exim failed @ A restart was attempted automagically.
Service Check Method: [tcp connect]
Failure Reason: TCP Transaction Log:
<< 220-serverX.xxx-xxxxxxxx.net ESMTP Exim 4.69 #12008 14:58:20 +0000
<<
<<
>> EHLO localhost
<< 250-serverx.xxx-xxxxxxxxxxx.net Hello localhost [127.0.0.1]
<<
<<
<<
<<
<<
>> AUTH PLAIN AF9fY3BhbmVsX19zZXJ2aWNlX19hdXRoX19leGltX19IY3VsTE dXcFpDNU1XM1c2OVU4dmdGSUlyQllwcHpuSVJwQVllYXhlVlh5 VU1FRmx5Slg0YVlVV2JEbkJYcmpVAHBFTlh0eGtMdkNsRkJvZ3 ROd0xZVVhTNlNWRlBHMUR6VEZBTG1naUFzQTc4Y0FlMW5HaHI4 VXBoa1R0N1FJa0U=
<< 535 Incorrect authentication data
exim: ** [535 Incorrect authentication data != 2]
Cmd Service Check Raw Output:
Here is the fix.
go to /var/cpanel/serviceauth/
remove the directory exim
cd /var/cpanel/serviceauth/
rm -rf exim
Restart Cpanel.
/etc/rc.d/init.d/cpanel restart
The folder exim will be recreated…
that should fix the issue.
Tuesday, October 27, 2009
Thursday, October 15, 2009
CAPTCAH (sample code..)
# CAPTCAH_sample code
#####################
$my_img = imagecreate( 200, 80 );
$background = imagecolorallocate( $my_img, 0, 0, 255 );
$text_colour = imagecolorallocate( $my_img, 255, 255, 0 );
$line_colour = imagecolorallocate( $my_img, 128, 255, 0 );
imagestring( $my_img, 4, 30, 25, "thesitewizard.com",
$text_colour );
imagesetthickness ( $my_img, 5 );
imageline( $my_img, 30, 45, 165, 45, $line_colour );
header( "Content-type: image/png" );
imagepng( $my_img );
imagecolordeallocate( $line_color );
imagecolordeallocate( $text_color );
imagecolordeallocate( $background );
imagedestroy( $my_img );
?>
http://www.thesitewizard.com/php/create-image.shtml
#####################
$my_img = imagecreate( 200, 80 );
$background = imagecolorallocate( $my_img, 0, 0, 255 );
$text_colour = imagecolorallocate( $my_img, 255, 255, 0 );
$line_colour = imagecolorallocate( $my_img, 128, 255, 0 );
imagestring( $my_img, 4, 30, 25, "thesitewizard.com",
$text_colour );
imagesetthickness ( $my_img, 5 );
imageline( $my_img, 30, 45, 165, 45, $line_colour );
header( "Content-type: image/png" );
imagepng( $my_img );
imagecolordeallocate( $line_color );
imagecolordeallocate( $text_color );
imagecolordeallocate( $background );
imagedestroy( $my_img );
?>
http://www.thesitewizard.com/php/create-image.shtml
Cron
for every 5 minutes
*/5 * * * *
Cron is UNIX/Linux service or daemon to execute scheduled commands. It is also known as the clock daemon that executes commands at specified dates and times according to instructions in a file.
Generally, crontab uses a daemon, crond, which runs constantly in the background and checks once a minute to see if any of the scheduled jobs need to be executed. If so, it executes them. These jobs are generally referred to as cron jobs.
Cron is controlled by a set of files called "crontabs". There is the master file in /etc/crontab. Each users cronjob is stored in /var/spool/cron/username directory.
Editing Crontab or setting up your own job
Just type following command:
$ crontab -e
daemon
A process that runs in the background and performs a specified operation at predefined times or in response to certain events.
Cron job are used to schedule commands to be executed periodically i.e. to setup commands which will repeatedly run at a set time, you can use the cron jobs.
crontab is the command used to install, deinstall or list the tables used to drive the cron daemon in Vixie Cron. Each user can have their own crontab, and though these are files in /var/spool/cron/crontabs, they are not intended to be edited directly. You need to use crontab command for editing or setting up your own cron jobs.
To edit your crontab file, type the following command:
$ crontab -e
Syntax of crontab
Your cron job looks like as follows:
1 2 3 4 5 /path/to/command arg1 arg2
Where,
1: Minute (0-59)
2: Hours (0-23)
3: Day (0-31)
4: Month (0-12 [12 == December])
5: Day of the week(0-7 [7 or 0 == sunday])
/path/to/command - Script or command name to schedule
Same above five fields structure can be easily remembered with following diagram:
* * * * * command to be executed
- - - - -
| | | | |
| | | | ----- Day of week (0 - 7) (Sunday=0 or 7)
| | | ------- Month (1 - 12)
| | --------- Day of month (1 - 31)
| ----------- Hour (0 - 23)
------------- Minute (0 - 59)
Example(s)
If you wished to have a script named /root/backup.sh run every day at 3am, my crontab entry would look like as follows:
(a) Install your cronjob:# crontab -e(b)Append following entry:0 3 * * * /root/backup.shRun five minutes after midnight, every day:5 0 * * * /path/to/commandRun at 2:15pm on the first of every month:15 14 1 * * /path/to/commandRun at 10 pm on weekdays: 0 22 * * 1-5 /path/to/command Run 23 minutes after midnigbt, 2am, 4am ..., everyday:23 0-23/2 * * * /path/to/commandRun at 5 after 4 every sunday:5 4 * * sun /path/to/command
Use of operators
An operator allows you to specifying multiple values in a field. There are three operators:
The asterisk (*) : This operator specifies all possible values for a field. For example, an asterisk in the hour time field would be equivalent to every hour or an asterisk in the month field would be equivalent to every month.
The comma (,) : This operator specifies a list of values, for example: "1,5,10,15,20, 25".
The dash (-) : This operator specifies a range of values, for example: "5-15" days , which is equivalent to typing "5,6,7,8,9,....,13,14,15" using the comma operator.
How do I disabling Email output?
By default the output of a command or a script (if any produced), will be email to your local email account. To stop receiving email output from crontab you need to append >/dev/null 2>&1. For example:0 3 * * * /root/backup.sh >/dev/null 2>&1To mail output to particluer email account let us say vivek@nixcraft.in you need to define MAILTO variable to your cron job:MAILTO="vivek@nixcraft.in"
0 3 * * * /root/backup.sh >/dev/null 2>&1
Task:To list your crontab jobs use the command
Type the following command:# crontab -lTo remove or erase all crontab jobs use the command:# crontab -r
Use special string to save time
Instead of the first five fields, you can use any one of eight special strings. It will not just save your time but it will improve readability.
Special string
Meaning
@reboot
Run once, at startup.
@yearly
Run once a year, "0 0 1 1 *".
@annually
(same as @yearly)
@monthly
Run once a month, "0 0 1 * *".
@weekly
Run once a week, "0 0 * * 0".
@daily
Run once a day, "0 0 * * *".
@midnight
(same as @daily)
@hourly
Run once an hour, "0 * * * *".
Run ntpdate every hour:
@hourly /path/to/ntpdate
Make a backup everyday:
@daily /path/to/backup/script.sh
Understanding /etc/crontab file and /etc/cron.d/* directories
/etc/crontab is system crontabs file. Usually only used by root user or daemons to configure system wide jobs. All individual user must must use crontab command to install and edit their jobs as described above. /var/spool/cron/ or /var/cron/tabs/ is directory for personal user crontab files. It must be backup with users home directory.
Typical /etc/crontab file entries:
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
Additionally, cron reads the files in /etc/cron.d/ directory. Usually system daemon such as sa-update or sysstat places their cronjob here. As a root user or superuser you can use following directories to configure cronjobs. You can directly drop your scripts here. run-parts command run scripts or programs in a directory via /etc/crontab
Directory
Description
/etc/cron.d/
Put all scripts here and call them from /etc/crontab file.
/etc/cron.daily/
Run all scripts once a day
/etc/cron.hourly/
Run all scripts once an hour
/etc/cron.monthly/
Run all scripts once a month
/etc/cron.weekly/
Run all scripts once a week
How do I use above directories to put scripts?
Here is a sample shell script (clean.cache) to clean up cached files every 10 days. This script is directly created at /etc/cron.daliy/ directory i.e. create a file called /etc/cron.daily/clean.cache:
#!/bin/bash
CROOT="/tmp/cachelighttpd/"
DAYS=10
LUSER="lighttpd"
LGROUP="lighttpd"
# start cleaning
/usr/bin/find ${CROOT} -type f -mtime +${DAYS} | xargs -r /bin/rm
# if directory deleted by some other script just get it back
if [ ! -d $CROOT ]
then
/bin/mkdir -p $CROOT
/bin/chown ${LUSER}:${LGROUP} ${CROOT}
fi
Cron (crond) daemon or service is use to execute scheduled commands or scripts. cron wakes up every minute, examining all stored crontabs, checking each command to see if it should be rhttp://www.ofc-clan.com/adultsun in the current minute.
If you are using Redhat (RHEL)/Fedora Core/Cent OS Linux use the following commands.
Task: Start cron service
To start the cron service, use:
# /etc/init.d/crond start
Task: Stop cron service
To stop the cron service, use:
# /etc/init.d/crond stop
Task: Restart cron service
To restart the cron service, use:
# /etc/init.d/crond restart
If you are using Debian or Ubuntu Linux the following commands.
Task: Start cron service
To start the cron service, use:
# /etc/init.d/cron start
OR
$ sudo /etc/init.d/cron start
Task: Stop cron service
To stop the cron service, use:
# /etc/init.d/cron stop
OR
$ sudo /etc/init.d/cron stop
Task: Restart cron service
To restart the cron service, use:
# /etc/init.d/cron restart
OR
$ sudo /etc/init.d/cron restart
Task : Start the cron service at boot time
It is recommended that you start the service at boot time so that job can run w/o problems.
If you are using Redhat (RHEL)/Fedora Core/Cent OS Linux use the following commands to ensure that the service remains enabled after a reboot:
# chkconfig crond on
You can use text based GUI tool called ntsysv:
# ntsysv
If you are using Debian or Ubuntu Linux use the following commands to ensure that the service remains enabled after a reboot:
# rcconf
OPR
$ sudo rcconf
You can use command line tool update-rc.d:
# update-rc.d cron defaults
OR
$ sudo update-rc.d cron defaults
crontab -e
Edit your crontab file.
crontab -l
Show your crontab file.
crontab -r
Remove your crontab file.
*/5 * * * *
Cron is UNIX/Linux service or daemon to execute scheduled commands. It is also known as the clock daemon that executes commands at specified dates and times according to instructions in a file.
Generally, crontab uses a daemon, crond, which runs constantly in the background and checks once a minute to see if any of the scheduled jobs need to be executed. If so, it executes them. These jobs are generally referred to as cron jobs.
Cron is controlled by a set of files called "crontabs". There is the master file in /etc/crontab. Each users cronjob is stored in /var/spool/cron/username directory.
Editing Crontab or setting up your own job
Just type following command:
$ crontab -e
daemon
A process that runs in the background and performs a specified operation at predefined times or in response to certain events.
Cron job are used to schedule commands to be executed periodically i.e. to setup commands which will repeatedly run at a set time, you can use the cron jobs.
crontab is the command used to install, deinstall or list the tables used to drive the cron daemon in Vixie Cron. Each user can have their own crontab, and though these are files in /var/spool/cron/crontabs, they are not intended to be edited directly. You need to use crontab command for editing or setting up your own cron jobs.
To edit your crontab file, type the following command:
$ crontab -e
Syntax of crontab
Your cron job looks like as follows:
1 2 3 4 5 /path/to/command arg1 arg2
Where,
1: Minute (0-59)
2: Hours (0-23)
3: Day (0-31)
4: Month (0-12 [12 == December])
5: Day of the week(0-7 [7 or 0 == sunday])
/path/to/command - Script or command name to schedule
Same above five fields structure can be easily remembered with following diagram:
* * * * * command to be executed
- - - - -
| | | | |
| | | | ----- Day of week (0 - 7) (Sunday=0 or 7)
| | | ------- Month (1 - 12)
| | --------- Day of month (1 - 31)
| ----------- Hour (0 - 23)
------------- Minute (0 - 59)
Example(s)
If you wished to have a script named /root/backup.sh run every day at 3am, my crontab entry would look like as follows:
(a) Install your cronjob:# crontab -e(b)Append following entry:0 3 * * * /root/backup.shRun five minutes after midnight, every day:5 0 * * * /path/to/commandRun at 2:15pm on the first of every month:15 14 1 * * /path/to/commandRun at 10 pm on weekdays: 0 22 * * 1-5 /path/to/command Run 23 minutes after midnigbt, 2am, 4am ..., everyday:23 0-23/2 * * * /path/to/commandRun at 5 after 4 every sunday:5 4 * * sun /path/to/command
Use of operators
An operator allows you to specifying multiple values in a field. There are three operators:
The asterisk (*) : This operator specifies all possible values for a field. For example, an asterisk in the hour time field would be equivalent to every hour or an asterisk in the month field would be equivalent to every month.
The comma (,) : This operator specifies a list of values, for example: "1,5,10,15,20, 25".
The dash (-) : This operator specifies a range of values, for example: "5-15" days , which is equivalent to typing "5,6,7,8,9,....,13,14,15" using the comma operator.
How do I disabling Email output?
By default the output of a command or a script (if any produced), will be email to your local email account. To stop receiving email output from crontab you need to append >/dev/null 2>&1. For example:0 3 * * * /root/backup.sh >/dev/null 2>&1To mail output to particluer email account let us say vivek@nixcraft.in you need to define MAILTO variable to your cron job:MAILTO="vivek@nixcraft.in"
0 3 * * * /root/backup.sh >/dev/null 2>&1
Task:To list your crontab jobs use the command
Type the following command:# crontab -lTo remove or erase all crontab jobs use the command:# crontab -r
Use special string to save time
Instead of the first five fields, you can use any one of eight special strings. It will not just save your time but it will improve readability.
Special string
Meaning
@reboot
Run once, at startup.
@yearly
Run once a year, "0 0 1 1 *".
@annually
(same as @yearly)
@monthly
Run once a month, "0 0 1 * *".
@weekly
Run once a week, "0 0 * * 0".
@daily
Run once a day, "0 0 * * *".
@midnight
(same as @daily)
@hourly
Run once an hour, "0 * * * *".
Run ntpdate every hour:
@hourly /path/to/ntpdate
Make a backup everyday:
@daily /path/to/backup/script.sh
Understanding /etc/crontab file and /etc/cron.d/* directories
/etc/crontab is system crontabs file. Usually only used by root user or daemons to configure system wide jobs. All individual user must must use crontab command to install and edit their jobs as described above. /var/spool/cron/ or /var/cron/tabs/ is directory for personal user crontab files. It must be backup with users home directory.
Typical /etc/crontab file entries:
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
Additionally, cron reads the files in /etc/cron.d/ directory. Usually system daemon such as sa-update or sysstat places their cronjob here. As a root user or superuser you can use following directories to configure cronjobs. You can directly drop your scripts here. run-parts command run scripts or programs in a directory via /etc/crontab
Directory
Description
/etc/cron.d/
Put all scripts here and call them from /etc/crontab file.
/etc/cron.daily/
Run all scripts once a day
/etc/cron.hourly/
Run all scripts once an hour
/etc/cron.monthly/
Run all scripts once a month
/etc/cron.weekly/
Run all scripts once a week
How do I use above directories to put scripts?
Here is a sample shell script (clean.cache) to clean up cached files every 10 days. This script is directly created at /etc/cron.daliy/ directory i.e. create a file called /etc/cron.daily/clean.cache:
#!/bin/bash
CROOT="/tmp/cachelighttpd/"
DAYS=10
LUSER="lighttpd"
LGROUP="lighttpd"
# start cleaning
/usr/bin/find ${CROOT} -type f -mtime +${DAYS} | xargs -r /bin/rm
# if directory deleted by some other script just get it back
if [ ! -d $CROOT ]
then
/bin/mkdir -p $CROOT
/bin/chown ${LUSER}:${LGROUP} ${CROOT}
fi
Cron (crond) daemon or service is use to execute scheduled commands or scripts. cron wakes up every minute, examining all stored crontabs, checking each command to see if it should be rhttp://www.ofc-clan.com/adultsun in the current minute.
If you are using Redhat (RHEL)/Fedora Core/Cent OS Linux use the following commands.
Task: Start cron service
To start the cron service, use:
# /etc/init.d/crond start
Task: Stop cron service
To stop the cron service, use:
# /etc/init.d/crond stop
Task: Restart cron service
To restart the cron service, use:
# /etc/init.d/crond restart
If you are using Debian or Ubuntu Linux the following commands.
Task: Start cron service
To start the cron service, use:
# /etc/init.d/cron start
OR
$ sudo /etc/init.d/cron start
Task: Stop cron service
To stop the cron service, use:
# /etc/init.d/cron stop
OR
$ sudo /etc/init.d/cron stop
Task: Restart cron service
To restart the cron service, use:
# /etc/init.d/cron restart
OR
$ sudo /etc/init.d/cron restart
Task : Start the cron service at boot time
It is recommended that you start the service at boot time so that job can run w/o problems.
If you are using Redhat (RHEL)/Fedora Core/Cent OS Linux use the following commands to ensure that the service remains enabled after a reboot:
# chkconfig crond on
You can use text based GUI tool called ntsysv:
# ntsysv
If you are using Debian or Ubuntu Linux use the following commands to ensure that the service remains enabled after a reboot:
# rcconf
OPR
$ sudo rcconf
You can use command line tool update-rc.d:
# update-rc.d cron defaults
OR
$ sudo update-rc.d cron defaults
crontab -e
Edit your crontab file.
crontab -l
Show your crontab file.
crontab -r
Remove your crontab file.
SPF record
The spf record is in the zone file
=====================
To publish SPF, a domain has to add only one line to its zone file. That line is a TXT record, and you can publish it today. Let's see what the TXT record looks like.
SPF by Example
Suppose example.com wants to publish SPF. It expects MTAs everywhere to read its SPF record and use it to reject forgery attempts. It hopes SPF reduces the volume of joe-job bounces and bogus abuse reports. So it adds the following line to its zone file:
example.com. IN TXT "v=spf1 a mx ptr -all"
The v=spf1 version string identifies this as an SPF record. The -all means reject all mail by default. Domains that don't send any mail, such as altavista.com, can get by with simply v=spf1 -all. But if the domain does send mail, it declares mechanisms that describe how legitimate mail should look. Mechanisms go in the middle, before -all. The first mechanism to match provides a result for the SPF query. -all always matches and so belongs at the end.
Basic SPF
A: the A mechanism means the IP address of example.com is permitted to send mail from example.com. If you want to say the IP address of some-other.com is permitted, you can say a:some-other.com. You can use as many A mechanisms as you want.
MX: the MX mechanism means the MX servers for example.com all are permitted to send mail from example.com. If you want to say the MX servers for some-other.com are permitted, you can say mx:some-other.com. You can use as many MX mechanisms as you want.
PTR: the PTR mechanism says if a host has a PTR record that ends in example.com, it is permitted to send mail from example.com. This would be a good choice for Yahoo, whose mail server names all end in yahoo.com. It would be a bad choice for a broadband provider like Comcast. If you want to say servers whose names end in some-other.com are permitted to send mail from example.com, you can say ptr:some-other.com. You can use as many PTR mechanisms as you want.
IP4: to say the class C network of 192.0.2.0 is permitted to send mail from example.com, you would write ip4:192.0.2.0/24.
Mechanisms are interpreted left-to-right. Using v=spf1 a mx ptr -all first would check whether the connecting client was found in the A record for the domain or, failing that, in its list of MX servers. Then the MTA would check to see whether the hostname of the client matched the domain. If none of the mechanisms matched, -all would be evaluated, the result would be fail and the MTA would be justified in rejecting the mail.
A, MX, PTR and IP4 are enough for the overwhelming majority of domains. The setup wizard at spf.pobox.com/wizard.html can help you configure SPF for your domain. But if your situation is complex, you can use the mechanisms described in the “Advanced SPF” sidebar.
====================
MAILING PROBLEM
==============
The above specifes that this is an SPF record for mydomain.com:
v=spf1 - a required header that indicates this is an spf record
a - the A record for mydomain.com is allowed to send email
mx - the MX record for mydomain.com is allowed to send email
~all - all other mailservers trying to send mail will return a code of "softfail". The mail will still go through, however it will be a suspect message
If you wished to allow another server to send mail through that had the hostname of mail2.mydomain.com, you would modify the record thusly:
mydomain.com IN TXT "v=spf1 a mx a:mail2.mydomain.com ~all"
Also, if you wish to give a hard fail, and only allow those servers to send mail, the record would look like:
mydomain.com IN TXT "v=spf1 a mx a:mail2.mydomain.com -all"
==============
=====================
To publish SPF, a domain has to add only one line to its zone file. That line is a TXT record, and you can publish it today. Let's see what the TXT record looks like.
SPF by Example
Suppose example.com wants to publish SPF. It expects MTAs everywhere to read its SPF record and use it to reject forgery attempts. It hopes SPF reduces the volume of joe-job bounces and bogus abuse reports. So it adds the following line to its zone file:
example.com. IN TXT "v=spf1 a mx ptr -all"
The v=spf1 version string identifies this as an SPF record. The -all means reject all mail by default. Domains that don't send any mail, such as altavista.com, can get by with simply v=spf1 -all. But if the domain does send mail, it declares mechanisms that describe how legitimate mail should look. Mechanisms go in the middle, before -all. The first mechanism to match provides a result for the SPF query. -all always matches and so belongs at the end.
Basic SPF
A: the A mechanism means the IP address of example.com is permitted to send mail from example.com. If you want to say the IP address of some-other.com is permitted, you can say a:some-other.com. You can use as many A mechanisms as you want.
MX: the MX mechanism means the MX servers for example.com all are permitted to send mail from example.com. If you want to say the MX servers for some-other.com are permitted, you can say mx:some-other.com. You can use as many MX mechanisms as you want.
PTR: the PTR mechanism says if a host has a PTR record that ends in example.com, it is permitted to send mail from example.com. This would be a good choice for Yahoo, whose mail server names all end in yahoo.com. It would be a bad choice for a broadband provider like Comcast. If you want to say servers whose names end in some-other.com are permitted to send mail from example.com, you can say ptr:some-other.com. You can use as many PTR mechanisms as you want.
IP4: to say the class C network of 192.0.2.0 is permitted to send mail from example.com, you would write ip4:192.0.2.0/24.
Mechanisms are interpreted left-to-right. Using v=spf1 a mx ptr -all first would check whether the connecting client was found in the A record for the domain or, failing that, in its list of MX servers. Then the MTA would check to see whether the hostname of the client matched the domain. If none of the mechanisms matched, -all would be evaluated, the result would be fail and the MTA would be justified in rejecting the mail.
A, MX, PTR and IP4 are enough for the overwhelming majority of domains. The setup wizard at spf.pobox.com/wizard.html can help you configure SPF for your domain. But if your situation is complex, you can use the mechanisms described in the “Advanced SPF” sidebar.
====================
MAILING PROBLEM
==============
The above specifes that this is an SPF record for mydomain.com:
v=spf1 - a required header that indicates this is an spf record
a - the A record for mydomain.com is allowed to send email
mx - the MX record for mydomain.com is allowed to send email
~all - all other mailservers trying to send mail will return a code of "softfail". The mail will still go through, however it will be a suspect message
If you wished to allow another server to send mail through that had the hostname of mail2.mydomain.com, you would modify the record thusly:
mydomain.com IN TXT "v=spf1 a mx a:mail2.mydomain.com ~all"
Also, if you wish to give a hard fail, and only allow those servers to send mail, the record would look like:
mydomain.com IN TXT "v=spf1 a mx a:mail2.mydomain.com -all"
==============
ERROR: Unknown IMAP response.
ERROR: Unknown IMAP response.
Query: FETCH 18678:18679,18681:18682,18692,18699:18702,18704,18709:18715,18720,18727,18732,18735,18738,18741,18743,18746,18750:18751,18753:18807,18809,18811:18813,18815:18819,18824:18832 (FLAGS UID RFC822.SIZE INTERNALDATE BODY.PEEK[HEADER.FIELDS (Date To Cc From Subject X-Priority Importance Priority Content-Type)])
Server responded:
/scripts/courierup --force ---------->the problem is due to the connection problem of courierup
/usr/local/cpanel/bin/update-horde --force
Query: FETCH 18678:18679,18681:18682,18692,18699:18702,18704,18709:18715,18720,18727,18732,18735,18738,18741,18743,18746,18750:18751,18753:18807,18809,18811:18813,18815:18819,18824:18832 (FLAGS UID RFC822.SIZE INTERNALDATE BODY.PEEK[HEADER.FIELDS (Date To Cc From Subject X-Priority Importance Priority Content-Type)])
Server responded:
/scripts/courierup --force ---------->the problem is due to the connection problem of courierup
/usr/local/cpanel/bin/update-horde --force
Linux overall
To check whether the port is listening:
lsof -i tcp:80
nmap localhost
cat /usr/local/apache/logs/error_log | grep domain.com
crontab -e
netstat -nap | wc -l
du -sh *
ls -lart
netstat -tn | grep :80 | awk '{print $5}' | cut -f1 -d: | sort | uniq -c | sort -rn | head
iptables -nL | grep 192.168.1.1
iptables -I INPUT -s 209.151.224.237 -j DROP
iptables -I INPUT -s 209.151.224.237 -j ACCEPT
iptables -D INPUT -s 209.151.224.237 -j DROP
grep deepinto /etc/userdomains
grep deepinto /etc/trueuserdomains
grep deepinto /etc/trueuserdomains
tail -f /var/log/exim_mainlog | grep
vi /etc/valiases/domain.com
pidof httpd
pgrep httpd
chown noble.noble test.php
cd -
vi /usr/local/apache/conf/httpd.conf
tail -f /usr/local/apache/logs/error_log
tail -f /usr/local/apache/logs/suexec_log
tail -f /usr/local/apache/logs/modsec_audit.log
tail -f /usr/local/apache/logs/modsec_debug_log
tail -f /usr/local/apache/logs/modsec_debug.log
grant all privileges on db.* to uesrname@'localhost' identified by 'password'
grant all privileges on db.* to uesrname@'%' identified by 'password'
find . -type f -name "*.corrupted" -exec rm -f {} \;
for i in `cat iframe.txt`; do sed -i.bak.hak 's///' $i; done
uzip filename.zip
gunzip filename.zip
grep config* */*/*/*/*
mysqldump tobhadr_idearich > tobhadr_idearich.sql
find -type d -exec chmod 0755 {} \;
script
fc -l
stty
tty
===========================================================================================================
Exim Commands
exim -bpc [No. of Mails in Queue]
exiwhat
exiqgrep -z -i
exim -bpr | grep frozen | wc -l
exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm
exim -bp | grep <>
exim -Mvh 1MWBs7-0000VO-3z [Message ID]
/scripts
/scripts/pkgacct username [Backup a Domain Account via SSH]
/scripts/restorepkg username [Restore a Domain Account via SSH]
/scripts/runweblogs username [Updating log programs -> Awstats/Webalizer/etc... ]
/scripts/fixquotas [Fixing/Updating Quota problems]
cPanel Logs – A detailed view
Applications can log the system activity in two ways, one being according to their autonomous logic & the other through the system’s log daemon, well know as syslog..
The syslog daemon’s configuration file /etc/syslog.conf contains all the necessary paths/locations as to where the logs are stored.
Usually the directory /var/log/ is used for the system logs but other applications use the applications specified directories to store their log files…
Many distributions provide tools to manage and analyze the system logs.
Logrotate is a well known log rotation tool which usually is configured in the /etc/logrotate.conf file.
It may also have additional package-defined configurations in the /etc/logrotate.d/ directory..
In order to understand what’s happening on the system a brief analysis of /etc/syslog.conf is mandatory for checking the main logs positions.
Here are some basic log files, their locations & a brief description which can be found in Linux distros [mostly in cPanel ]:
General:
Quote:
cPanel/WHM Initial Installation Errors:
Location : /var/log/cpanel*install*
Description : These log files contain cPanel installation logs & should be referenced first for any issues resulting from new cPanel installations..
Quote:
Cpanel/WHM Service Status Logs:
Location : /var/log/chkservd.log
Description :The service monitoring demon (chkservd) logs all service checks here. Failed service are represented with a [-] and active services are represented by [+].
Quote:
Cpanel/WHM Accounting Logs:
Location : /var/cpanel/accounting.log
Description : Contains a list of accounting functions performed through WHM, including account removal and creation..
cPanel/WHM Specific Requests and Errors:
cPanel error logs:
Location : /usr/local/cpanel/logs/error_log
Description : cPanel logs any error it incurs here. This should be checked when you encounter errors or strange behavior in
cPanel/WHM
cPanel License Error Logs:
Location : /usr/local/cpanel/logs/license_log
Description : All license update attempts are logged here.
If you run into any errors related to license when logging in, check here.
Quote:
Stats Daemon Logs:
Location : /usr/local/cpanel/logs/stats_log
Description : The stats daemon (cpanellogd) logs the output from all stats generators (Awstats, Webalizer, Analog) here.
Quote:
Client Information, Requested URL Logs:
Location : /usr/local/cpanel/logs/access_log
Description : General information related to access cPanel requests is logged here.
Quote:
cPanel/WHM Update Logs:
Location : /var/cpanel/updatelogs/update-[TIMESTAMP].log
Description : Contains all output from each cPanel update [upcp]. It’s named with the timestamp at which the upcp process was initiated..
Quote:
Bandwidth Logs:
Location : /var/cpanel/bandwidth
Description : Files contain a list of the bandwidth history for each account. Each named after their respective user.
Tailwatchd Log:
Location : /usr/local/cpanel/logs/tailwatchd_log
Description : Logs for daemon configuired under tailwatchd ie. cPBandwd, Eximstats, Antirelayd.
Apache Logs:
General Error and Auditing Logs:
Location : /usr/local/apache/logs/error_log
Description : All exceptions caught by httpd along with standard error output from CGI applications are logged here..
The first place you should look when httpd crashes or you incur errors when accessing website.
Apache SuExec Logs:
Location : /usr/local/apache/logs/suexec_log
Description : Auditing information reported by suexec each time a CGI application is executed. Useful for debugging internal server errors, with no relevant information being reported to the Apache error_log, check here for potential suexec policy violations…
Domain Access Logs:
Location : /usr/local/apache/domlogs/domain.com
Description : General access log file for each domain configured with cPanel.
Apache Access Logs:
Location : /usr/local/apache/logs/access_log
Description : Complete web server access log records all requests processed by the server.
Exim:
Message Reception and Delivery:
Location : /var/log/exim_mainlog or /var/log/exim/mainlog
Description : Receives an entry every time a message is received or delivered.
Quote:
Exim ACLs/Policies based RejectLog :
Location : /var/log/exim_rejectlog
Description : An entry is written to this log every time a message is rejected based on either ACLs or other policies eg: aliases configured to :fail
Quote:
Unexpected or Fatal Errors:
Location : /var/log/exim_paniclog
Description : Logs any entries exim doesn’t know how to handle. It’s generally a really bad thing when log entries are being written here, and they should be properly investigated..
Quote:
IMAP/POP/SpamAssassin General Logging and Errors:
Location : /var/log/maillog & /var/log/messages
Description : The IMAP, POP, and SpamAssassin services all log here. This includes all general logging information (login attempts, transactions, spam scoring), along with fatal errors.
FTP: Quote: FTP Logins and General Errors: Location : /var/log/messages Description : General information and login attempts are logged here.. Quote: FTP Transactions logging: Location : /var/log/xferlog or /var/log/messages Description : Is a symbolic link in most cases to /usr/local/apache/domlogs/ftpxferlog, which contains a history of the transactions made by FTP users… MySQL: Quote: MySQL General Information and Errors : Location : /var/lib/mysql/$(hostname).err Description : This path could vary, but is generally located in /var/lib/mysql. Could also be located at /var/log/mysqld.log Security: Quote: Authentication attempts: Location : /var/log/secure Description : Logs all daemons which requires PAM Authentication. Quote: Tracking all Bad Logins and Logouts: Location : /var/log/btmp Description : Log of all attempted bad logins to the system. Accessed via the lastb command.. Quote: Tracking all Logins and Logouts: Location : /var/log/wtmp Description : The wtmp file records all logins and logouts. Quote: Last Logins: Location : /var/log/lastlog Description : Database times of previous user logins. The lastlog file is a database which contains info on the last login of each user. Quote: WebDav or WebDisk Log : Location : /usr/local/cpanel/logs/cpdavd_error_log Description : The cpdavd daemon is “WebDav” (better known as “WebDisk”) which was introduced in cPanel 11 to allow users to mount their home directory on their personal computer, always having access to the files and content… Quote: Cphulkd Logs: Location : /usr/local/cpanel/logs/cphulkd_errors.log Description : cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services by guessing the login password for that service…. It blacklists IPs that it thinks are trying to run a brute force attack. Quote: Failure Logging: Location : /var/log/faillog Description : Faillog formats the contents of the failure log from /var/log/faillog database. It also can be used for maintains failure counters and limits. Run faillog without arguments display only list of user faillog records who have ever had a login failure. Quote: Startup/Boot, Kernel & Hardware error messages : Location : /var/log/dmesg Description : dmesg is a “window” into the kernels ring-buffer. It’s a message buffer of the kernel. The content of this file is referred to by the dmesg command. It shows bootlog and the hardware errors..
lsof -i tcp:80
nmap localhost
cat /usr/local/apache/logs/error_log | grep domain.com
crontab -e
netstat -nap | wc -l
du -sh *
ls -lart
netstat -tn | grep :80 | awk '{print $5}' | cut -f1 -d: | sort | uniq -c | sort -rn | head
iptables -nL | grep 192.168.1.1
iptables -I INPUT -s 209.151.224.237 -j DROP
iptables -I INPUT -s 209.151.224.237 -j ACCEPT
iptables -D INPUT -s 209.151.224.237 -j DROP
grep deepinto /etc/userdomains
grep deepinto /etc/trueuserdomains
grep deepinto /etc/trueuserdomains
tail -f /var/log/exim_mainlog | grep
vi /etc/valiases/domain.com
pidof httpd
pgrep httpd
chown noble.noble test.php
cd -
vi /usr/local/apache/conf/httpd.conf
tail -f /usr/local/apache/logs/error_log
tail -f /usr/local/apache/logs/suexec_log
tail -f /usr/local/apache/logs/modsec_audit.log
tail -f /usr/local/apache/logs/modsec_debug_log
tail -f /usr/local/apache/logs/modsec_debug.log
grant all privileges on db.* to uesrname@'localhost' identified by 'password'
grant all privileges on db.* to uesrname@'%' identified by 'password'
find . -type f -name "*.corrupted" -exec rm -f {} \;
for i in `cat iframe.txt`; do sed -i.bak.hak 's///' $i; done
uzip filename.zip
gunzip filename.zip
grep config* */*/*/*/*
mysqldump tobhadr_idearich > tobhadr_idearich.sql
find -type d -exec chmod 0755 {} \;
script
fc -l
stty
tty
===========================================================================================================
Exim Commands
exim -bpc [No. of Mails in Queue]
exiwhat
exiqgrep -z -i
exim -bpr | grep frozen | wc -l
exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm
exim -bp | grep <>
exim -Mvh 1MWBs7-0000VO-3z [Message ID]
/scripts
/scripts/pkgacct username [Backup a Domain Account via SSH]
/scripts/restorepkg username [Restore a Domain Account via SSH]
/scripts/runweblogs username [Updating log programs -> Awstats/Webalizer/etc... ]
/scripts/fixquotas [Fixing/Updating Quota problems]
cPanel Logs – A detailed view
Applications can log the system activity in two ways, one being according to their autonomous logic & the other through the system’s log daemon, well know as syslog..
The syslog daemon’s configuration file /etc/syslog.conf contains all the necessary paths/locations as to where the logs are stored.
Usually the directory /var/log/ is used for the system logs but other applications use the applications specified directories to store their log files…
Many distributions provide tools to manage and analyze the system logs.
Logrotate is a well known log rotation tool which usually is configured in the /etc/logrotate.conf file.
It may also have additional package-defined configurations in the /etc/logrotate.d/ directory..
In order to understand what’s happening on the system a brief analysis of /etc/syslog.conf is mandatory for checking the main logs positions.
Here are some basic log files, their locations & a brief description which can be found in Linux distros [mostly in cPanel ]:
General:
Quote:
cPanel/WHM Initial Installation Errors:
Location : /var/log/cpanel*install*
Description : These log files contain cPanel installation logs & should be referenced first for any issues resulting from new cPanel installations..
Quote:
Cpanel/WHM Service Status Logs:
Location : /var/log/chkservd.log
Description :The service monitoring demon (chkservd) logs all service checks here. Failed service are represented with a [-] and active services are represented by [+].
Quote:
Cpanel/WHM Accounting Logs:
Location : /var/cpanel/accounting.log
Description : Contains a list of accounting functions performed through WHM, including account removal and creation..
cPanel/WHM Specific Requests and Errors:
cPanel error logs:
Location : /usr/local/cpanel/logs/error_log
Description : cPanel logs any error it incurs here. This should be checked when you encounter errors or strange behavior in
cPanel/WHM
cPanel License Error Logs:
Location : /usr/local/cpanel/logs/license_log
Description : All license update attempts are logged here.
If you run into any errors related to license when logging in, check here.
Quote:
Stats Daemon Logs:
Location : /usr/local/cpanel/logs/stats_log
Description : The stats daemon (cpanellogd) logs the output from all stats generators (Awstats, Webalizer, Analog) here.
Quote:
Client Information, Requested URL Logs:
Location : /usr/local/cpanel/logs/access_log
Description : General information related to access cPanel requests is logged here.
Quote:
cPanel/WHM Update Logs:
Location : /var/cpanel/updatelogs/update-[TIMESTAMP].log
Description : Contains all output from each cPanel update [upcp]. It’s named with the timestamp at which the upcp process was initiated..
Quote:
Bandwidth Logs:
Location : /var/cpanel/bandwidth
Description : Files contain a list of the bandwidth history for each account. Each named after their respective user.
Tailwatchd Log:
Location : /usr/local/cpanel/logs/tailwatchd_log
Description : Logs for daemon configuired under tailwatchd ie. cPBandwd, Eximstats, Antirelayd.
Apache Logs:
General Error and Auditing Logs:
Location : /usr/local/apache/logs/error_log
Description : All exceptions caught by httpd along with standard error output from CGI applications are logged here..
The first place you should look when httpd crashes or you incur errors when accessing website.
Apache SuExec Logs:
Location : /usr/local/apache/logs/suexec_log
Description : Auditing information reported by suexec each time a CGI application is executed. Useful for debugging internal server errors, with no relevant information being reported to the Apache error_log, check here for potential suexec policy violations…
Domain Access Logs:
Location : /usr/local/apache/domlogs/domain.com
Description : General access log file for each domain configured with cPanel.
Apache Access Logs:
Location : /usr/local/apache/logs/access_log
Description : Complete web server access log records all requests processed by the server.
Exim:
Message Reception and Delivery:
Location : /var/log/exim_mainlog or /var/log/exim/mainlog
Description : Receives an entry every time a message is received or delivered.
Quote:
Exim ACLs/Policies based RejectLog :
Location : /var/log/exim_rejectlog
Description : An entry is written to this log every time a message is rejected based on either ACLs or other policies eg: aliases configured to :fail
Quote:
Unexpected or Fatal Errors:
Location : /var/log/exim_paniclog
Description : Logs any entries exim doesn’t know how to handle. It’s generally a really bad thing when log entries are being written here, and they should be properly investigated..
Quote:
IMAP/POP/SpamAssassin General Logging and Errors:
Location : /var/log/maillog & /var/log/messages
Description : The IMAP, POP, and SpamAssassin services all log here. This includes all general logging information (login attempts, transactions, spam scoring), along with fatal errors.
FTP: Quote: FTP Logins and General Errors: Location : /var/log/messages Description : General information and login attempts are logged here.. Quote: FTP Transactions logging: Location : /var/log/xferlog or /var/log/messages Description : Is a symbolic link in most cases to /usr/local/apache/domlogs/ftpxferlog, which contains a history of the transactions made by FTP users… MySQL: Quote: MySQL General Information and Errors : Location : /var/lib/mysql/$(hostname).err Description : This path could vary, but is generally located in /var/lib/mysql. Could also be located at /var/log/mysqld.log Security: Quote: Authentication attempts: Location : /var/log/secure Description : Logs all daemons which requires PAM Authentication. Quote: Tracking all Bad Logins and Logouts: Location : /var/log/btmp Description : Log of all attempted bad logins to the system. Accessed via the lastb command.. Quote: Tracking all Logins and Logouts: Location : /var/log/wtmp Description : The wtmp file records all logins and logouts. Quote: Last Logins: Location : /var/log/lastlog Description : Database times of previous user logins. The lastlog file is a database which contains info on the last login of each user. Quote: WebDav or WebDisk Log : Location : /usr/local/cpanel/logs/cpdavd_error_log Description : The cpdavd daemon is “WebDav” (better known as “WebDisk”) which was introduced in cPanel 11 to allow users to mount their home directory on their personal computer, always having access to the files and content… Quote: Cphulkd Logs: Location : /usr/local/cpanel/logs/cphulkd_errors.log Description : cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services by guessing the login password for that service…. It blacklists IPs that it thinks are trying to run a brute force attack. Quote: Failure Logging: Location : /var/log/faillog Description : Faillog formats the contents of the failure log from /var/log/faillog database. It also can be used for maintains failure counters and limits. Run faillog without arguments display only list of user faillog records who have ever had a login failure. Quote: Startup/Boot, Kernel & Hardware error messages : Location : /var/log/dmesg Description : dmesg is a “window” into the kernels ring-buffer. It’s a message buffer of the kernel. The content of this file is referred to by the dmesg command. It shows bootlog and the hardware errors..
Log Files
Applications can log the system activity in two ways, one being according to their autonomous logic & the other through the system’s log daemon, well know as syslog..
The syslog daemon’s configuration file /etc/syslog.conf contains all the necessary paths/locations as to where the logs are stored.
Usually the directory /var/log/ is used for the system logs but other applications use the applications specified directories to store their log files…
Many distributions provide tools to manage and analyze the system logs.
Logrotate is a well known log rotation tool which usually is configured in the /etc/logrotate.conf file.
It may also have additional package-defined configurations in the /etc/logrotate.d/ directory..
In order to understand what’s happening on the system a brief analysis of /etc/syslog.conf is mandatory for checking the main logs positions.
Here are some basic log files, their locations & a brief description which can be found in Linux distros [mostly in cPanel ]:
General:
Quote:
Quote:
cPanel/WHM Initial Installation Errors:
Location : /var/log/cpanel*install*
Description : These log files contain cPanel installation logs & should be referenced first for any issues resulting from new cPanel installations..
Quote:
Cpanel/WHM Service Status Logs:
Location : /var/log/chkservd.log
Description :The service monitoring demon (chkservd) logs all service checks here. Failed service are represented with a [-] and active services are represented by [+].
Quote:
Cpanel/WHM Accounting Logs:
Location : /var/cpanel/accounting.log
Description : Contains a list of accounting functions performed through WHM, including account removal and creation..
cPanel/WHM Specific Requests and Errors:
Quote:
Quote:
cPanel error logs:
Location : /usr/local/cpanel/logs/error_log
Description : cPanel logs any error it incurs here. This should be checked when you encounter errors or strange behavior in cPanel/WHM…
Quote:
cPanel License Error Logs:
Location : /usr/local/cpanel/logs/license_log
Description : All license update attempts are logged here. If you run into any errors related to license when logging in, check here.
Quote:
Stats Daemon Logs:
Location : /usr/local/cpanel/logs/stats_log
Description : The stats daemon (cpanellogd) logs the output from all stats generators (Awstats, Webalizer, Analog) here.
Quote:
Client Information, Requested URL Logs:
Location : /usr/local/cpanel/logs/access_log
Description : General information related to access cPanel requests is logged here.
Quote:
cPanel/WHM Update Logs:
Location : /var/cpanel/updatelogs/update-[TIMESTAMP].log
Description : Contains all output from each cPanel update [upcp]. It’s named with the timestamp at which the upcp process was initiated..
Quote:
Bandwidth Logs:
Location : /var/cpanel/bandwidth
Description : Files contain a list of the bandwidth history for each account. Each named after their respective user.
Quote:
Tailwatchd [New]:
Location : /usr/local/cpanel/logs/tailwatchd_log
Description : Logs for daemon configuired under tailwatchd ie. cPBandwd, Eximstats, Antirelayd.
Apache Logs:
Quote:
Quote:
General Error and Auditing Logs:
Location : /usr/local/apache/logs/error_log
Description : All exceptions caught by httpd along with standard error output from CGI applications are logged here..
The first place you should look when httpd crashes or you incur errors when accessing website.
Quote:
Apache SuExec Logs:
Location : /usr/local/apache/logs/suexec_log
Description : Auditing information reported by suexec each time a CGI application is executed. Useful for debugging internal server errors, with no relevant information being reported to the Apache error_log, check here for potential suexec policy violations…
Quote:
Domain Access Logs:
Location : /usr/local/apache/domlogs/domain.com
Description : General access log file for each domain configured with cPanel.
Quote:
Apache Access Logs:
Location : /usr/local/apache/logs/access_log
Description : Complete web server access log records all requests processed by the server.
Exim :
Quote:
Quote:
Message Reception and Delivery:
Location : /var/log/exim_mainlog or /var/log/exim/mainlog
Description : Receives an entry every time a message is received or delivered.
Quote:
Exim ACLs/Policies based RejectLog :
Location : /var/log/exim_rejectlog
Description : An entry is written to this log every time a message is rejected based on either ACLs or other policies eg: aliases configured to :fail
Quote:
Unexpected or Fatal Errors:
Location : /var/log/exim_paniclog
Description : Logs any entries exim doesn’t know how to handle. It’s generally a really bad thing when log entries are being written here, and they should be properly investigated..
Quote:
IMAP/POP/SpamAssassin General Logging and Errors:
Location : /var/log/maillog & /var/log/messages
Description : The IMAP, POP, and SpamAssassin services all log here. This includes all general logging information (login attempts, transactions, spam scoring), along with fatal errors.
FTP:
Quote:
Quote:
FTP Logins and General Errors:
Location : /var/log/messages
Description : General information and login attempts are logged here..
Quote:
FTP Transactions logging:
Location : /var/log/xferlog or /var/log/messages
Description : Is a symbolic link in most cases to /usr/local/apache/domlogs/ftpxferlog, which contains a history of the transactions made by FTP users…
MySQL:
Quote:
Quote:
MySQL General Information and Errors :
Location : /var/lib/mysql/$(hostname).err
Description : This path could vary, but is generally located in /var/lib/mysql. Could also be located at /var/log/mysqld.log
Security:
Quote:
Quote:
Authentication attempts:
Location : /var/log/secure
Description : Logs all daemons which requires PAM Authentication.
Quote:
Tracking all Bad Logins and Logouts:
Location : /var/log/btmp
Description : Log of all attempted bad logins to the system. Accessed via the lastb command..
Quote:
Tracking all Logins and Logouts:
Location : /var/log/wtmp
Description : The wtmp file records all logins and logouts.
Quote:
Last Logins:
Location : /var/log/lastlog
Description : Database times of previous user logins. The lastlog file is a database which contains info on the last login of each user.
Quote:
WebDav or WebDisk Log :
Location : /usr/local/cpanel/logs/cpdavd_error_log
Description : The cpdavd daemon is “WebDav” (better known as “WebDisk") which was introduced in cPanel 11 to allow users to mount their home directory on their personal computer, always having access to the files and content…
Quote:
Cphulkd Logs:
Location : /usr/local/cpanel/logs/cphulkd_errors.log
Description : cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services by guessing the login password for that service….
It blacklists IPs that it thinks are trying to run a brute force attack.
Quote:
Failure Logging:
Location : /var/log/faillog
Description : Faillog formats the contents of the failure log from /var/log/faillog database. It also can be used for maintains failure counters and limits. Run faillog without arguments display only list of user faillog records who have ever had a login failure.
Quote:
Startup/Boot, Kernel & Hardware error messages :
Location : /var/log/dmesg
Description : dmesg is a “window” into the kernels ring-buffer. It’s a message buffer of the kernel. The content of this file is referred to by the dmesg command. It shows bootlog and the hardware errors..
Tomcat:
Quote:
Quote:
General Startup, Shutdown & Error Logs:
Location : /usr/local/jakarta/tomcat/logs/catalina.err and /usr/local/jakarta/tomcat/logs/catalina.out
Description : Logs for Tomcat and all tomcat based applications…
Permalink
The syslog daemon’s configuration file /etc/syslog.conf contains all the necessary paths/locations as to where the logs are stored.
Usually the directory /var/log/ is used for the system logs but other applications use the applications specified directories to store their log files…
Many distributions provide tools to manage and analyze the system logs.
Logrotate is a well known log rotation tool which usually is configured in the /etc/logrotate.conf file.
It may also have additional package-defined configurations in the /etc/logrotate.d/ directory..
In order to understand what’s happening on the system a brief analysis of /etc/syslog.conf is mandatory for checking the main logs positions.
Here are some basic log files, their locations & a brief description which can be found in Linux distros [mostly in cPanel ]:
General:
Quote:
Quote:
cPanel/WHM Initial Installation Errors:
Location : /var/log/cpanel*install*
Description : These log files contain cPanel installation logs & should be referenced first for any issues resulting from new cPanel installations..
Quote:
Cpanel/WHM Service Status Logs:
Location : /var/log/chkservd.log
Description :The service monitoring demon (chkservd) logs all service checks here. Failed service are represented with a [-] and active services are represented by [+].
Quote:
Cpanel/WHM Accounting Logs:
Location : /var/cpanel/accounting.log
Description : Contains a list of accounting functions performed through WHM, including account removal and creation..
cPanel/WHM Specific Requests and Errors:
Quote:
Quote:
cPanel error logs:
Location : /usr/local/cpanel/logs/error_log
Description : cPanel logs any error it incurs here. This should be checked when you encounter errors or strange behavior in cPanel/WHM…
Quote:
cPanel License Error Logs:
Location : /usr/local/cpanel/logs/license_log
Description : All license update attempts are logged here. If you run into any errors related to license when logging in, check here.
Quote:
Stats Daemon Logs:
Location : /usr/local/cpanel/logs/stats_log
Description : The stats daemon (cpanellogd) logs the output from all stats generators (Awstats, Webalizer, Analog) here.
Quote:
Client Information, Requested URL Logs:
Location : /usr/local/cpanel/logs/access_log
Description : General information related to access cPanel requests is logged here.
Quote:
cPanel/WHM Update Logs:
Location : /var/cpanel/updatelogs/update-[TIMESTAMP].log
Description : Contains all output from each cPanel update [upcp]. It’s named with the timestamp at which the upcp process was initiated..
Quote:
Bandwidth Logs:
Location : /var/cpanel/bandwidth
Description : Files contain a list of the bandwidth history for each account. Each named after their respective user.
Quote:
Tailwatchd [New]:
Location : /usr/local/cpanel/logs/tailwatchd_log
Description : Logs for daemon configuired under tailwatchd ie. cPBandwd, Eximstats, Antirelayd.
Apache Logs:
Quote:
Quote:
General Error and Auditing Logs:
Location : /usr/local/apache/logs/error_log
Description : All exceptions caught by httpd along with standard error output from CGI applications are logged here..
The first place you should look when httpd crashes or you incur errors when accessing website.
Quote:
Apache SuExec Logs:
Location : /usr/local/apache/logs/suexec_log
Description : Auditing information reported by suexec each time a CGI application is executed. Useful for debugging internal server errors, with no relevant information being reported to the Apache error_log, check here for potential suexec policy violations…
Quote:
Domain Access Logs:
Location : /usr/local/apache/domlogs/domain.com
Description : General access log file for each domain configured with cPanel.
Quote:
Apache Access Logs:
Location : /usr/local/apache/logs/access_log
Description : Complete web server access log records all requests processed by the server.
Exim :
Quote:
Quote:
Message Reception and Delivery:
Location : /var/log/exim_mainlog or /var/log/exim/mainlog
Description : Receives an entry every time a message is received or delivered.
Quote:
Exim ACLs/Policies based RejectLog :
Location : /var/log/exim_rejectlog
Description : An entry is written to this log every time a message is rejected based on either ACLs or other policies eg: aliases configured to :fail
Quote:
Unexpected or Fatal Errors:
Location : /var/log/exim_paniclog
Description : Logs any entries exim doesn’t know how to handle. It’s generally a really bad thing when log entries are being written here, and they should be properly investigated..
Quote:
IMAP/POP/SpamAssassin General Logging and Errors:
Location : /var/log/maillog & /var/log/messages
Description : The IMAP, POP, and SpamAssassin services all log here. This includes all general logging information (login attempts, transactions, spam scoring), along with fatal errors.
FTP:
Quote:
Quote:
FTP Logins and General Errors:
Location : /var/log/messages
Description : General information and login attempts are logged here..
Quote:
FTP Transactions logging:
Location : /var/log/xferlog or /var/log/messages
Description : Is a symbolic link in most cases to /usr/local/apache/domlogs/ftpxferlog, which contains a history of the transactions made by FTP users…
MySQL:
Quote:
Quote:
MySQL General Information and Errors :
Location : /var/lib/mysql/$(hostname).err
Description : This path could vary, but is generally located in /var/lib/mysql. Could also be located at /var/log/mysqld.log
Security:
Quote:
Quote:
Authentication attempts:
Location : /var/log/secure
Description : Logs all daemons which requires PAM Authentication.
Quote:
Tracking all Bad Logins and Logouts:
Location : /var/log/btmp
Description : Log of all attempted bad logins to the system. Accessed via the lastb command..
Quote:
Tracking all Logins and Logouts:
Location : /var/log/wtmp
Description : The wtmp file records all logins and logouts.
Quote:
Last Logins:
Location : /var/log/lastlog
Description : Database times of previous user logins. The lastlog file is a database which contains info on the last login of each user.
Quote:
WebDav or WebDisk Log :
Location : /usr/local/cpanel/logs/cpdavd_error_log
Description : The cpdavd daemon is “WebDav” (better known as “WebDisk") which was introduced in cPanel 11 to allow users to mount their home directory on their personal computer, always having access to the files and content…
Quote:
Cphulkd Logs:
Location : /usr/local/cpanel/logs/cphulkd_errors.log
Description : cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services by guessing the login password for that service….
It blacklists IPs that it thinks are trying to run a brute force attack.
Quote:
Failure Logging:
Location : /var/log/faillog
Description : Faillog formats the contents of the failure log from /var/log/faillog database. It also can be used for maintains failure counters and limits. Run faillog without arguments display only list of user faillog records who have ever had a login failure.
Quote:
Startup/Boot, Kernel & Hardware error messages :
Location : /var/log/dmesg
Description : dmesg is a “window” into the kernels ring-buffer. It’s a message buffer of the kernel. The content of this file is referred to by the dmesg command. It shows bootlog and the hardware errors..
Tomcat:
Quote:
Quote:
General Startup, Shutdown & Error Logs:
Location : /usr/local/jakarta/tomcat/logs/catalina.err and /usr/local/jakarta/tomcat/logs/catalina.out
Description : Logs for Tomcat and all tomcat based applications…
Permalink
Cpanel details
cpanel version----------># /usr/local/cpanel/cpanel -V
cpanel update--------------->/scripts/upcp --force
cpanel error log--------------> /usr/local/cpanel/logs/error_log
cpanel update--------------->/scripts/upcp --force
cpanel error log--------------> /usr/local/cpanel/logs/error_log
Server replied: 110 Can’t open SMTP stream
Error while sending mails from the Cpanel >> Squirrel Mail
Connection timed out
Server replied: 110 Can’t open SMTP stream.
Solution:
On shell, open this file
# vi /usr/local/cpanel/base/3rdparty/squirrelmail/config/config.php
CHANGE
$ useSendmail = false;
TO
$ useSendmail = true;
Save the file and the error is fixed.
Connection timed out
Server replied: 110 Can’t open SMTP stream.
Solution:
On shell, open this file
# vi /usr/local/cpanel/base/3rdparty/squirrelmail/config/config.php
CHANGE
$ useSendmail = false;
TO
$ useSendmail = true;
Save the file and the error is fixed.
IPTABLES
Replace IP-ADDRESS with actual IP address. For example if you wish to block ip address 65.55.44.100 for whatever reason then type command as follows:
# iptables -A INPUT -s 65.55.44.100 -j DROP ================================================ If you just want to block access to one port from an ip 65.55.44.100 to port 25 then type command:
# iptables -A INPUT -s 65.55.44.100 -p tcp --destination-port 25 -j DROP =================================================== TO REMOVE THE BLOCKED IP FROM FIREWALL
1) Login into the server via shell access.
2) Go to the path of APF firewall. It should be:
/etc/csf
3) Edit the file csf.deny.
vi csf.deny
4) Remove the IP address from the list and save the file to unblock the IP address.
Once the IP address removed one need to restart the Firewall…To Restart Firewall one need to execute below mentioned command:
csf -r
===============================================================================
# LFD----CSF
############
/var/log/lfd.log
/etc/init.d/csf restart
tail -f /usr/local/apache/logs/error_log
/etc/init.d/lfd restart
crontab -l
rm -fv /etc/csf/csf.error
iptables -L -n | grep 72.29.86.55
service chkservd restart > restart service after done any in csf
csf -v
csf -x > disable
csf -e >enable
# iptables -A INPUT -s 65.55.44.100 -j DROP ================================================ If you just want to block access to one port from an ip 65.55.44.100 to port 25 then type command:
# iptables -A INPUT -s 65.55.44.100 -p tcp --destination-port 25 -j DROP =================================================== TO REMOVE THE BLOCKED IP FROM FIREWALL
1) Login into the server via shell access.
2) Go to the path of APF firewall. It should be:
/etc/csf
3) Edit the file csf.deny.
vi csf.deny
4) Remove the IP address from the list and save the file to unblock the IP address.
Once the IP address removed one need to restart the Firewall…To Restart Firewall one need to execute below mentioned command:
csf -r
===============================================================================
# LFD----CSF
############
/var/log/lfd.log
/etc/init.d/csf restart
tail -f /usr/local/apache/logs/error_log
/etc/init.d/lfd restart
crontab -l
rm -fv /etc/csf/csf.error
iptables -L -n | grep 72.29.86.55
service chkservd restart > restart service after done any in csf
csf -v
csf -x > disable
csf -e >enable
suspicious process
Problem: suspecious process working in server
________________________________________________________________________________________________
For this we have to kill the process or kill the ip given by the user
firewall is situated in /etc/csf
csf.pignor---->is used for bloking process
csf.ignore---->is used for blocking ip address
______________________________
after this restart lfd, and csf
etc/init.d/ csf restart
etc/init.d/ lfd restart
_____________________________________________________________________________________________________
if md5 comparison test is failed is due to the upgradation of the server files
It will check all the files which is modified
to remove this problem go vi /etc/csf/csf.conf
in it change LF_integrity= to 0
.........
________________________________________________________________________________________________
For this we have to kill the process or kill the ip given by the user
firewall is situated in /etc/csf
csf.pignor---->is used for bloking process
csf.ignore---->is used for blocking ip address
______________________________
after this restart lfd, and csf
etc/init.d/ csf restart
etc/init.d/ lfd restart
_____________________________________________________________________________________________________
if md5 comparison test is failed is due to the upgradation of the server files
It will check all the files which is modified
to remove this problem go vi /etc/csf/csf.conf
in it change LF_integrity= to 0
.........
swap file creating
when some programs consume huge amount of virtual memory, make use of temporary SWAP space.
This can be achieved by mkswap and swapon
* For EG: To have 64 MB extra swap space
dd if=/dev/zero of=/swapfile bs=1024 count=65535
mkswap /swapfile
swapon /swapfile
where “/swapfile” is the swap filename. The location of this file depends on the availabilty of File System’s Space and the write permission.
when you dont need this anymore, remove it using the following commands
swapoff /swapfile
rm /swapfile
Tuesday, October 13, 2009
Error from domain wrapper: domainname.com is owned by another user
I got this error when I was trying to add subdomains to one of my cPanel accounts. This happens when cPanel doesn’t remove the subdomain correctly and then it thinks it’s still there so when you try to add it back on you get an error. Here’s how to fix it:
1. Remove domain.com from /var/cpanel/users/cpanel-username
3. Run /scripts/updateuserdomains as root user on the server because you changed the above file manually, this will create adjusted cache files
2. Remove /var/named/domain.com.db if the file exists (it doesn’t always)
3. Remove the virtualhost for domain.com on /usr/local/apache/conf/httpd.conf
4. Remove domain.com from /etc/named.conf
Now you can add the domain back on in cPanel with no problems.
20 Linux System Monitoring Tools Every SysAdmin Should Know
Need to monitor Linux server performance? Try these built-in command and a few add-on tools. Most Linux distributions are equipped with tons of monitoring. These tools provide metrics which can be used to get information about system activities. You can use these tools to find the possible causes of a performance problem. The commands discussed below are some of the most basic commands when it comes to system analysis and debugging server issues such as:
- Finding out bottlenecks.
- Disk (storage) bottlenecks.
- CPU and memory bottlenecks.
- Network bottlenecks.
1: top - Process Activity Command
The top program provides a dynamic real-time view of a running system i.e. actual process activity. By default, it displays the most CPU-intensive tasks running on the server and updates the list every five seconds.
2: vmstat - System Activity, Hardware and System Information
The command vmstat reports information about processes, memory, paging, block IO, traps, and cpu activity.
# vmstat 3
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
r b swpd free buff cache si so bi bo in cs us sy id wa st
0 0 0 2540988 522188 5130400 0 0 2 32 4 2 4 1 96 0 0
1 0 0 2540988 522188 5130400 0 0 0 720 1199 665 1 0 99 0 0
0 0 0 2540956 522188 5130400 0 0 0 0 1151 1569 4 1 95 0 0
0 0 0 2540956 522188 5130500 0 0 0 6 1117 439 1 0 99 0 0
0 0 0 2540940 522188 5130512 0 0 0 536 1189 932 1 0 98 0 0
0 0 0 2538444 522188 5130588 0 0 0 0 1187 1417 4 1 96 0 0
Display Memory Utilization Slabinfo
# vmstat -m
Get Information About Active / Inactive Memory Pages
# vmstat -a
3: w - Find Out Who Is Logged on And What They Are Doing
w command displays information about the users currently on the machine, and their processes.Sample Output:
17:58:47 up 5 days, 20:28, 2 users, load average: 0.36, 0.26, 0.24
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 10.1.3.145 14:55 5.00s 0.04s 0.02s vim /etc/resolv.conf
root pts/1 10.1.3.145 17:43 0.00s 0.03s 0.00s w
4: uptime - Tell How Long The System Has Been Running
The uptime command can be used to see how long the server has been running. The current time, how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes.
18:02:41 up 41 days, 23:42, 1 user, load average: 0.00, 0.00, 0.00
1 can be considered as optimal load value. The load can change from
system to system. For a single CPU system 1 - 3 and SMP systems 6-10
load value might be acceptable.
How do I find out Linux Resource utilization
vmstat command reports information about processes, memory, paging, block IO, traps, and cpu activity. However, a real advantage of vmstat command output - is to the point and (concise) easy to read/understand. The output of vmstat command use to help identify system bottlenecks. Please note that Linux vmstat does not count itself as a running process.
Here is an output of vmstat command from my enterprise grade system:
$ vmstat -S M
procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu----
r b swpd free buff cache si so bi bo in cs us sy id wa
3 0 0 1963 607 2359 0 0 0 0 0 1 32 0 68 0
Where,
- The fist line is nothing but six different categories. The second line gives more information about each category. This second line gives all data you need.
- -S M: vmstat lets you choose units (k, K, m, M) default is K (1024 bytes) in the default mode. I am using M since this system has over 4 GB memory. Without -M option it will use K as unit
Field Description For Vm Mode
(a) procs is the process-related fields are:
- r: The number of processes waiting for run time.
- b: The number of processes in uninterruptible sleep.
(b) memory is the memory-related fields are:
- swpd: the amount of virtual memory used.
- free: the amount of idle memory.
- buff: the amount of memory used as buffers.
- cache: the amount of memory used as cache.
(c) swap is swap-related fields are:
- si: Amount of memory swapped in from disk (/s).
- so: Amount of memory swapped to disk (/s).
(d) io is the I/O-related fields are:
- bi: Blocks received from a block device (blocks/s).
- bo: Blocks sent to a block device (blocks/s).
(e) system is the system-related fields are:
- in: The number of interrupts per second, including the clock.
- cs: The number of context switches per second.
(f) cpu is the CPU-related fields are:
These are percentages of total CPU time.
- us: Time spent running non-kernel code. (user time, including nice time)
- sy: Time spent running kernel code. (system time)
- id: Time spent idle. Prior to Linux 2.5.41, this includes IO-wait time.
- wa: Time spent waiting for IO. Prior to Linux 2.5.41, shown as zero.
As you see the first output produced gives averages data since the last reboot. Additional reports give information on a sampling period of length delay. You need to sample data using delays i.e. collect data by setting intervals. For example collect data every 2 seconds (or collect data every 2 second 5 times only):
Role Of A Sustem Administrator
The person who is responsible for setting up and maintaining the system is called as the system administrator. System administrators may be members of an information technology department. Most of the following discussion also applies to network and Windows system admins.
Duties of a system administrator
The duties of a system administrator are wide-ranging, and vary widely from one organization to another. Sysadmins are usually charged with installing, supporting, and maintaining servers or other computer systems, and planning for and responding to service outages and other problems. Other duties may include scripting or light programming, project management for systems-related projects.
The system administrator is responsible for following things:
- User administration (setup and maintaining account)
- Maintaining system
- Verify that peripherals are working properly
- Quickly arrange repair for hardware in occasion of hardware failure
- Monitor system performance
- Create file systems
- Install software
- Create a backup and recover policy
- Monitor network communication
- Update system as soon as new version of OS and application software comes out
- Implement the policies for the use of the computer system and network
- Setup security policies for users. A sysadmin must have a strong grasp of computer security (e.g. firewalls and intrusion detection systems).
Subscribe to:
Posts (Atom)