?

Many times it happens that horde wont allow user to login to webmail.

Try following command to fix the issue

root@server[~]#/usr/local/cpanel/bin/checkperlmodules
root@server[~]#/scripts/fullhordereset
root@server[~]#myisamchk -r /var/lib/mysql/horde/horde_sessionhandler.MYI

If still you have problem then check the ownership for session directory present in /var/cpanel/userhomes/cpanelhorde directory.

root@server[~]#ll /var/cpanel/userhomes/cpanelhorde
drwx–x–x 4 cpanelhorde cpanelhorde 4096 Jun 5 2009 ./
drwx–x–x 7 root root 4096 Dec 17 01:48 ../
drwxr-x— 2 cpanelhorde cpanelhorde 4096 Jun 5 2009 mail/
drwx—— 2 cpanelhorde cpanelhorde 4096 Jan 27 14:01 sessions/

Session directory should be cpanelhorde.cpanelhorde ownership recursively

 

How to enable alternate port for exim?

Exim is a mail transfer agent (MTA) used on Linux/Unix-like operating systems. It is freely available under the GNU GPL and it aims to be a general and flexible mailer with extensive facilities for checking incoming e-mail.

Normally default port for exim is 25. but most of the ISP block port 25. so it is necessary that an altername port for exim is open on server. Following are the steps to configure alternate port on cpanel/WHM installed on the server.

1) Login to WHM as root.

2) In WHM click on  Main >> Service Configuration >> Service Manager

3) Now tick the check box under Exim on another port and also enter the alternate port no: in the corresponding text box.