Thursday, October 15, 2009

Linux overall

To check whether the port is listening:


lsof -i tcp:80

nmap localhost






cat /usr/local/apache/logs/error_log | grep domain.com



crontab -e


netstat -nap | wc -l


du -sh *


ls -lart


netstat -tn | grep :80 | awk '{print $5}' | cut -f1 -d: | sort | uniq -c | sort -rn | head


iptables -nL | grep 192.168.1.1

iptables -I INPUT -s 209.151.224.237 -j DROP

iptables -I INPUT -s 209.151.224.237 -j ACCEPT

iptables -D INPUT -s 209.151.224.237 -j DROP


grep deepinto /etc/userdomains

grep deepinto /etc/trueuserdomains

grep deepinto /etc/trueuserdomains


tail -f /var/log/exim_mainlog | grep


vi /etc/valiases/domain.com


pidof httpd

pgrep httpd


chown noble.noble test.php


cd -


vi /usr/local/apache/conf/httpd.conf
tail -f /usr/local/apache/logs/error_log
tail -f /usr/local/apache/logs/suexec_log
tail -f /usr/local/apache/logs/modsec_audit.log

tail -f /usr/local/apache/logs/modsec_debug_log

tail -f /usr/local/apache/logs/modsec_debug.log




grant all privileges on db.* to uesrname@'localhost' identified by 'password'
grant all privileges on db.* to uesrname@'%' identified by 'password'


find . -type f -name "*.corrupted" -exec rm -f {} \;


for i in `cat iframe.txt`; do sed -i.bak.hak 's///' $i; done


uzip filename.zip


gunzip filename.zip


grep config* */*/*/*/*


mysqldump tobhadr_idearich > tobhadr_idearich.sql


find -type d -exec chmod 0755 {} \;


script


fc -l


stty


tty




===========================================================================================================

Exim Commands

exim -bpc [No. of Mails in Queue]
exiwhat

exiqgrep -z -i
exim -bpr | grep frozen | wc -l
exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm
exim -bp | grep <>
exim -Mvh 1MWBs7-0000VO-3z [Message ID]

/scripts

/scripts/pkgacct username [Backup a Domain Account via SSH]
/scripts/restorepkg username [Restore a Domain Account via SSH]

/scripts/runweblogs username [Updating log programs -> Awstats/Webalizer/etc... ]
/scripts/fixquotas [Fixing/Updating Quota problems]

cPanel Logs – A detailed view

Applications can log the system activity in two ways, one being according to their autonomous logic & the other through the system’s log daemon, well know as syslog..

The syslog daemon’s configuration file /etc/syslog.conf contains all the necessary paths/locations as to where the logs are stored.

Usually the directory /var/log/ is used for the system logs but other applications use the applications specified directories to store their log files…
Many distributions provide tools to manage and analyze the system logs.

Logrotate is a well known log rotation tool which usually is configured in the /etc/logrotate.conf file.
It may also have additional package-defined configurations in the /etc/logrotate.d/ directory..
In order to understand what’s happening on the system a brief analysis of /etc/syslog.conf is mandatory for checking the main logs positions.

Here are some basic log files, their locations & a brief description which can be found in Linux distros [mostly in cPanel ]:
General:

Quote:
cPanel/WHM Initial Installation Errors:
Location : /var/log/cpanel*install*
Description : These log files contain cPanel installation logs & should be referenced first for any issues resulting from new cPanel installations..
Quote:
Cpanel/WHM Service Status Logs:
Location : /var/log/chkservd.log
Description :The service monitoring demon (chkservd) logs all service checks here. Failed service are represented with a [-] and active services are represented by [+].
Quote:
Cpanel/WHM Accounting Logs:
Location : /var/cpanel/accounting.log
Description : Contains a list of accounting functions performed through WHM, including account removal and creation..


cPanel/WHM Specific Requests and Errors:

cPanel error logs:
Location : /usr/local/cpanel/logs/error_log
Description : cPanel logs any error it incurs here. This should be checked when you encounter errors or strange behavior in
cPanel/WHM

cPanel License Error Logs:
Location : /usr/local/cpanel/logs/license_log
Description : All license update attempts are logged here.
If you run into any errors related to license when logging in, check here.

Quote:
Stats Daemon Logs:
Location : /usr/local/cpanel/logs/stats_log
Description : The stats daemon (cpanellogd) logs the output from all stats generators (Awstats, Webalizer, Analog) here.

Quote:
Client Information, Requested URL Logs:
Location : /usr/local/cpanel/logs/access_log
Description : General information related to access cPanel requests is logged here.

Quote:
cPanel/WHM Update Logs:
Location : /var/cpanel/updatelogs/update-[TIMESTAMP].log
Description : Contains all output from each cPanel update [upcp]. It’s named with the timestamp at which the upcp process was initiated..

Quote:
Bandwidth Logs:
Location : /var/cpanel/bandwidth
Description : Files contain a list of the bandwidth history for each account. Each named after their respective user.

Tailwatchd Log:
Location : /usr/local/cpanel/logs/tailwatchd_log
Description : Logs for daemon configuired under tailwatchd ie. cPBandwd, Eximstats, Antirelayd.

Apache Logs:

General Error and Auditing Logs:
Location : /usr/local/apache/logs/error_log
Description : All exceptions caught by httpd along with standard error output from CGI applications are logged here..
The first place you should look when httpd crashes or you incur errors when accessing website.

Apache SuExec Logs:
Location : /usr/local/apache/logs/suexec_log
Description : Auditing information reported by suexec each time a CGI application is executed. Useful for debugging internal server errors, with no relevant information being reported to the Apache error_log, check here for potential suexec policy violations…

Domain Access Logs:
Location : /usr/local/apache/domlogs/domain.com
Description : General access log file for each domain configured with cPanel.

Apache Access Logs:
Location : /usr/local/apache/logs/access_log
Description : Complete web server access log records all requests processed by the server.

Exim:

Message Reception and Delivery:
Location : /var/log/exim_mainlog or /var/log/exim/mainlog
Description : Receives an entry every time a message is received or delivered.

Quote:
Exim ACLs/Policies based RejectLog :
Location : /var/log/exim_rejectlog
Description : An entry is written to this log every time a message is rejected based on either ACLs or other policies eg: aliases configured to :fail

Quote:
Unexpected or Fatal Errors:
Location : /var/log/exim_paniclog
Description : Logs any entries exim doesn’t know how to handle. It’s generally a really bad thing when log entries are being written here, and they should be properly investigated..

Quote:
IMAP/POP/SpamAssassin General Logging and Errors:
Location : /var/log/maillog & /var/log/messages
Description : The IMAP, POP, and SpamAssassin services all log here. This includes all general logging information (login attempts, transactions, spam scoring), along with fatal errors.

FTP: Quote: FTP Logins and General Errors: Location : /var/log/messages Description : General information and login attempts are logged here.. Quote: FTP Transactions logging: Location : /var/log/xferlog or /var/log/messages Description : Is a symbolic link in most cases to /usr/local/apache/domlogs/ftpxferlog, which contains a history of the transactions made by FTP users… MySQL: Quote: MySQL General Information and Errors : Location : /var/lib/mysql/$(hostname).err Description : This path could vary, but is generally located in /var/lib/mysql. Could also be located at /var/log/mysqld.log Security: Quote: Authentication attempts: Location : /var/log/secure Description : Logs all daemons which requires PAM Authentication. Quote: Tracking all Bad Logins and Logouts: Location : /var/log/btmp Description : Log of all attempted bad logins to the system. Accessed via the lastb command.. Quote: Tracking all Logins and Logouts: Location : /var/log/wtmp Description : The wtmp file records all logins and logouts. Quote: Last Logins: Location : /var/log/lastlog Description : Database times of previous user logins. The lastlog file is a database which contains info on the last login of each user. Quote: WebDav or WebDisk Log : Location : /usr/local/cpanel/logs/cpdavd_error_log Description : The cpdavd daemon is “WebDav” (better known as “WebDisk”) which was introduced in cPanel 11 to allow users to mount their home directory on their personal computer, always having access to the files and content… Quote: Cphulkd Logs: Location : /usr/local/cpanel/logs/cphulkd_errors.log Description : cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services by guessing the login password for that service…. It blacklists IPs that it thinks are trying to run a brute force attack. Quote: Failure Logging: Location : /var/log/faillog Description : Faillog formats the contents of the failure log from /var/log/faillog database. It also can be used for maintains failure counters and limits. Run faillog without arguments display only list of user faillog records who have ever had a login failure. Quote: Startup/Boot, Kernel & Hardware error messages : Location : /var/log/dmesg Description : dmesg is a “window” into the kernels ring-buffer. It’s a message buffer of the kernel. The content of this file is referred to by the dmesg command. It shows bootlog and the hardware errors..

No comments:

Post a Comment