My Wiki - User contributions [en]

https://mywiki.romanost.co.il/api.php?action=feedcontributions&feedformat=atom&user=Meadmin My Wiki - User contributions [en] 2026-04-16T14:37:42Z User contributions MediaWiki 1.27.4 https://mywiki.romanost.co.il/index.php?title=Useful_apps&diff=99 Useful apps 2023-04-20T08:08:36Z

<p>Meadmin: </p> <hr /> <div>Useful apps<br /> <br /> <br /> 1. [https://github.com/tellerops/teller Teller] - Universal secret manager<br /> <br /> 2. [https://github.com/kubeshark/kubeshark KubeShark] - API Traffic Analyzer for Kubernetes<br /> <br /> 3. [https://github.com/biobootloader/wolverine Wolverine] - Run python with regenerative healing<br /> <br /> 4. [https://github.com/k8sgpt-ai/k8sgpt K8Sgpt] - Scan your k8s in simple english<br /> <br /> 5. [https://diagrams.mingrammer.com/ diagrams] - Diagrams as code</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Useful_apps&diff=98 Useful apps 2023-03-30T08:07:03Z

<p>Meadmin: </p> <hr /> <div>Useful apps<br /> <br /> <br /> 1. [https://github.com/tellerops/teller Teller] - Universal secret manager<br /> <br /> 2. [https://github.com/kubeshark/kubeshark KubeShark] - API Traffic Analyzer for Kubernetes<br /> <br /> 3. [https://github.com/biobootloader/wolverine Wolverine] - Run python with regenerative healing<br /> <br /> 4. [https://github.com/k8sgpt-ai/k8sgpt K8Sgpt] - Scan your k8s in simple english</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Useful_apps&diff=97 Useful apps 2023-03-28T10:39:05Z

<p>Meadmin: </p> <hr /> <div>Useful apps<br /> <br /> <br /> 1. [https://github.com/tellerops/teller Teller] - Universal secret manager<br /> <br /> 2. [https://github.com/kubeshark/kubeshark KubeShark] - API Traffic Analyzer for Kubernetes<br /> <br /> 3. [https://github.com/biobootloader/wolverine Wolverine] - Run python with regenerative healing</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Useful_apps&diff=96 Useful apps 2023-03-28T09:36:20Z

<p>Meadmin: </p> <hr /> <div>Useful apps<br /> <br /> <br /> 1. [https://github.com/tellerops/teller Teller]<br /> <br /> 2. [https://github.com/kubeshark/kubeshark KubeShark]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Useful_apps&diff=95 Useful apps 2023-03-28T09:36:14Z

<p>Meadmin: </p> <hr /> <div>Useful apps<br /> <br /> <br /> 1. [https://github.com/tellerops/teller Teller]<br /> 2. [https://github.com/kubeshark/kubeshark KubeShark]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Useful_apps&diff=94 Useful apps 2023-02-08T09:37:58Z

<p>Meadmin: </p> <hr /> <div>Useful apps<br /> <br /> <br /> 1. [https://github.com/tellerops/teller Teller]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Useful_apps&diff=93 Useful apps 2023-02-08T09:37:15Z

<p>Meadmin: Created page with "Useful apps 1. Teller [https://github.com/tellerops/teller]"</p> <hr /> <div>Useful apps<br /> <br /> <br /> 1. Teller [https://github.com/tellerops/teller]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Main_Page&diff=92 Main Page 2023-02-08T09:36:24Z

<p>Meadmin: </p> <hr /> <div><br /> == List of content ==<br /> <br /> [[Windows]]<br /> <br /> [[Linux]]<br /> <br /> [[Dbs]]<br /> <br /> [[Mails]]<br /> <br /> [[Exim]]<br /> <br /> [[Dockers]]<br /> <br /> [[Kubernetes]]<br /> <br /> [[Yamls]]<br /> <br /> [[GCP]]<br /> <br /> [[OpenWRT]]<br /> <br /> [[Home Assistant]]<br /> <br /> [[Useful apps]]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Linux&diff=91 Linux 2020-10-13T06:37:49Z

<p>Meadmin: </p> <hr /> <div><br /> == Wordpress login attack check ==<br /> <br /> '''Crontab :'''<br /> 0 */6 * * * sh /root/wplogin.sh<br /> <br /> '''Script :'''<br /> #!/bin/bash<br /> <br /> ###start editing<br /> thold="100"<br /> btime="359m"<br /> ###stop editing<br /> <br /> egrep 'wp-login.php' /usr/local/apache/domlogs/* | grep -v ftp_log | awk -F : '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | awk -v limit="$thold" '$1 > limit{print $2}' > $$_ip_$$<br /> <br /> while IFS= read -r line<br /> do<br /> /usr/sbin/csf -td "$line" "$btime" "banned for wordpress attack"<br /> done < $$_ip_$$<br /> rm -f $$_ip_$$<br /> <br /> == Prevent OOM killer ==<br /> <br /> '''Edit file /etc/sysctl.conf'''<br /> <br /> vm.overcommit_memory = 2 <br /> vm.overcommit_ratio = 100<br /> <br /> In case of bad memory usage (php out of memory) use this settings:<br /> <br /> vm.overcommit_memory = 0<br /> vm.overcommit_ratio = 80<br /> <br /> == Who is using SWAP ==<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5<br /> <br /> Print with the process command:<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5|awk -F'/' '{cmd="cat /proc/" $3 "/cmdline"; cmd|getline var; close (cmd); printf $0 "\t"; print var}' <br /> <br /> == Plesk on CentOS 12 bind fix ==<br /> <br /> The problem was nginx was attempting to bind to port 443 before the IP was initialized.<br /> <br /> To fix edit the /etx/sysctl.conf file and add <br /> net.ipv4.ip_nonlocal_bind = 1<br /> <br /> == WHM replica ==<br /> <br /> rsync -avz 192.168.1.122:/home/ /home/ --exclude="virtfs" --exclude="\.cp*" --exclude="cpeasyapache" <br /> rsync -avz 192.168.1.122:/usr/local/apache/conf/ /usr/local/apache/conf/<br /> rsync -avz 192.168.1.122:/var/named/ /var/named/<br /> rsync -avz 192.168.1.122:/usr/local/cpanel/ /usr/local/cpanel/<br /> rsync -avz 192.168.1.122:/var/cpanel/ /var/cpanel<br /> <br /> chkconfig cpanel off<br /> chkconfig exim off<br /> chkconfig dovecot off<br /> chkconfig pure-ftpd off<br /> chkconfig named off<br /> chkconfig mysql off<br /> chkconfig csf off<br /> chkconfig iptables off<br /> <br /> hostname: /etc/sysconfig/network<br /> <br /> change shared ip - You can change it in /etc/wwwacct.conf infront of ADDR parameter.<br /> change ip - Usage: /usr/local/cpanel/bin/setsiteip [-u user | domain] ip (/etc/trueuserowners)<br /> rebuild httpd conf<br /> restart apache<br /> <br /> == Apache memory usage ==<br /> <br /> ps -ylC httpd | awk '{x += $8;y += 1} END {print "Apache Memory Usage (MB): "x/1024; print "Average Proccess Size (MB): "x/((y-1)*1024)}'<br /> <br /> <br /> == Wordpress pingback ==<br /> <br /> Nginx:<br /> <br /> # WordPress Pingback Request Denial<br /> if ($http_user_agent ~* "WordPress") {<br /> return 403;<br /> }<br /> <br /> Apache:<br /> <br /> BrowserMatchNoCase WordPress wordpress_ping<br /> BrowserMatchNoCase Wordpress wordpress_ping<br /> Order Deny,Allow<br /> Deny from env=wordpress_ping<br /> <br /> == Find big files and folders ==<br /> <br /> find / -mount -type f -print0 2>/dev/null | xargs -0 du 2>/dev/null | grep -v "virtfs" | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> find / -mount -type d -print0 2>/dev/null | xargs -0 du 2>/dev/null | grep -v "virtfs" | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> du -sh /var/cpanel/user_notifications && du -sh /backup/cpbackup/*/dirs/_var_cpanel/user_notifications<br /> <br /> == Rebuild Sophos when disk full ==<br /> <br /> /etc/init.d/postgresql92 rebuild<br /> <br /> On older versions:<br /> /var/mdw/scripts/smtp stop<br /> dropdb -U postgres smtp<br /> createdb -U postgres smtp<br /> /var/mdw/scripts/smtp start<br /> <br /> == Clear allowed networks on Sophos ==<br /> <br /> Login to the Sophos<br /> Type ‘cc’<br /> In cc, you’ll be in MAIN, if not, type ‘MAIN’<br /> Type ‘webadmin'<br /> Type ‘allowed_networks@'<br /> =['REF_NetworkAny']<br /> <br /> <br /> == Most accessed sites in the last minute ==<br /> <br /> cat <<'SCRIPT' >>/root/sitesLoad.sh<br /> <br /> #!/bin/bash<br /> <nowiki>if [[ `netstat -ntalp | grep :80 | awk '$4 ~ /:80/ {print $0;exit}' | grep -q httpd; echo $?` -ne 0 ]]; then echo "Main web server is not Apache. Exiting..."; exit 1; fi</nowiki><br /> <br /> log=/tmp/hostPop<br /> i=0<br /> find /usr/local/apache/domlogs/ -type f -mmin -1 ! -group root -exec ls -l {} \+ | awk '{print $4, $9}' | column -t>$log<br /> <br /> while read line; do<br /> ((++i))<br /> arr[$i]=$i<br /> arr[$i*1000]=$(printf "$line" | awk '{print $1}')<br /> arr[$i*1001]=$(printf "$line" | awk '{print $2}')<br /> arr[$i*1002]=$(wc -l `echo $line | awk '{print $NF}'` | cut -d' ' -f 1)<br /> done < <(cat $log)<br /> <br /> echo "Analyzing apache logs in realtime for 1 minute..."; sleep 60<br /> <br /> for (( var=1 ; var<=$i ; var++ ))<br /> do<br /> printf "${arr[$var*1000]} ${arr[$var*1001]} "<br /> echo $((`wc -l $(echo ${arr[$var*1001]}) | cut -d' ' -f 1` - ${arr[$var*1002]}));<br /> done | sed -e 's/\/usr\/local\/apache\/domlogs\///g' | sort -nrk 3 | column -t<br /> <br /> SCRIPT<br /> chmod 700 /root/sitesLoad.sh && /root/sitesLoad.sh<br /> <br /> == PHP.INI upload big files ==<br /> <br /> ini_set('upload_max_filesize', '10M');<br /> ini_set('post_max_size', '10M');<br /> ini_set('max_input_time', 300);<br /> ini_set('max_execution_time', 300);<br /> <br /> <br /> == Change permissions (chmod) to folders and files ==<br /> <br /> find . -type d -exec chmod 755 {} + <br /> find . -type f -exec chmod 644 {} + <br /> <br /> == Disable IPv6 ==<br /> <br /> For current session:<br /> echo 1 > /proc/sys/net/ipv6/conf/<interface-name>/disable_ipv6<br /> echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6<br /> <br /> Permanent:<br /> vi /etc/sysctl.conf<br /> net.ipv6.conf.all.disable_ipv6 = 1<br /> sudo sysctl -p /etc/sysctl.conf<br /> <br /> == Virtual box boot from USB ==<br /> VBoxManage internalcommands createrawvmdk -filename C:\usb.vmdk -rawdisk \\.\PhysicalDrive#<br /> <br /> <br /> == CSF GUI on ISPCONFIG 3 ==<br /> Install old CSF (before 8.13)<br /> <br /> Copy the ISPCONFIG folder to /etc/csf/ and enable CSF in ISPCONFIG<br /> <br /> Backup csfui* files<br /> <br /> Upgrade CSF<br /> <br /> Copy backuped csfui* files back<br /> <br /> Run the following commands:<br /> sed -i 's/checkip/ConfigServer::CheckIP::checkip/g' /usr/local/csf/bin/csfui.pl<br /> sed -i 's/sanity(/ConfigServer::Sanity::sanity(/g' /usr/local/csf/bin/csfui.pl<br /> <br /> <br /> == Max connections on Linux ==<br /> <br /> Add to /etc/sysctl.conf:<br /> <br /> fs.file-max = 70000<br /> net.ipv4.tcp_tw_recycle=0<br /> net.ipv4.tcp_fin_timeout = 10<br /> net.ipv4.ip_local_port_range = 15000 61000<br /> net.core.somaxconn = 1024<br /> net.core.netdev_max_backlog = 2000<br /> <br /> == CSF configuration ==<br /> <br /> ## Automated configuration:<br /> <br /> sed -i 's/TESTING = "1"/TESTING = "0"/' /etc/csf/csf.conf<br /> sed -i 's/RESTRICT_SYSLOG = "0"/RESTRICT_SYSLOG = "3"/' /etc/csf/csf.conf<br /> sed -i 's/IPV6 = "1"/IPV6 = "0"/' /etc/csf/csf.conf<br /> sed -i 's/IGNORE_ALLOW = "0"/IGNORE_ALLOW = "1"/' /etc/csf/csf.conf<br /> sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;70"/' /etc/csf/csf.conf<br /> sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;100;1,443;tcp;100;5"/' /etc/csf/csf.conf<br /> sed -i 's/CT_LIMIT = "0"/CT_LIMIT = "300"/' /etc/csf/csf.conf<br /> <br /> ## Disable LFD alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/LF_EMAIL_ALERT = "1"/LF_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SSH_EMAIL_ALERT = "1"/LF_SSH_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SU_EMAIL_ALERT = "1"/LF_SU_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_WEBMIN_EMAIL_ALERT = "1"/LF_WEBMIN_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_CONSOLE_EMAIL_ALERT = "1"/LF_CONSOLE_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LT_EMAIL_ALERT = "1"/LT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/CT_EMAIL_ALERT = "1"/CT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PS_EMAIL_ALERT = "1"/PS_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> <br /> ## Disable PT alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/PT_USERPROC = "10"/PT_USERPROC = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERMEM = "256"/PT_USERMEM = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERTIME = "1800"/PT_USERTIME = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERKILL_ALERT = "1"/PT_USERKILL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_LOAD = "30"/PT_LOAD = "0"/' /etc/csf/csf.conf<br /> <br /> <br /> == Rescan drives ==<br /> <br /> echo "- - -" > /sys/class/scsi_host/host0/scan<br /> <br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> <br /> <br /> == Find PTR owner - reversal ==<br /> <br /> dig 0.168.192.in-addr.arpa. NS<br /> <br /> <br /> == Fix locales in Ubuntu ==<br /> locale-gen en_US.UTF-8<br /> dpkg-reconfigure locales<br /> <br /> <br /> == Change permissions to all files and folders ==<br /> chown `stat -c %U .`.`stat -c %U .` * -R<br /> <br /> == Open last edited file ==<br /> less `ls -dx1tr /usr/local/cpanel/logs/cpbackup/*|tail -1`<br /> <br /> == Clear cache and swap ==<br /> echo 3 > /proc/sys/vm/drop_caches && swapoff -a && swapon -a<br /> <br /> == Disable core files in CPanel accounts ==<br /> <br /> Add this in /etc/sysctl.conf<br /> kernel.core_uses_pid = 0<br /> kernel.core_pattern = /dev/null<br /> <br /> And run:<br /> sysctl -p<br /> <br /> == Add HSTS support in CPANEL ==<br /> cp -p /var/cpanel/templates/apache2_4/ssl_vhost.default /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> vi /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> <br /> Edit:<br /> <VirtualHost[% FOREACH ipblock IN vhost.ips %] [% ipblock.ip %]:[% ipblock.port %][% END %]><br /> # Enable HTTP Strict Transport Security<br /> Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"<br /> <br /> cp -p /var/cpanel/templates/apache2_4/main.default /var/cpanel/templates/apache2_4/main.local<br /> vi /var/cpanel/templates/apache2_4/main.local<br /> <br /> Edit:<br /> [% IF main.sslprotocol.item.sslprotocol.length %]SSLProtocol [% main.sslprotocol.item.sslprotocol %][% END %]<br /> SSLHonorCipherOrder on<br /> <br /> Run:<br /> /scripts/rebuildhttpdconf<br /> service httpd restart<br /> <br /> <br /> == Install mod_pagespeed on WHM ==<br /> <br /> With EA3:<br /> /usr/local/cpanel/3rdparty/bin/git clone https://github.com/pagespeed/cpanel.git /tmp/pagespeed/<br /> cd /tmp/pagespeed/Easy<br /> tar -zcvf Speed.pm.tar.gz pagespeed<br /> mkdir -p /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy<br /> mv Speed.pm Speed.pm.tar.gz -t /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy/<br /> cd && rm -rf /tmp/pagespeed<br /> <br /> With EA4:<br /> <br /> Create file /etc/rpm/macros.apache2 and add the following lines of code exactly as below<br /> %_httpd_mmn 20120211x8664<br /> %_httpd_apxs /usr/bin/apxs<br /> %_httpd_dir /etc/apache2<br /> %_httpd_bindir %{_httpd_dir}/bin<br /> %_httpd_modconfdir %{_httpd_dir}/conf.modules.d<br /> %_httpd_confdir %{_httpd_dir}/conf.d<br /> %_httpd_contentdir /usr/share/apache2<br /> %_httpd_moddir /usr/lib64/apache2/modules<br /> <br /> Next run the following commands in order, make sure you run each command on it’s own<br /> rm -rf /root/rpmbuild/RPMS/x86_64/<br /> wget https://github.com/pagespeed/cpanel/raw/master/EA4/ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpmbuild --rebuild ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpm -Uvh /root/rpmbuild/RPMS/x86_64/ea-apache24-mod_pagespeed*.rpm<br /> /etc/init.d/httpd restart<br /> <br /> <br /> == Resize root partition without reboot ==<br /> <br /> Resize HD size in VC<br /> Run: (replace the device if needed)<br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> run fdisk:<br /> print the old partition and save the output<br /> delete the root partition<br /> create a new partition using the SAME start block and make sure that the end block is higher than previous one (enter, enter, enter…)<br /> write changes (ignore error)<br /> run:<br /> partx -u /dev/sda<br /> resize2fs -f /dev/sda3<br /> Make sure everything is OK:<br /> df -h<br /> <br /> <br /> == Delete files with a large file list - Argument list too long ==<br /> find . -name '*'|xargs rm<br /> <br /> <br /> == Show all domains in NGINX configuration ==<br /> <br /> grep -e "^\s*server_name" /etc/nginx/conf.d/*|sed -e 's/[\t ]*server_name//g;'|sed -e "s/ /\+/g"|sed -e 's/;//g'|while read line; do for i in $line; do echo -n "$i "|sed -e 's/://' -e 's/\+/\n |--/g'; done ;echo; done; echo<br /> <br /> <br /> == Kill process that runs more than X time ==<br /> <br /> Kill cgi after 30 secs:<br /> for i in `ps -eo pid,etime,cmd|grep cgi|awk '$2 > "00:30" {print $1}'`; do kill $i; done<br /> <br /> <br /> == Unblock Invalid packets in CSF ==<br /> # Drop out of order packets and packets in an INVALID state in iptables<br /> # connection tracking<br /> PACKET_FILTER = "0"<br /> <br /> <br /> == Who uses RAM ==<br /> <br /> ps aux | awk '{print $6/1024 " MB\t\t" $11}' | sort -n<br /> <br /> <br /> <br /> == Fix WHM/CPanel templates ==<br /> <br /> cp /usr/local/apache/conf/httpd.conf{,.cptech-`date +%Y%m%d`}<br /> mv /var/cpanel/templates/apache2_4/vhost.local /var/cpanel/templates/apache2_4/vhost.local.bak<br /> mv /var/cpanel/templates/apache2_4/ssl_vhost.local /var/cpanel/templates/apache2_4/ssl_vhost.local.bak<br /> /scripts/rebuildhttpdconf<br /> /scripts/restartsrv_httpd<br /> <br /> <br /> <br /> == Fix NFS mount on boot - Centos 7 ==<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-idmap.service<br /> [Install]<br /> WantedBy=multi-user.target<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-lock.service<br /> [Install]<br /> WantedBy=nfs.target<br /> <br /> Enable related services<br /> <br /> systemctl enable nfs-idmapd.service <br /> systemctl enable rpc-statd.service <br /> systemctl enable rpcbind.socket<br /> <br /> Reboot the server<br /> <br /> <br /> == Login to WHM with link ==<br /> <br /> whmapi1 create_user_session user=root service=whostmgrd locale=en<br /> <br /> <br /> <br /> == Update date and time on Linux server ==<br /> <br /> sudo ntpd -qg; sudo hwclock -w<br /> <br /> <br /> == Clone Linux user ==<br /> <br /> #!/bin/bash<br /> SRC=$1<br /> DEST=$2<br /> <br /> SRC_GROUPS=$(id -Gn ${SRC} | sed "s/${SRC} //g" | sed "s/ ${SRC}//g" | sed "s/ /,/g")<br /> SRC_SHELL=$(awk -F : -v name=${SRC} '(name == $1) { print $7 }' /etc/passwd)<br /> <br /> useradd --groups ${SRC_GROUPS} --shell ${SRC_SHELL} --create-home ${DEST}<br /> passwd ${DEST}<br /> <br /> <br /> == Reload VM after UUID change ==<br /> <br /> vim-cmd vmsvc/getallvms<br /> vim-cmd vmsvc/reload $vmID<br /> <br /> <br /> == Size of suspended accounts in WHM ==<br /> for i in `whmapi1 listsuspended|grep user|cut -d: -f2`; do echo "Suspended account: $i - using" `whmapi1 listaccts search=$i searchtype=user|grep diskused|cut -d: -f2`; done<br /> <br /> <br /> == Clear BOOT on Ubuntu when 100% ==<br /> dpkg --purge `dpkg --list|grep "linux-"|grep -v \`uname -r|sed 's/-generic//g'\`|cut -d" " -f3|grep "[0-9]-"|paste -sd " " -`<br /> <br /> <br /> == One-time login to wordpress ==<br /> <br /> Install wp cli:<br /> <br /> curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar<br /> chmod +x wp-cli.phar<br /> mv wp-cli.phar /usr/local/bin/wp<br /> <br /> Run from the WordPress installed location:<br /> <br /> useradmin=`wp user list --role=administrator --format=csv --allow-root | cut -d',' -f2 | head -2 | tail -1` && wp plugin install one-time-login --activate --allow-root && wp user one-time-login $useradmin --allow-root && user=$(stat -c "%U" `pwd`) && chown $user.$user wp-content/ -R<br /> <br /> <br /> == Cpanel resources consumption history per user ==<br /> <nowiki>OUT=$(/usr/local/cpanel/bin/dcpumonview | grep -v Top | sed -e 's#<[^>]*># #g' | while read i ; do NF=`echo $i | awk {'print NF'}` ; if [[ "$NF" == "5" ]] ; then USER=`echo $i | awk {'print $1'}`; OWNER=`grep -e "^OWNER=" /var/cpanel/users/$USER | cut -d= -f2` ; echo "$OWNER $i"; fi ; done) ; (echo "USER CPU" ; echo "$OUT" | sort -nrk4 | awk '{printf "%s %s%\n",$2,$4}' | head -5) | column -t ;echo;(echo -e "USER MEMORY" ; echo "$OUT" | sort -nrk5 | awk '{printf "%s %s%\n",$2,$5}' | head -5) | column -t ;echo;(echo -e "USER MYSQL" ; echo "$OUT" | sort -nrk6 | awk '{printf "%s %s%\n",$2,$6}' | head -5) | column -t ; </nowiki><br /> <br /> <br /> == Engintron generate custom_rules for all domains on the server. ==<br /> ip=`hostname -i` && for domain in `httpd -S | grep www. | awk -F 'www.' '{print $2}'`;do printf "if ( \$host ~ \"%s\") {set \$PROXY_DOMAIN_OR_IP \"$ip\";}\n" $domain ;done >> /etc/nginx/custom_rules && service nginx reload<br /> <br /> <br /> == Fix Installatron - error 500 or missing list/install ==<br /> /usr/local/installatron/repair -f --release --quick<br /> [https://installatron.com/docs/admin/troubleshooting#missinginstalls Installatron FIX]<br /> <br /> <br /> == Find root of a site and CD to it ==<br /> <br /> Replace domain.com with desired domain<br /> cd `grep "domain.com" /etc/apache2/conf/httpd.conf -A7|grep Root|head -1|awk '{print $2}'`<br /> <br /> <br /> == Generate CSR with OPENSSL ==<br /> <br /> Generate key:<br /> openssl genrsa -out private.key 2048<br /> <br /> Generate CSR:<br /> openssl req -new -sha256 -key private.key -out mycsr.csr<br /> <br /> Generate Self-signed SSL with private key:<br /> openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt<br /> <br /> <br /> == PHP disable functions hardening ==<br /> <br /> disable_functions = "allow_url_fopen, apache_child_terminate, apache_setenv, base64_decode, chgrp, chmod, define_syslog_variables, dl, egy_perl, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftok, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, ini_set, inject_code, leak, link, mysql_pconnect, openlog, passthru, pclose, pcntl_exec, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, php_eval, phpinfo, php_uname, popen, posix_access, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_get_last_error, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix_getppid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_kill, posix_mkfifo, posix_mknod, posix_satty, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_strerror, posix_tims, posix_ttyname, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, putenv, readlink, root, safe_dir, set_time_limit, shell_exec, show_source, symlink, syslog, system, wscript, xmlrpc_entity_decode"<br /> <br /> <br /> == Mount Google Drive on Linux ==<br /> <br /> Install rclone:<br /> yum install rclone<br /> <br /> Config rclone: (select Google Drive and all other leave default)<br /> rclone config<br /> <br /> Browser will be opened on finish, auth with your account and then mount the drive:<br /> rclone mount gdrive: /gdrive/ &<br /> <br /> Use SSH tunneling for auth if running on Linux server (without GUI)<br /> <br /> <br /> == Links ==<br /> Installing Redis: [https://troubleshootguru.wordpress.com/2014/11/19/how-to-install-redis-on-a-centos-6-5-centos-7-0-server-2/] [https://www.fastcomet.com/community/question/wordpress-caching-with-redis-centos-cpanel/] [https://nixtree.com/blog/install-redis-daemon-and-redis-php-extention-on-centosrhelcpanel/]<br /> <br /> Windows images [http://torrent-win.net/windows_original/]<br /> <br /> Github: [https://github.com/romanost Github]<br /> <br /> Arista: [https://www.arista.com/assets/data/docs/Manuals/EOS-4.17.0F-Manual.pdf Manual] [https://www.arista.com/en/um-eos/eos-section-3-10-command-line-interface-commands CLI]<br /> <br /> VMware converter old version [http://soft.assenov.net/software/index.php?dir=VMWare/ Link]<br /> <br /> GEOip on EA4 [https://grepitout.com/install-mod_geoip-cpanel-easyapache-4/ link]<br /> <br /> PHP Malware finder [https://github.com/nbs-system/php-malware-finder link]<br /> <br /> Ahsay on QNAP patch [http://wiki.ahsay.com/doku.php?id=public:5356_no_suitable_python_found_for_arm-x41_installation_issue_on_qnap link]<br /> <br /> Kubernetes cheat sheet [https://linuxacademy.com/blog/containers/kubernetes-cheat-sheet/ link]<br /> <br /> Kubernetes Essentials [https://medium.com/devopslinks/kubernetes-essentials-282ac9951542 link]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Home_Assistant&diff=90 Home Assistant 2020-06-21T18:18:08Z

<p>Meadmin: </p> <hr /> <div>Send VPS statistics to HA<br /> <br /> Update token ($apitoken), address ($apiaddr) and disk device ($disk)<br /> <br /> #!/bin/bash<br /> <br /> apitoken="xxxxxx"<br /> apiaddr="https://ha.myhome:8123/api/states/"<br /> apiheaders=" -H \"Authorization: Bearer $apitoken\" -H \"Content-Type: application/json\" "<br /> apihost=`hostname|sed "s/\./_/g"`<br /> apiurl="sensor.$apihost"<br /> <br /> diskname="vda"<br /> disk="/dev/$diskname"<br /> <br /> srvuptime=`uptime -p`<br /> srvmem=`free -m |grep "Mem"|awk '{print ($4+$7)"M"}'`<br /> srvprocs=`ps -ef|wc -l`<br /> diskuse=`df -h $disk |grep "/$"|awk '{print $5}'|tr -d '%'`<br /> diskio=`df -ih $disk |grep "/$"|awk '{print $5}'|tr -d '%'`<br /> netcons=`netstat -ant|grep ESTA|wc -l`<br /> mailqu=`/usr/sbin/exim -bpc`<br /> srvaccounts=`cat /etc/domainusers |wc -l`<br /> <br /> srvtmp=`cat /proc/loadavg`<br /> read -r -a srvla <<< "$srvtmp"<br /> <br /> apidata=" -d '{\"state\":\"$srvuptime\", \"attributes\": {\"friendly_name\":\"$apihost\",\"uptime\":\"$srvuptime\",\"freemem\":\"$srvmem\",\"load\":${srvla[0]},\"procs\":$srvprocs,\"disk_use_$diskname\":\"$diskuse\",\"disk_io_use_$diskname\":\"$diskio\",\"connections\":$netcons,\"mail_queue\":$mailqu,\"accounts\":$srvaccounts}}'"<br /> <br /> bash -c "curl $apiaddr$apiurl $apiheaders -X POST $apidata -k"<br /> <br /> daybefore=`date +%d/%b/%Y --date="last day"`<br /> IFS=$'\n'; for i in `cat /etc/domainusers`; do<br /> IFS=":"; read -r -a arr <<< "$i"<br /> domacc=${arr[0]}<br /> domdom=`echo ${arr[1]}|xargs`<br /> domtotal=`zgrep "$daybefore" /home/$domacc/logs/* 2>/dev/null |wc -l`<br /> domres=`zgrep "$daybefore" /home/$domacc/logs/* 2>/dev/null |cut -d"[" -f2-|awk '{print $6}'|sort|uniq -c|sort -h|awk '{print $2 " " $1}'`<br /> apiurl="sensor.${apihost}_${domacc}"<br /> sensordata="'{\"state\":\"$domdom\", \"attributes\": {\"friendly_name\":\"$domdom\",\"total_yesterday\":\"$domtotal\""<br /> <br /> IFS=$'\n'; for q in $domres; do<br /> IFS=" "; read -r -a res <<< "$q"<br /> sensordata="${sensordata},\"responsecode_${res[0]}\":${res[1]}"<br /> done<br /> sensordata="${sensordata}}}'"<br /> apidata=" -d $sensordata"<br /> bash -c "curl $apiaddr$apiurl $apiheaders -X POST $apidata -k"<br /> done</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Home_Assistant&diff=89 Home Assistant 2020-06-20T18:57:39Z

<p>Meadmin: </p> <hr /> <div>Send VPS statistics to HA<br /> <br /> Update token ($apitoken), address ($apiaddr) and disk device ($disk)<br /> <br /> #!/bin/bash<br /> <br /> apitoken="xxxxxx"<br /> apiaddr="https://ha.myhome:8123/api/states/"<br /> apiheaders=" -H \"Authorization: Bearer $apitoken\" -H \"Content-Type: application/json\" "<br /> apihost=`hostname|sed "s/\./_/g"`<br /> apiurl="sensor.$apihost"<br /> <br /> disk="/dev/vda"<br /> <br /> srvuptime=`uptime -p`<br /> srvmem=`free -m |grep "Mem"|awk '{print ($4+$7)"M"}'`<br /> srvprocs=`ps -ef|wc -l`<br /> diskuse=`df -h $disk |grep "/$"|awk '{print $5}'|tr -d '%'`<br /> diskio=`df -ih $disk |grep "/$"|awk '{print $5}'|tr -d '%'`<br /> netcons=`netstat -ant|grep ESTA|wc -l`<br /> mailqu=`/usr/sbin/exim -bpc`<br /> srvaccounts=`cat /etc/domainusers |wc -l`<br /> <br /> srvtmp=`cat /proc/loadavg`<br /> read -r -a srvla <<< "$srvtmp"<br /> <br /> apidata=" -d '{\"state\":\"$srvuptime\", \"attributes\": {\"friendly_name\":\"$apihost\",\"uptime\":\"$srvuptime\",\"freemem\":\"$srvmem\",\"load\":${srvla[0]},\"procs\":$srvprocs,\"disk_use_$disk\":\"$diskuse\",\"disk_io_use_$disk\":\"$diskio\",\"connections\":$netcons,\"mail_queue\":$mailqu,\"accounts\":$srvaccounts}}'"<br /> <br /> bash -c "curl $apiaddr$apiurl $apiheaders -X POST $apidata -k"<br /> <br /> daybefore=`date +%d/%b/%Y --date="last day"`<br /> IFS=$'\n'; for i in `cat /etc/domainusers`; do<br /> IFS=":"; read -r -a arr <<< "$i"<br /> domacc=${arr[0]}<br /> domdom=`echo ${arr[1]}|xargs`<br /> domtotal=`zgrep "$daybefore" /home/$domacc/logs/* 2>/dev/null |wc -l`<br /> domres=`zgrep "$daybefore" /home/$domacc/logs/* 2>/dev/null |cut -d"[" -f2-|awk '{print $6}'|sort|uniq -c|sort -h|awk '{print $2 " " $1}'`<br /> apiurl="sensor.${apihost}_${domacc}"<br /> sensordata="'{\"state\":\"$domdom\", \"attributes\": {\"friendly_name\":\"$domdom\",\"total_yesterday\":\"$domtotal\""<br /> <br /> IFS=$'\n'; for q in $domres; do<br /> IFS=" "; read -r -a res <<< "$q"<br /> sensordata="${sensordata},\"responsecode_${res[0]}\":${res[1]}"<br /> done<br /> sensordata="${sensordata}}}'"<br /> apidata=" -d $sensordata"<br /> bash -c "curl $apiaddr$apiurl $apiheaders -X POST $apidata -k"<br /> done</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Home_Assistant&diff=88 Home Assistant 2020-06-20T18:40:30Z

<p>Meadmin: </p> <hr /> <div>Send VPS statistics to HA<br /> <br /> Update token ($apitoken), address ($apiaddr) and disk device ($disk)<br /> <br /> #!/bin/bash<br /> <br /> apitoken="xxxxxx"<br /> apiaddr="https://ha.myhome:8123/api/states/"<br /> apiheaders=" -H \"Authorization: Bearer $apitoken\" -H \"Content-Type: application/json\" "<br /> apihost=`hostname|sed "s/\./_/g"`<br /> apiurl="sensor.$apihost"<br /> <br /> disk="/dev/vda"<br /> <br /> srvuptime=`uptime -p`<br /> srvmem=`free -m |grep "Mem"|awk '{print ($4+$7)"M"}'`<br /> srvprocs=`ps -ef|wc -l`<br /> diskuse=`df -h $disk |grep "/$"|awk '{print $5}'|tr -d '%'`<br /> diskio=`df -ih $disk |grep "/$"|awk '{print $5}'|tr -d '%'`<br /> netcons=`netstat -ant|grep ESTA|wc -l`<br /> mailqu=`/usr/sbin/exim -bpc`<br /> <br /> srvtmp=`cat /proc/loadavg`<br /> read -r -a srvla <<< "$srvtmp"<br /> <br /> apidata=" -d '{\"state\":\"$srvuptime\", \"attributes\": {\"friendly_name\":\"$apihost\",\"uptime\":\"$srvuptime\",\"freemem\":\"$srvmem\",\"load\":${srvla[0]},\"procs\":$srvprocs,\"disk_use_$disk\":\"$diskuse\",\"disk_io_use_$disk\":\"$diskio\",\"connections\":$netcons,\"mail_queue\":$mailqu}}'"<br /> <br /> bash -c "curl $apiaddr$apiurl $apiheaders -X POST $apidata -k"<br /> <br /> daybefore=`date +%d/%b/%Y --date="last day"`<br /> IFS=$'\n'; for i in `cat /etc/domainusers`; do<br /> IFS=":"; read -r -a arr <<< "$i"<br /> domacc=${arr[0]}<br /> domdom=`echo ${arr[1]}|xargs`<br /> domtotal=`zgrep "$daybefore" /home/$domacc/logs/* 2>/dev/null |wc -l`<br /> domres=`zgrep "$daybefore" /home/$domacc/logs/* 2>/dev/null |cut -d"[" -f2-|awk '{print $6}'|sort|uniq -c|sort -h|awk '{print $2 " " $1}'`<br /> apiurl="sensor.${apihost}_${domacc}"<br /> sensordata="'{\"state\":\"$domdom\", \"attributes\": {\"friendly_name\":\"$domdom\",\"total_yesterday\":\"$domtotal\""<br /> <br /> IFS=$'\n'; for q in $domres; do<br /> IFS=" "; read -r -a res <<< "$q"<br /> sensordata="${sensordata},\"responsecode_${res[0]}\":${res[1]}"<br /> done<br /> sensordata="${sensordata}}}'"<br /> apidata=" -d $sensordata"<br /> bash -c "curl $apiaddr$apiurl $apiheaders -X POST $apidata -k"<br /> done</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Home_Assistant&diff=87 Home Assistant 2020-06-20T18:40:17Z

<p>Meadmin: </p> <hr /> <div>Send VPS statistics to HA<br /> <br /> Update token ($apitoken), address ($apiaddr) and disk device ($disk)<br /> <br /> #!/bin/bash<br /> <br /> apitoken="xxxxxx"<br /> apiaddr="https://ha.myhome:8123/api/states/"<br /> apiheaders=" -H \"Authorization: Bearer $apitoken\" -H \"Content-Type: application/json\" "<br /> apihost=`hostname|sed "s/\./_/g"`<br /> apiurl="sensor.$apihost"<br /> <br /> disk="/dev/vda"<br /> <br /> srvuptime=`uptime -p`<br /> srvmem=`free -m |grep "Mem"|awk '{print ($4+$7)"M"}'`<br /> srvprocs=`ps -ef|wc -l`<br /> diskuse=`df -h $disk |grep "/$"|awk '{print $5}'|tr -d '%'`<br /> diskio=`df -ih $disk |grep "/$"|awk '{print $5}'|tr -d '%'`<br /> netcons=`netstat -ant|grep ESTA|wc -l`<br /> mailqu=`/usr/sbin/exim -bpc`<br /> <br /> srvtmp=`cat /proc/loadavg`<br /> read -r -a srvla <<< "$srvtmp"<br /> <br /> apidata=" -d '{\"state\":\"$srvuptime\", \"attributes\": {\"friendly_name\":\"$apihost\",\"uptime\":\"$srvuptime\",\"freemem\":\"$srvmem\",\"load\":${srvla[0]},\"procs\":$srvprocs,\"disk_use_$disk\":\"$diskuse\",\"disk_io_use_$disk\":\"$diskio\",\"connections\":$netcons,\"mail_queue\":$mailqu}}'"<br /> <br /> bash -c "curl $apiaddr$apiurl $apiheaders -X POST $apidata -k"<br /> <br /> daybefore=`date +%d/%b/%Y --date="last day"`<br /> IFS=$'\n'; for i in `cat /etc/domainusers`; do<br /> IFS=":"; read -r -a arr <<< "$i"<br /> domacc=${arr[0]}<br /> domdom=`echo ${arr[1]}|xargs`<br /> domtotal=`zgrep "$daybefore" /home/$domacc/logs/* 2>/dev/null |wc -l`<br /> domres=`zgrep "$daybefore" /home/$domacc/logs/* 2>/dev/null |cut -d"[" -f2-|awk '{print $6}'|sort|uniq -c|sort -h|awk '{print $2 " " $1}'`<br /> apiurl="sensor.${apihost}_${domacc}"<br /> sensordata="'{\"state\":\"$domdom\", \"attributes\": {\"friendly_name\":\"$domdom\",\"total_yesterday\":\"$domtotal\""<br /> <br /> IFS=$'\n'; for q in $domres; do<br /> IFS=" "; read -r -a res <<< "$q"<br /> sensordata="${sensordata},\"responsecode_${res[0]}\":${res[1]}"<br /> done<br /> sensordata="${sensordata}}}'"<br /> apidata=" -d $sensordata"<br /> bash -c "curl $apiaddr$apiurl $apiheaders -X POST $apidata -k"<br /> done</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Home_Assistant&diff=86 Home Assistant 2020-06-11T13:48:29Z

<p>Meadmin: </p> <hr /> <div>Send VPS statistics to HA<br /> <br /> Update token ($apitoken), address ($apiaddr) and disk device ($disk)<br /> <br /> #!/bin/bash<br /> <br /> apitoken="xxxxxx"<br /> apiaddr="https://ha.myhome:8123/api/states/"<br /> apiheaders=" -H \"Authorization: Bearer $apitoken\" -H \"Content-Type: application/json\" "<br /> apihost=`hostname|sed "s/\./_/g"`<br /> apiurl="sensor.$apihost"<br /> <br /> disk="/dev/vda"<br /> <br /> srvuptime=`uptime -p`<br /> srvmem=`free -m |grep "Mem"|awk '{print ($4+$7)"M"}'`<br /> srvprocs=`ps -ef|wc -l`<br /> diskuse=`df -h $disk |grep "/$"|awk '{print $5}'`<br /> diskio=`df -ih $disk |grep "/$"|awk '{print $5}'`<br /> netcons=`netstat -ant|grep ESTA|wc -l`<br /> mailqu=`/usr/sbin/exim -bpc`<br /> <br /> srvtmp=`cat /proc/loadavg`<br /> read -r -a srvla <<< "$srvtmp"<br /> <br /> apidata=" -d '{\"state\":\"$srvuptime\", \"attributes\": {\"friendly_name\":\"$apihost\",\"uptime\":\"$srvuptime\",\"freemem\":\"$srvmem\",\"load\":${srvla[0]},\"procs\":$srvprocs,\"disk_use_$disk\":\"$diskuse\",\"disk_io_use_$disk\":\"$diskio\",\"connections\":$netcons,\"mail_queue\":$mailqu}}'"<br /> <br /> bash -c "curl $apiaddr$apiurl $apiheaders -X POST $apidata -k"</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Home_Assistant&diff=85 Home Assistant 2020-06-11T11:31:59Z

<p>Meadmin: </p> <hr /> <div>Send VPS statistics to HA<br /> <br /> Update token ($apitoken), address ($apiaddr) and disk device ($disk)<br /> <br /> #!/bin/bash<br /> <br /> apitoken="xxxxxx"<br /> apiaddr="https://ha.myhome:8123/api/states/"<br /> apiheaders=" -H \"Authorization: Bearer $apitoken\" -H \"Content-Type: application/json\" "<br /> apihost=`hostname|sed "s/\./_/g"`<br /> apiurl="sensor.$apihost"<br /> <br /> disk="/dev/vda"<br /> <br /> srvuptime=`uptime -p`<br /> srvmem=`free -m |grep "Mem"|awk '{print ($4+$7)"M"}'`<br /> srvprocs=`ps -ef|wc -l`<br /> diskuse=`df -h $disk |grep "/$"|awk '{print $5}'`<br /> diskio=`df -ih $disk |grep "/$"|awk '{print $5}'`<br /> netcons=`netstat -ant|grep ESTA|wc -l`<br /> mailqu=`exim -bpc`<br /> <br /> srvtmp=`cat /proc/loadavg`<br /> read -r -a srvla <<< "$srvtmp"<br /> <br /> apidata=" -d '{\"state\":\"$srvuptime\", \"attributes\": {\"friendly_name\":\"$apihost\",\"uptime\":\"$srvuptime\",\"freemem\":\"$srvmem\",\"load\":${srvla[0]},\"procs\":$srvprocs,\"disk_use_$disk\":\"$diskuse\",\"disk_io_use_$disk\":\"$diskio\",\"connections\":$netcons,\"mail_queue\":$mailqu}}'"<br /> <br /> bash -c "curl $apiaddr$apiurl $apiheaders -X POST $apidata -k"</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Home_Assistant&diff=84 Home Assistant 2020-06-11T11:31:47Z

<p>Meadmin: </p> <hr /> <div>Send VPS statistics to HA<br /> <br /> Update token ($apitoken), address ($apiaddr) and disk device ($disk)<br /> <br /> #!/bin/bash<br /> <br /> apitoken="xxxxxx"<br /> apiaddr="https://ha.myhome:8123/api/states/"<br /> apiheaders=" -H \"Authorization: Bearer $apitoken\" -H \"Content-Type: application/json\" "<br /> apihost=`hostname|sed "s/\./_/g"`<br /> apiurl="sensor.$apihost"<br /> <br /> disk="/dev/vda"<br /> <br /> srvuptime=`uptime -p`<br /> srvmem=`free -m |grep "Mem"|awk '{print ($4+$7)"M"}'`<br /> srvprocs=`ps -ef|wc -l`<br /> diskuse=`df -h $disk |grep "/$"|awk '{print $5}'`<br /> diskio=`df -ih $disk |grep "/$"|awk '{print $5}'`<br /> netcons=`netstat -ant|grep ESTA|wc -l`<br /> mailqu=`exim -bpc`<br /> <br /> srvtmp=`cat /proc/loadavg`<br /> read -r -a srvla <<< "$srvtmp"<br /> <br /> apidata=" -d '{\"state\":\"$srvuptime\", \"attributes\": {\"friendly_name\":\"$apihost\",\"uptime\":\"$srvuptime\",\"freemem\":\"$srvmem\",\"load\":${srvla[0]},\"procs\":$srvprocs,\"disk_use_$disk\":\"$diskuse\",\"disk_io_use_$disk\":\"$diskio\",\"connections\":$netcons,\"mail_queue\":$mailqu}}'"<br /> <br /> bash -c "curl $apiaddr$apiurl $apiheaders -X POST $apidata -k"</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Home_Assistant&diff=83 Home Assistant 2020-06-11T11:16:44Z

<p>Meadmin: </p> <hr /> <div>Send VPS statistics to HA<br /> <br /> Update token ($apitoken), address ($apiaddr) and disk device ($disk)<br /> <br /> #!/bin/bash<br /> <br /> apitoken="xxxxxx"<br /> apiaddr="https://ha.myhome:8123/api/states/"<br /> apiheaders=" -H \"Authorization: Bearer $apitoken\" -H \"Content-Type: application/json\" "<br /> apihost=`hostname|sed "s/\./_/g"`<br /> apiurl="sensor.$apihost"<br /> <br /> disk="/dev/vda"<br /> <br /> srvuptime=`uptime -p`<br /> srvmem=`free -m |grep "Mem"|awk '{print ($4+$7)"M"}'`<br /> srvprocs=`ps -ef|wc -l`<br /> diskuse=`df -h $disk |grep "/$"|awk '{print $5}'`<br /> diskio=`df -ih $disk |grep "/$"|awk '{print $5}'`<br /> netcons=`netstat -ant|grep ESTA|wc -l`<br /> mailqu=`exim -bpc`<br /> <br /> srvtmp=`cat /proc/loadavg`<br /> read -r -a srvla <<< "$srvtmp"<br /> <br /> apidata=" -d '{\"state\":\"$srvuptime\", \"attributes\": {\"friendly_name\":\"$apihost\",\"uptime\":\"$srvuptime\",\"freemem\":\"$srvmem\",\"load\":\"${srvla[0]} ${srvla[1]} ${srvla[2]}\",\"procs\":$srvprocs,\"disk_use_$disk\":\"$diskuse\",\"disk_io_use_$disk\":\"$diskio\",\"connections\":$netcons,\"mail_queue\":$mailqu}}'"<br /> <br /> bash -c "curl $apiaddr$apiurl $apiheaders -X POST $apidata -k"</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=OpenWRT&diff=82 OpenWRT 2020-04-25T14:18:41Z

<p>Meadmin: </p> <hr /> <div>Install OpenVPN on OpenWRT<br /> <br /> 1. Install packages:<br /> opkg update<br /> opkg install luci-app-openvpn<br /> opkg install openvpn-openssl<br /> wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/easyrsa<br /> chmod 755 easyrsa<br /> mv easyrsa /usr/bin<br /> mkdir -p /etc/easy-rsa/pki/x509-types<br /> wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/x509-types/server<br /> wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/x509-types/client<br /> wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/openssl-easyrsa.cnf<br /> mv server /etc/easy-rsa/pki/x509-types/ <br /> mv client /etc/easy-rsa/pki/x509-types/<br /> mv openssl-easyrsa.cnf /etc/easy-rsa/pki/<br /> <br /> 2. Configure firewall<br /> uci rename firewall.@zone[0]="lan"<br /> uci rename firewall.@zone[1]="wan"<br /> uci rename firewall.@forwarding[0]="lan_wan"<br /> uci del_list firewall.lan.device="tun0"<br /> uci add_list firewall.lan.device="tun0"<br /> uci -q delete firewall.vpn<br /> uci set firewall.ovpn="rule"<br /> uci set firewall.ovpn.name="Allow-OpenVPN"<br /> uci set firewall.ovpn.src="wan"<br /> uci set firewall.ovpn.dest_port="1194"<br /> uci set firewall.ovpn.proto="udp"<br /> uci set firewall.ovpn.target="ACCEPT"<br /> uci commit firewall<br /> /etc/init.d/firewall restart<br /> <br /> 3. Create Certificates:<br /> export EASYRSA_PKI="/etc/easy-rsa/pki" <br /> export EASYRSA_REQ_CN="ovpnca"<br /> # Remove and re-initialize the PKI directory<br /> easyrsa --batch init-pki<br /> # Generate DH parameters<br /> easyrsa --batch gen-dh<br /> # Create a new CA<br /> easyrsa --batch build-ca nopass<br /> # Generate a keypair and sign locally for a server<br /> easyrsa --batch build-server-full server nopass<br /> # Generate a keypair and sign locally for a client <br /> easyrsa --batch build-client-full client nopass<br /> <br /> 4. Configure VPN server:<br /> # Generate TLS PSK<br /> OVPN_PKI="/etc/easy-rsa/pki"<br /> openvpn --genkey --secret ${OVPN_PKI}/tc.pem<br /> <br /> # Configuration parameters<br /> OVPN_DIR="/etc/openvpn"<br /> OVPN_PKI="/etc/easy-rsa/pki"<br /> OVPN_DEV="$(uci get firewall.lan.device | sed -e "s/^.*\s//")"<br /> OVPN_PORT="$(uci get firewall.ovpn.dest_port)"<br /> OVPN_PROTO="$(uci get firewall.ovpn.proto)"<br /> OVPN_POOL="192.168.8.0 255.255.255.0"<br /> OVPN_DNS="${OVPN_POOL%.* *}.1"<br /> OVPN_DOMAIN="$(uci get dhcp.@dnsmasq[0].domain)"<br /> OVPN_DH="$(cat ${OVPN_PKI}/dh.pem)"<br /> OVPN_TC="$(sed -e "/^#/d;/^\w/N;s/\n//" ${OVPN_PKI}/tc.pem)"<br /> OVPN_CA="$(openssl x509 -in ${OVPN_PKI}/ca.crt)"<br /> NL=$'\n'<br /> <br /> # Configure VPN server<br /> umask u=rw,g=,o=<br /> grep -l -r -e "TLS Web Server Auth" "${OVPN_PKI}/issued" \<br /> | sed -e "s/^.*\///;s/\.\w*$//" \<br /> | while read -r OVPN_ID<br /> do<br /> OVPN_CERT="$(openssl x509 -in ${OVPN_PKI}/issued/${OVPN_ID}.crt)"<br /> OVPN_KEY="$(cat ${OVPN_PKI}/private/${OVPN_ID}.key)"<br /> cat << EOF > ${OVPN_DIR}/${OVPN_ID}.conf<br /> verb 3<br /> user nobody<br /> group nogroup<br /> dev ${OVPN_DEV}<br /> port ${OVPN_PORT}<br /> proto ${OVPN_PROTO}<br /> server ${OVPN_POOL}<br /> topology subnet<br /> client-to-client<br /> keepalive 10 120<br /> persist-tun<br /> persist-key<br /> push "dhcp-option DNS ${OVPN_DNS}"<br /> push "dhcp-option DOMAIN ${OVPN_DOMAIN}"<br /> push "redirect-gateway def1"<br /> push "persist-tun"<br /> push "persist-key"<br /> <dh>${NL}${OVPN_DH}${NL}</dh><br /> <tls-auth>${NL}${OVPN_TC}${NL}</tls-auth><br /> <ca>${NL}${OVPN_CA}${NL}</ca><br /> <cert>${NL}${OVPN_CERT}${NL}</cert><br /> <key>${NL}${OVPN_KEY}${NL}</key><br /> EOF<br /> done<br /> /etc/init.d/openvpn restart<br /> <br /> 5. Create client configuration file:<br /> <br /> # Fetch IP address or update to FQDN<br /> #OVPN_SERV="fqdn.myhome.com"<br /> OVPN_SERV=`wget -qO- ifconfig.co`<br /> <br /> # Configuration parameters<br /> OVPN_DIR="/etc/openvpn"<br /> OVPN_PKI="/etc/easy-rsa/pki"<br /> OVPN_DEV="$(uci get firewall.lan.device | sed -e "s/^.*\s//")"<br /> OVPN_PORT="$(uci get firewall.ovpn.dest_port)"<br /> OVPN_PROTO="$(uci get firewall.ovpn.proto)"<br /> OVPN_TC="$(sed -e "/^#/d;/^\w/N;s/\n//" ${OVPN_PKI}/tc.pem)"<br /> OVPN_CA="$(openssl x509 -in ${OVPN_PKI}/ca.crt)"<br /> NL=$'\n'<br /> <br /> # Generate VPN client profiles<br /> umask u=rw,g=,o=<br /> grep -l -r -e "TLS Web Client Auth" "${OVPN_PKI}/issued" \<br /> | sed -e "s/^.*\///;s/\.\w*$//" \<br /> | while read -r OVPN_ID<br /> do<br /> OVPN_CERT="$(openssl x509 -in ${OVPN_PKI}/issued/${OVPN_ID}.crt)"<br /> OVPN_KEY="$(cat ${OVPN_PKI}/private/${OVPN_ID}.key)"<br /> cat << EOF > ${OVPN_DIR}/${OVPN_ID}.ovpn<br /> verb 3<br /> dev ${OVPN_DEV%%[0-9]*}<br /> nobind<br /> client<br /> remote ${OVPN_SERV} ${OVPN_PORT} ${OVPN_PROTO}<br /> auth-nocache<br /> remote-cert-tls server<br /> <tls-auth>${NL}${OVPN_TC}${NL}</tls-auth><br /> <ca>${NL}${OVPN_CA}${NL}</ca><br /> <cert>${NL}${OVPN_CERT}${NL}</cert><br /> <key>${NL}${OVPN_KEY}${NL}</key><br /> EOF<br /> done<br /> ls ${OVPN_DIR}/*.ovpn</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Home_Assistant&diff=81 Home Assistant 2020-04-25T13:53:04Z

<p>Meadmin: Created page with "Here will be some interesting stuff related to Home assistant (hassio)"</p> <hr /> <div>Here will be some interesting stuff related to Home assistant (hassio)</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Main_Page&diff=80 Main Page 2020-04-25T13:52:26Z

<p>Meadmin: /* List of content */</p> <hr /> <div><br /> == List of content ==<br /> <br /> [[Windows]]<br /> <br /> [[Linux]]<br /> <br /> [[Dbs]]<br /> <br /> [[Mails]]<br /> <br /> [[Exim]]<br /> <br /> [[Dockers]]<br /> <br /> [[Kubernetes]]<br /> <br /> [[Yamls]]<br /> <br /> [[GCP]]<br /> <br /> [[OpenWRT]]<br /> <br /> [[Home Assistant]]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=OpenWRT&diff=79 OpenWRT 2020-04-25T13:50:55Z

<p>Meadmin: </p> <hr /> <div>Install OpenVPN on OpenWRT<br /> <br /> 1. Install packages:<br /> opkg update<br /> opkg install luci-app-openvpn<br /> opkg install openvpn-openssl<br /> wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/easyrsa<br /> chmod 755 easyrsa<br /> mv easyrsa /usr/bin<br /> mkdir -p /etc/easy-rsa/pki/x509-types<br /> wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/x509-types/server<br /> wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/x509-types/client<br /> mv server /etc/easy-rsa/pki/x509-types/ <br /> mv client /etc/easy-rsa/pki/x509-types/<br /> <br /> 2. Configure firewall<br /> uci rename firewall.@zone[0]="lan"<br /> uci rename firewall.@zone[1]="wan"<br /> uci rename firewall.@forwarding[0]="lan_wan"<br /> uci del_list firewall.lan.device="tun0"<br /> uci add_list firewall.lan.device="tun0"<br /> uci -q delete firewall.vpn<br /> uci set firewall.ovpn="rule"<br /> uci set firewall.ovpn.name="Allow-OpenVPN"<br /> uci set firewall.ovpn.src="wan"<br /> uci set firewall.ovpn.dest_port="1194"<br /> uci set firewall.ovpn.proto="udp"<br /> uci set firewall.ovpn.target="ACCEPT"<br /> uci commit firewall<br /> /etc/init.d/firewall restart<br /> <br /> 3. Create Certificates:<br /> export EASYRSA_PKI="/etc/easy-rsa/pki" <br /> export EASYRSA_REQ_CN="ovpnca"<br /> # Remove and re-initialize the PKI directory<br /> easyrsa --batch init-pki<br /> # Generate DH parameters<br /> easyrsa --batch gen-dh<br /> # Create a new CA<br /> easyrsa --batch build-ca nopass<br /> # Generate a keypair and sign locally for a server<br /> easyrsa --batch build-server-full server nopass<br /> # Generate a keypair and sign locally for a client <br /> easyrsa --batch build-client-full client nopass<br /> <br /> 4. Configure VPN server:<br /> # Generate TLS PSK<br /> OVPN_PKI="/etc/easy-rsa/pki"<br /> openvpn --genkey --secret ${OVPN_PKI}/tc.pem<br /> <br /> # Configuration parameters<br /> OVPN_DIR="/etc/openvpn"<br /> OVPN_PKI="/etc/easy-rsa/pki"<br /> OVPN_DEV="$(uci get firewall.lan.device | sed -e "s/^.*\s//")"<br /> OVPN_PORT="$(uci get firewall.ovpn.dest_port)"<br /> OVPN_PROTO="$(uci get firewall.ovpn.proto)"<br /> OVPN_POOL="192.168.8.0 255.255.255.0"<br /> OVPN_DNS="${OVPN_POOL%.* *}.1"<br /> OVPN_DOMAIN="$(uci get dhcp.@dnsmasq[0].domain)"<br /> OVPN_DH="$(cat ${OVPN_PKI}/dh.pem)"<br /> OVPN_TC="$(sed -e "/^#/d;/^\w/N;s/\n//" ${OVPN_PKI}/tc.pem)"<br /> OVPN_CA="$(openssl x509 -in ${OVPN_PKI}/ca.crt)"<br /> NL=$'\n'<br /> <br /> # Configure VPN server<br /> umask u=rw,g=,o=<br /> grep -l -r -e "TLS Web Server Auth" "${OVPN_PKI}/issued" \<br /> | sed -e "s/^.*\///;s/\.\w*$//" \<br /> | while read -r OVPN_ID<br /> do<br /> OVPN_CERT="$(openssl x509 -in ${OVPN_PKI}/issued/${OVPN_ID}.crt)"<br /> OVPN_KEY="$(cat ${OVPN_PKI}/private/${OVPN_ID}.key)"<br /> cat << EOF > ${OVPN_DIR}/${OVPN_ID}.conf<br /> verb 3<br /> user nobody<br /> group nogroup<br /> dev ${OVPN_DEV}<br /> port ${OVPN_PORT}<br /> proto ${OVPN_PROTO}<br /> server ${OVPN_POOL}<br /> topology subnet<br /> client-to-client<br /> keepalive 10 120<br /> persist-tun<br /> persist-key<br /> push "dhcp-option DNS ${OVPN_DNS}"<br /> push "dhcp-option DOMAIN ${OVPN_DOMAIN}"<br /> push "redirect-gateway def1"<br /> push "persist-tun"<br /> push "persist-key"<br /> <dh>${NL}${OVPN_DH}${NL}</dh><br /> <tls-auth>${NL}${OVPN_TC}${NL}</tls-auth><br /> <ca>${NL}${OVPN_CA}${NL}</ca><br /> <cert>${NL}${OVPN_CERT}${NL}</cert><br /> <key>${NL}${OVPN_KEY}${NL}</key><br /> EOF<br /> done<br /> /etc/init.d/openvpn restart<br /> <br /> 5. Create client configuration file:<br /> <br /> # Fetch IP address or update to FQDN<br /> #OVPN_SERV="fqdn.myhome.com"<br /> OVPN_SERV=`wget -qO- ifconfig.co`<br /> <br /> # Configuration parameters<br /> OVPN_DIR="/etc/openvpn"<br /> OVPN_PKI="/etc/easy-rsa/pki"<br /> OVPN_DEV="$(uci get firewall.lan.device | sed -e "s/^.*\s//")"<br /> OVPN_PORT="$(uci get firewall.ovpn.dest_port)"<br /> OVPN_PROTO="$(uci get firewall.ovpn.proto)"<br /> OVPN_TC="$(sed -e "/^#/d;/^\w/N;s/\n//" ${OVPN_PKI}/tc.pem)"<br /> OVPN_CA="$(openssl x509 -in ${OVPN_PKI}/ca.crt)"<br /> NL=$'\n'<br /> <br /> # Generate VPN client profiles<br /> umask u=rw,g=,o=<br /> grep -l -r -e "TLS Web Client Auth" "${OVPN_PKI}/issued" \<br /> | sed -e "s/^.*\///;s/\.\w*$//" \<br /> | while read -r OVPN_ID<br /> do<br /> OVPN_CERT="$(openssl x509 -in ${OVPN_PKI}/issued/${OVPN_ID}.crt)"<br /> OVPN_KEY="$(cat ${OVPN_PKI}/private/${OVPN_ID}.key)"<br /> cat << EOF > ${OVPN_DIR}/${OVPN_ID}.ovpn<br /> verb 3<br /> dev ${OVPN_DEV%%[0-9]*}<br /> nobind<br /> client<br /> remote ${OVPN_SERV} ${OVPN_PORT} ${OVPN_PROTO}<br /> auth-nocache<br /> remote-cert-tls server<br /> <tls-auth>${NL}${OVPN_TC}${NL}</tls-auth><br /> <ca>${NL}${OVPN_CA}${NL}</ca><br /> <cert>${NL}${OVPN_CERT}${NL}</cert><br /> <key>${NL}${OVPN_KEY}${NL}</key><br /> EOF<br /> done<br /> ls ${OVPN_DIR}/*.ovpn</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=OpenWRT&diff=78 OpenWRT 2020-04-25T13:39:54Z

<p>Meadmin: Created page with "Install OpenVPN on OpenWRT 1. Install packages: opkg update opkg install luci-app-openvpn opkg install openvpn-openssl wget https://raw.githubusercontent.com/OpenVPN/ea..."</p> <hr /> <div>Install OpenVPN on OpenWRT<br /> <br /> 1. Install packages:<br /> opkg update<br /> opkg install luci-app-openvpn<br /> opkg install openvpn-openssl<br /> wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/easyrsa<br /> chmod 755 easyrsa<br /> mv easyrsa /usr/bin<br /> mkdir -p /etc/easy-rsa/pki/x509-types<br /> wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/x509-types/server<br /> wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/master/easyrsa3/x509-types/client<br /> mv server /etc/easy-rsa/pki/x509-types/ <br /> mv client /etc/easy-rsa/pki/x509-types/<br /> <br /> 2. Configure firewall<br /> uci rename firewall.@zone[0]="lan"<br /> uci rename firewall.@zone[1]="wan"<br /> uci rename firewall.@forwarding[0]="lan_wan"<br /> uci del_list firewall.lan.device="tun0"<br /> uci add_list firewall.lan.device="tun0"<br /> uci -q delete firewall.vpn<br /> uci set firewall.ovpn="rule"<br /> uci set firewall.ovpn.name="Allow-OpenVPN"<br /> uci set firewall.ovpn.src="wan"<br /> uci set firewall.ovpn.dest_port="1194"<br /> uci set firewall.ovpn.proto="udp"<br /> uci set firewall.ovpn.target="ACCEPT"<br /> uci commit firewall<br /> /etc/init.d/firewall restart<br /> <br /> 3. Create Certificates:<br /> export EASYRSA_PKI="/etc/easy-rsa/pki" <br /> export EASYRSA_REQ_CN="ovpnca"<br /> # Remove and re-initialize the PKI directory<br /> easyrsa --batch init-pki<br /> # Generate DH parameters<br /> easyrsa --batch gen-dh<br /> # Create a new CA<br /> easyrsa --batch build-ca nopass<br /> # Generate a keypair and sign locally for a server<br /> easyrsa --batch build-server-full server nopass<br /> # Generate a keypair and sign locally for a client <br /> easyrsa --batch build-client-full client nopass<br /> <br /> 4. Configure VPN server:<br /> # Generate TLS PSK<br /> OVPN_PKI="/etc/easy-rsa/pki"<br /> openvpn --genkey --secret ${OVPN_PKI}/tc.pem<br /> <br /> # Configuration parameters<br /> OVPN_DIR="/etc/openvpn"<br /> OVPN_PKI="/etc/easy-rsa/pki"<br /> OVPN_DEV="$(uci get firewall.lan.device | sed -e "s/^.*\s//")"<br /> OVPN_PORT="$(uci get firewall.ovpn.dest_port)"<br /> OVPN_PROTO="$(uci get firewall.ovpn.proto)"<br /> OVPN_POOL="192.168.8.0 255.255.255.0"<br /> OVPN_DNS="${OVPN_POOL%.* *}.1"<br /> OVPN_DOMAIN="$(uci get dhcp.@dnsmasq[0].domain)"<br /> OVPN_DH="$(cat ${OVPN_PKI}/dh.pem)"<br /> OVPN_TC="$(sed -e "/^#/d;/^\w/N;s/\n//" ${OVPN_PKI}/tc.pem)"<br /> OVPN_CA="$(openssl x509 -in ${OVPN_PKI}/ca.crt)"<br /> NL=$'\n'<br /> <br /> # Configure VPN server<br /> umask u=rw,g=,o=<br /> grep -l -r -e "TLS Web Server Auth" "${OVPN_PKI}/issued" \<br /> | sed -e "s/^.*\///;s/\.\w*$//" \<br /> | while read -r OVPN_ID<br /> do<br /> OVPN_CERT="$(openssl x509 -in ${OVPN_PKI}/issued/${OVPN_ID}.crt)"<br /> OVPN_KEY="$(cat ${OVPN_PKI}/private/${OVPN_ID}.key)"<br /> cat << EOF > ${OVPN_DIR}/${OVPN_ID}.conf<br /> verb 3<br /> user nobody<br /> group nogroup<br /> dev ${OVPN_DEV}<br /> port ${OVPN_PORT}<br /> proto ${OVPN_PROTO}<br /> server ${OVPN_POOL}<br /> topology subnet<br /> client-to-client<br /> keepalive 10 120<br /> persist-tun<br /> persist-key<br /> push "dhcp-option DNS ${OVPN_DNS}"<br /> push "dhcp-option DOMAIN ${OVPN_DOMAIN}"<br /> push "redirect-gateway def1"<br /> push "persist-tun"<br /> push "persist-key"<br /> <dh>${NL}${OVPN_DH}${NL}</dh><br /> <tls-auth>${NL}${OVPN_TC}${NL}</tls-auth><br /> <ca>${NL}${OVPN_CA}${NL}</ca><br /> <cert>${NL}${OVPN_CERT}${NL}</cert><br /> <key>${NL}${OVPN_KEY}${NL}</key><br /> EOF<br /> done<br /> /etc/init.d/openvpn restart<br /> <br /> 5. Create client configuration file:<br /> <br /> # Fetch IP address<br /> OVPN_SERV=`wget -qO- ifconfig.co`<br /> <br /> # Configuration parameters<br /> OVPN_DIR="/etc/openvpn"<br /> OVPN_PKI="/etc/easy-rsa/pki"<br /> OVPN_DEV="$(uci get firewall.lan.device | sed -e "s/^.*\s//")"<br /> OVPN_PORT="$(uci get firewall.ovpn.dest_port)"<br /> OVPN_PROTO="$(uci get firewall.ovpn.proto)"<br /> OVPN_TC="$(sed -e "/^#/d;/^\w/N;s/\n//" ${OVPN_PKI}/tc.pem)"<br /> OVPN_CA="$(openssl x509 -in ${OVPN_PKI}/ca.crt)"<br /> NL=$'\n'<br /> <br /> # Generate VPN client profiles<br /> umask u=rw,g=,o=<br /> grep -l -r -e "TLS Web Client Auth" "${OVPN_PKI}/issued" \<br /> | sed -e "s/^.*\///;s/\.\w*$//" \<br /> | while read -r OVPN_ID<br /> do<br /> OVPN_CERT="$(openssl x509 -in ${OVPN_PKI}/issued/${OVPN_ID}.crt)"<br /> OVPN_KEY="$(cat ${OVPN_PKI}/private/${OVPN_ID}.key)"<br /> cat << EOF > ${OVPN_DIR}/${OVPN_ID}.ovpn<br /> verb 3<br /> dev ${OVPN_DEV%%[0-9]*}<br /> nobind<br /> client<br /> remote ${OVPN_SERV} ${OVPN_PORT} ${OVPN_PROTO}<br /> auth-nocache<br /> remote-cert-tls server<br /> <tls-auth>${NL}${OVPN_TC}${NL}</tls-auth><br /> <ca>${NL}${OVPN_CA}${NL}</ca><br /> <cert>${NL}${OVPN_CERT}${NL}</cert><br /> <key>${NL}${OVPN_KEY}${NL}</key><br /> EOF<br /> done<br /> ls ${OVPN_DIR}/*.ovpn</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Main_Page&diff=77 Main Page 2020-04-25T13:23:05Z

<p>Meadmin: /* List of content */</p> <hr /> <div><br /> == List of content ==<br /> <br /> [[Windows]]<br /> <br /> [[Linux]]<br /> <br /> [[Dbs]]<br /> <br /> [[Mails]]<br /> <br /> [[Exim]]<br /> <br /> [[Dockers]]<br /> <br /> [[Kubernetes]]<br /> <br /> [[Yamls]]<br /> <br /> [[GCP]]<br /> <br /> [[OpenWRT]]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Scripts&diff=76 Scripts 2019-09-04T12:17:00Z

<p>Meadmin: </p> <hr /> <div><br /> == Flying replication ==<br /> <br /> rsync -avz 192.168.1.122:/usr/local/apache/conf/ /usr/local/apache/conf/ --delete<br /> rsync -avz 192.168.1.122:/var/named/ /var/named/ --delete<br /> rsync -avz 192.168.1.122:/usr/local/cpanel/ /usr/local/cpanel/ --delete<br /> rsync -avz 192.168.1.122:/var/cpanel/ /var/cpanel --delete<br /> <br /> for x in `cat /etc/trueuserowners|grep -v "#"|cut -d: -f1`;do /usr/local/cpanel/bin/setsiteip -u $x `hostname -i` ;done; <br /> <br /> /scripts/rebuildhttpdconf<br /> <br /> <br /> <br /> == WHM replication to clean server ==<br /> <br /> #!/bin/bash<br /> rsync -avz 192.168.1.21:/etc/apache2/conf/ /etc/httpd/conf/<br /> rsync -avz 192.168.1.21:/var/cpanel/ssl/installed/ /etc/ssl/certs/<br /> rsync -avz 192.168.1.21:/etc/apache2/conf.d/includes/ /etc/httpd/conf.d/includes/<br /> rsync -avz 192.168.1.21:/var/cpanel/ssl/cpanel/ /etc/ssl/certs/cpanel/<br /> sed -i "s/192.168.1.21/`hostname -i`/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/var\/cpanel\/ssl\/installed\//\/etc\/ssl\/certs\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/etc\/apache2\//\/etc\/httpd\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/RewriteMap LeechProtect/\#RewriteMap LeechProtect/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/Mutex file:\/run\/apache2/\#Mutex file:\/run\/apache2/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/apache2/httpd/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/var\/cpanel\/ssl\/cpanel\//\/etc\/ssl\/certs\/cpanel\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/Listen \[\:\:\]\:80/\#Listen \[\:\:\]\:80/g" /etc/httpd/conf/httpd.conf<br /> <br /> rsync -avz 192.168.1.21:/opt/cpanel/ea-php55/root/etc/php.ini /etc/<br /> rsync -avz 192.168.1.21:/etc/passwd /tmp/passwd<br /> rsync -avz 192.168.1.21:/etc/group /tmp/group<br /> <br /> var1=`cat /etc/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> var2=`cat /tmp/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> <br /> c1=`cat /etc/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> c2=`cat /tmp/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> <br /> if [ $c2 -gt $c1 ]; then<br /> newone=`comm --nocheck-order -13 <(echo $var1) <(echo $var2)`<br /> echo $newone >> /etc/passwd<br /> fi<br /> <br /> var1=`cat /etc/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> var2=`cat /tmp/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> <br /> c1=`cat /etc/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> c2=`cat /tmp/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> <br /> if [ $c2 -gt $c1 ]; then<br /> newone=`comm --nocheck-order -13 <(echo $var1) <(echo $var2)`<br /> echo $newone >> /etc/group<br /> fi<br /> <br /> == WHM replicate suphp to clean server ==<br /> <br /> scp /usr/lib64/httpd/modules/mod_suphp.so 172.18.0.6:/usr/lib64/httpd/modules/<br /> scp /etc/httpd/conf.modules.d/90-suphp.conf 172.18.0.6:/etc/httpd/conf.modules.d/<br /> scp /usr/lib64/httpd/modules/mod_suphp.so 172.18.0.6:/usr/lib64/httpd/modules/<br /> scp /usr/sbin/suphp 172.18.0.6:/usr/sbin/<br /> scp /etc/suphp.conf 172.18.0.6:/etc/<br /> scp /etc/httpd/conf.d/php.conf 172.18.0.6:/etc/httpd/conf.d/<br /> scp /etc/httpd/conf.modules.d/10-php.conf 172.18.0.6:/etc/httpd/conf.modules.d/<br /> <br /> chown root.nobody /usr/sbin/suphp<br /> chmod 4750 /usr/sbin/suphp<br /> <br /> <br /> == Sync nginx conf ==<br /> <br /> #!/bin/bash<br /> <br /> servs=(192.168.0.11 192.168.0.12 192.168.0.15 192.168.0.16 192.168.0.17 192.168.0.19 192.168.0.20 192.168.0.21 192.168.0.22 192.168.0.23 192.168.0.24 192.168.0.26 192.168.0.115 192.168.0.116 192.168.0.117 192.168.0.118 192.168.0.29 192.168.0.30)<br /> <br /> for i in "${servs[@]}"<br /> do<br /> echo $i<br /> scp nginx_conf/nginx.conf $i:/etc/nginx/<br /> scp nginx_conf/.htpasswd $i:/etc/nginx/<br /> scp -r nginx_conf/conf.d $i:/etc/nginx/<br /> ssh $i 'sed -i "s/Lxxx/`echo L\`hostname|cut -d "-" -f1|sed "s/web//"\``/g" /etc/nginx/conf.d/* && service nginx restart'<br /> done<br /> <br /> == Manage CWM auto start and stop server ==<br /> <br /> #!/bin/bash<br /> . keys.sh<br /> <br /> <br /> minservs=4<br /> maxservs=8<br /> locon=2500<br /> hicon=8000<br /> <br /> servs=($serv_01 $serv_02 $serv_03 $serv_04 $serv_05 $serv_06 $serv_07 $serv_08)<br /> onservs=0<br /> conns=0<br /> #echo ${servs[@]}<br /> <br /> for i in "${servs[@]}"<br /> do<br /> readarray -t values < <(curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" "https://console.cloudwm.com/service/server/${i}"|/root/api/jq -r '(map(values))[]') # | egrep "power|ip"<br /> #echo ${values[6]} ##power<br /> #echo ${values[14]} |sed 's/\"//g' ##ips<br /> if [ ${values[6]} == 'on' ]; then <br /> #onservs=$((onservs+1))<br /> ((onservs++))<br /> ip=$(echo ${values[14]} |tr -d \"\'\",\") ##ips<br /> curcon=$(ssh $ip "netstat -ant | grep :80 | wc -l")<br /> #echo $ip , $curcon<br /> conns=$((conns+curcon))<br /> fi<br /> #declare -p values<br /> done<br /> <br /> #echo "On servers: " $onservs<br /> #echo "Connections: " $conns<br /> <br /> mid=$((conns/onservs))<br /> #echo "mid: " $mid<br /> <br /> if [[ $mid > $hicon ]] && [[ $onservs < $maxservs ]]; then ## power on +1<br /> #echo "hi"<br /> srv=${servs[onservs]}<br /> #echo $srv<br /> curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" -X PUT -d "power=on" "https://console.cloudwm.com/service/server/${srv}/power"<br /> <br /> elif [[ $mid < $locon ]] && [[ $onservs > $minservs ]]; then ## power off -1<br /> #echo "lo" $onservs<br /> srv=${servs[onservs-1]}<br /> #echo $srv<br /> curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" -X PUT -d "power=off" "https://console.cloudwm.com/service/server/${srv}/power"<br /> fi<br /> <br /> == SQL dump ==<br /> <br /> <br /> #!/bin/bash<br /> <br /> retain=7 ## days to keep<br /> logdir="/var/www/html/sqlbackups/" ## dumps folder<br /> prename="db_Backup" ## name prefix<br /> postname=".sql.gz" ## name suffix<br /> mailaddr="eitani@gmail.com"<br /> <br /> dumpcmd="mysqldump --all-databases"<br /> date=`date +"%d%b%y"`<br /> tmst='date +%Y%m%d-%H%M%S.%N'<br /> outstr="[`$tmst`]: Dump started\n"<br /> <br /> fullname=$logdir$prename"_"$date$postname<br /> <br /> if [ -z "$logdir" ]; then<br /> outstr=$outstr"[`$tmst`]: Log directory not set\n"<br /> out=1<br /> else<br /> outstr=$outstr"[`$tmst`]: Running dump $dumpcmd | gzip -c > $fullname\n"<br /> $dumpcmd | gzip -c > $fullname<br /> out=$?<br /> fi<br /> <br /> if <nowiki>[[ $out = 0 ]]; then </nowiki><br /> outstr=$outstr"[`$tmst`]: Dump done, file: $fullname\n"<br /> outstr=$outstr"[`$tmst`]: Deleting old backups (older than $retain days) from folder: $logdir\n"<br /> outstr=$outstr"[`$tmst`]: Files to be deleted: `find $logdir -type f -mtime +$retain `\n"<br /> `find $logdir -type f -mtime +$retain -exec rm {} \;`<br /> else<br /> outstr=$outstr"[`$tmst`]: Dump failed\n"<br /> fi<br /> <br /> outstr=$outstr"[`$tmst`]: Script done\n"<br /> <br /> #echo -e $outstr<br /> <br /> mailtxt="Subject: SQLdump on webbit server\nFrom: script@webbit.web\nTo: $mailaddr\n\n$outstr"<br /> echo -e $mailtxt | sendmail -t<br /> <br /> <br /> == Check DNS zones ==<br /> <br /> #!/bin/bash<br /> <br /> iparr=()<br /> ipbad=()<br /> <br /> tempfile="/tmp/zonetempfile.db"<br /> backupdir="/root/oldzones"<br /> <br /> getzones () {<br /> zones=($(find /var/named/*.db -printf '%f\n'|sed 's/\.db//g'))<br /> #echo $zones<br /> }<br /> <br /> findoffs () {<br /> fl=$1<br /> a=()<br /> #echo "File: " $fl<br /> #cat $fl | while read line<br /> #do<br /> while read -r line<br /> do<br /> #echo "line: "$line<br /> <nowiki> if [[ "${line:0:1}" == ";" ]] && [[ $line == *"IN A"* ]] ; then</nowiki><br /> addr=$(echo $line|awk '{print $4}')<br /> #echo "adr:" $addr<br /> checkip $addr<br /> #echo done<br /> changed+=($res)<br /> fi<br /> done < <(cat $fl)<br /> #done<br /> }<br /> <br /> checkip () {<br /> ipad=$1<br /> #echo $ipad<br /> if [[ "${iparr[@]}" =~ "i${ipad}i" ]]; then<br /> #if [[ "${iparr[@]}" == "${ipad}" ]]; then<br /> #echo "Found: " $ipad<br /> return 0<br /> elif [[ "${ipbad[@]}" =~ "i${ipad}i" ]]; then<br /> #echo "found bad: " $ipad<br /> return 1<br /> else<br /> #echo "Not found: " $ipad<br /> timeout 2 ping -c 1 $addr > /dev/null<br /> res=$?<br /> ii="i"$ipad"i"<br /> if [[ $res == 0 ]]; then<br /> #echo $ii<br /> #iparr+=($ipad)<br /> iparr+=($ii)<br /> #echo "add to good: "$ii<br /> return 0<br /> else<br /> ipbad+=($ii)<br /> #echo "add to bad: "$ii ", old: "${ipbad[@]}<br /> return 1<br /> fi<br /> #echo "no"<br /> fi<br /> }<br /> <br /> parsezone () {<br /> zone=$1<br /> #echo "Zone: " $zone<br /> fname="/var/named/$1.db"<br /> #echo "Name: " $fname<br /> parsed=($(named-checkzone -q -i none -s full -D $1 /var/named/$1.db | egrep "IN SOA|IN A"))<br /> #for i in `named-checkzone -q -i none -s full -D $1 /var/named/$1.db | egrep "IN SOA|IN A"`<br /> #do<br /> # echo "u: " $i<br /> #done<br /> <br /> <br /> #echo "Parsed: " $parsed<br /> for i in ${parsed[@]}<br /> do<br /> #echo "z: " $zone "i: " $i<br /> if [[ $i == *"SOA"* ]]; then<br /> ser=$(echo $i|awk '{print $7}')<br /> #echo "Ser: " $ser<br /> elif [[ $i == *"IN A"* ]]; then<br /> host=$(echo $i|awk '{print $1}')<br /> addr=$(echo $i|awk '{print $5}')<br /> #echo "Pinging: *"$addr"*"<br /> #timeout 3 ping -c 1 $addr #> /dev/null<br /> checkip $addr<br /> res=$?<br /> let changed+=($res)<br /> if [[ $res > 0 ]]; then<br /> toblock+=($addr)<br /> fi<br /> #echo "Host: " $host "Addr: " $addr "Res: " $res<br /> fi<br /> done<br /> #echo "Block: " $toblock<br /> #echo "Parsed: " ${parsed[@]}<br /> #sers=$(echo $parsed|grep SOA|awk '{print $7}')<br /> #sers=$(echo $parsed|grep SOA)<br /> #arec=$(echo $parsed|grep "IN A")<br /> #echo "ser: " $sers<br /> #echo ${arec[@]}<br /> #for i in "${arec[@]}"<br /> #do<br /> # echo "As: " $i<br /> #done<br /> }<br /> <br /> updatezone () {<br /> uzone=$1<br /> zname=$2<br /> newser=$((ser+1))<br /> #echo "old ser" $ser<br /> #echo "new ser" $newser<br /> cp $zname /root/scripts/<br /> <br /> sed -i "s/$ser/$newser/" $zname # update serial<br /> infile=$(cat $zname)<br /> #outfile="z.z"<br /> outfile=tempfile<br /> > $outfile<br /> #echo $infile<br /> for f1 in $infile<br /> do<br /> #echo " - "$f1<br /> newline=$f1<br /> if [[ "${f1:0:1}" == ";" ]] && [[ $f1 == *"IN A"* ]] ; then<br /> fip=$(echo $f1|awk '{print $4}')<br /> #echo "add: "$fip<br /> if ! [[ "${ipbad[@]}" =~ "i${fip}i" ]]; then<br /> #echo "remove from bad" $fip<br /> newline=$(echo $f1|sed -r 's/^.{1}//')<br /> #echo "new: "$newline<br /> fi<br /> elif [[ $f1 == *"IN A"* ]]; then<br /> fip=$(echo $f1|awk '{print $4}')<br /> #echo "add: "$fip<br /> if ! [[ "${iparr[@]}" =~ "i${fip}i" ]]; then<br /> #echo "remove from good" $fip<br /> newline=";"$f1<br /> #echo "new: "$newline<br /> fi<br /> fi<br /> echo $newline >> $outfile<br /> done<br /> cat $outfile > $zname<br /> }<br /> <br /> IFS='<br /> '<br /> <br /> #zone="eye-t.co.il"<br /> getzones<br /> #echo $zones<br /> <br /> #if [ ! -d $backupdir ]; then<br /> # echo "nofolder"<br /> # mkdir $backupdir<br /> #fi<br /> <br /> curdate=$(date +"%Y%m%d-%H%M%S")<br /> <br /> #echo $curdate<br /> <br /> for zone in "${zones[@]}"<br /> do<br /> changed=0<br /> toblock=()<br /> toallow=()<br /> <br /> parsezone $zone<br /> #echo $fname<br /> findoffs $fname<br /> #echo "change: " $changed<br /> #echo "good: " ${iparr[@]}<br /> #echo "bad: " ${ipbad[@]}<br /> if [[ $changed > 0 ]]; then<br /> if [ ! -d $backupdir/$curdate ]; then<br /> mkdir $backupdir/$curdate -p<br /> fi<br /> echo "zone: " $zone "changed!!!"<br /> cp $fname $backupdir/$curdate/<br /> updatezone $zone $fname<br /> fi<br /> done<br /> <br /> <br /> <br /> == Get all CFS users ==<br /> <br /> After login, save the cookie.<br /> <br /> Get all organizations:<br /> curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/groups?size=500&sortBy=name&sortAsc=true&filter=&from="|jq -r '(map(values))[]'|grep "\"id"|cut -d"\"" -f4<br /> <br /> Get users of an organization:<br /> curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/group/$i"|jq -r '(map(values))[]'|grep "email"|cut -d"\"" -f4<br /> <br /> Get full list of all users:<br /> IFS=$'\n' ; for i in `curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/groups?size=500&sortBy=name&sortAsc=true&filter=&from="|jq -r '(map(values))[]'|grep "\"id"|cut -d"\"" -f4`; do z=$(echo $i|sed 's/ /%20/g') ; curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/group/$z"|jq -r '(map(values))[]'|grep "email"|cut -d"\"" -f4;done<br /> <br /> <br /> <br /> <br /> == Clone servers ==<br /> <br /> #!/bin/bash<br /> ########################################### README ###########################################################################<br /> ## make sure to use followin jq binary: https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 <br /> ## before running the script change, parameters in settings and copy ssh key to all haproxies<br /> ## made for web servers only , modify the function if you wish to use for different balancing modes<br /> #####################################################################################################################################<br /> <br /> while [ -z $numbers ];do<br /> <br /> read -p "How many servers you want to clone?: " numbers<br /> <br /> done<br /> <br /> cloneServer () {<br /> <br /> ################ Settings ################<br /> src="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"<br /> clientId="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"<br /> secret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"<br /> haproxy1="xxx.xxx.xx.xx"<br /> haproxy2="xxx.xxx.xxx.xx"<br /> prefix="web"<br /> domainsuff="example.com"<br /> dc="IL"<br /> cpu="1D"<br /> billing="hourly"<br /> power="on"<br /> port="80" <br /> ############### END SETTINGS #############<br /> <br /> NC='\033[0m'<br /> GREEN='\033[0;32m'<br /> YELLOW='\033[0;33m'<br /> <br /> last=$(curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" "https://api.cloudwm.com/service/servers" | jq '.[] | select( .datacenter | contains("'"${dc}"'"))' | jq '. | select( .name | startswith("'"${prefix}"'")) | .name' | cut -d'_' -f1 | grep -Eo '[0-9]{1,9}' | tail -1)<br /> <br /> name="${prefix}$((last+1)).${domainsuff}"<br /> <br /> lastname="${prefix}${last}.${domainsuff}"<br /> <br /> <br /> curl -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" -X POST -d "source=${src}&name=${name}&cpu=${cpu}&billing=${billing}&power=${power}" "https://console.clubvps.com/service/server"<br /> <br /> echo ""<br /> <br /> while [ -z "$newserverid" ] ;do<br /> <br /> newserverid=$(curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" "https://api.cloudwm.com/service/servers" | jq '.[] | select( .datacenter | contains("'"${dc}"'"))' | jq '. | select( .name | startswith("'"${name}"'")) | .id' | cut -d'"' -f2 | tail -1)<br /> <br /> sleep 5<br /> <br /> echo -e ${YELLOW}Waiting for new server named: ${GREEN}${name}${NC} ${YELLOW}to clone${NC}<br /> <br /> done<br /> <br /> newserverip=`curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" "https://api.cloudwm.com/service/server/${newserverid}" | jq '.networks[].ips[]' | cut -d'"' -f2`<br /> <br /> echo -e created new server named: ${GREEN}${name}${NC} with the ip: ${GREEN}${newserverip}${NC}<br /> <br /> echo -e ${GREEN}updating haproxies${NC}<br /> <br /> <br /> ssh root@${haproxy1} 'export '"lastname=$lastname"' && lastad=$(cat /etc/haproxy/haproxy.cfg | grep -e $lastname) && echo sed -i \"/${lastad}/a server '"${name}"' '"${newserverip}"':'"${port}"' check\" /etc/haproxy/haproxy.cfg > cmd.txt | cat cmd.txt|bash && service haproxy reload'<br /> ssh root@${haproxy1} 'export '"lastname=$lastname"' && lastad=$(cat /etc/haproxy/haproxy.cfg | grep -e $lastname) && echo sed -i \"/${lastad}/a server '"${name}"' '"${newserverip}"':'"${port}"' check\" /etc/haproxy/haproxy.cfg > cmd.txt | cat cmd.txt|bash && service haproxy reload'<br /> <br /> sleep 5<br /> echo -e ${GREEN}done${NC}<br /> <br /> <br /> <br /> }<br /> <br /> while [ $numbers -gt 0 ];<br /> do<br /> <br /> cloneServer;<br /> <br /> numbers=$(($numbers-1))<br /> <br /> done<br /> <br /> <br /> <br /> == Fix Centos 5 Repos ==<br /> <br /> rel=$(lsb_release -d | egrep -o '[0-9]\.[0-9]{1,2}')<br /> file="/etc/yum.repos.d/CentOS-Base.repo"<br /> sed -i.bak 's/mirror.centos.org\/centos\/$releasever/vault.centos.org\/'"$rel"'/g' $file<br /> sed -i 's/\#baseurl/baseurl/g' $file<br /> sed -i 's/mirror=*/\#mirrorlist=*/g' $file<br /> <br /> <br /> Long version:<br /> <br /> echo y | cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak<br /> rel=$(lsb_release -d | egrep -o '[0-9]\.[0-9]{1,2}')<br /> sed -i 's/\#baseurl=http:\/\/mirror.centos.org\/centos\/$releasever\/os\/$basearch\//baseurl=http:\/\/vault.centos.org\/'"$rel"'\/os\/$basearch/g' /etc/yum.repos.d/CentOS-Base.repo<br /> sed -i 's/\#baseurl=http:\/\/mirror.centos.org\/centos\/$releasever\/updates\/$basearch\//baseurl=http:\/\/vault.centos.org\/'"$rel"'\/updates\/$basearch/g' /etc/yum.repos.d/CentOS-Base.repo<br /> sed -i 's/\#baseurl=http:\/\/mirror.centos.org\/centos\/$releasever\/extras\/$basearch\//baseurl=http:\/\/vault.centos.org\/'"$rel"'\/extras\/$basearch/g' /etc/yum.repos.d/CentOS-Base.repo<br /> sed -i 's/\#baseurl=http:\/\/mirror.centos.org\/centos\/$releasever\/centosplus\/$basearch\//baseurl=http:\/\/vault.centos.org\/'"$rel"'\/centosplus\/$basearch/g' /etc/yum.repos.d/CentOS-Base.repo<br /> sed -i 's/\#baseurl=http:\/\/mirror.centos.org\/centos\/$releasever\/contrib\/$basearch\//baseurl=http:\/\/vault.centos.org\/'"$rel"'\/contrib\/$basearch/g' /etc/yum.repos.d/CentOS-Base.repo<br /> sed -i 's/\mirror=*/\#mirrorlist=*/g' /etc/yum.repos.d/CentOS-Base.repo<br /> <br /> <br /> == Backup cpanel backups to Gdrive ==<br /> <br /> #!/bin/bash<br /> lastb=`ls -1tr /backup/|grep "\-"|tail -1`<br /> tarb="/root/backup-${lastb}.tar"<br /> dirb="/backup/${lastb}/"<br /> <br /> bname='daily'<br /> rtn=6<br /> <br /> if [ `date '+%w'` == 0 ]; then<br /> bname='weekly'<br /> rtn=2<br /> fi<br /> <br /> if [ `date '+%d'` == 01 ]; then<br /> bname='monthly'<br /> rtn=2<br /> fi<br /> <br /> <br /> destb="/gdrive/backup/${bname}/"<br /> #echo $destb<br /> <br /> #echo $lastb<br /> #ls -l /backup/|grep $lastb<br /> tar -cf $tarb $dirb<br /> gzip $tarb<br /> #rsync -avz --progress backup-2019-08-01.tar.gz /gdrive/backup/<br /> #rsync -avz ${tarb}.gz $destb<br /> rsync -avz --progress ${tarb}.gz $destb<br /> <br /> rm -f ${tarb}.gz<br /> #date >> /root/backup.log<br /> #find /$destb -type f -mtime 4 >> /root/backup.log<br /> find $destb -type f|head -n -${rtn}|xargs rm -f<br /> sleep 3<br /> /usr/bin/rclone cleanup gdrive:</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Linux&diff=75 Linux 2019-07-31T06:53:35Z

<p>Meadmin: </p> <hr /> <div><br /> == Wordpress login attack check ==<br /> <br /> '''Crontab :'''<br /> 0 */6 * * * sh /root/wplogin.sh<br /> <br /> '''Script :'''<br /> #!/bin/bash<br /> <br /> ###start editing<br /> thold="100"<br /> btime="359m"<br /> ###stop editing<br /> <br /> egrep 'wp-login.php' /usr/local/apache/domlogs/* | grep -v ftp_log | awk -F : '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | awk -v limit="$thold" '$1 > limit{print $2}' > $$_ip_$$<br /> <br /> while IFS= read -r line<br /> do<br /> /usr/sbin/csf -td "$line" "$btime" "banned for wordpress attack"<br /> done < $$_ip_$$<br /> rm -f $$_ip_$$<br /> <br /> == Prevent OOM killer ==<br /> <br /> '''Edit file /etc/sysctl.conf'''<br /> <br /> vm.overcommit_memory = 2 <br /> vm.overcommit_ratio = 100<br /> <br /> In case of bad memory usage (php out of memory) use this settings:<br /> <br /> vm.overcommit_memory = 0<br /> vm.overcommit_ratio = 80<br /> <br /> == Who is using SWAP ==<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5<br /> <br /> Print with the process command:<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5|awk -F'/' '{cmd="cat /proc/" $3 "/cmdline"; cmd|getline var; close (cmd); printf $0 "\t"; print var}' <br /> <br /> == Plesk on CentOS 12 bind fix ==<br /> <br /> The problem was nginx was attempting to bind to port 443 before the IP was initialized.<br /> <br /> To fix edit the /etx/sysctl.conf file and add <br /> net.ipv4.ip_nonlocal_bind = 1<br /> <br /> == WHM replica ==<br /> <br /> rsync -avz 192.168.1.122:/home/ /home/ --exclude="virtfs" --exclude="\.cp*" --exclude="cpeasyapache" <br /> rsync -avz 192.168.1.122:/usr/local/apache/conf/ /usr/local/apache/conf/<br /> rsync -avz 192.168.1.122:/var/named/ /var/named/<br /> rsync -avz 192.168.1.122:/usr/local/cpanel/ /usr/local/cpanel/<br /> rsync -avz 192.168.1.122:/var/cpanel/ /var/cpanel<br /> <br /> chkconfig cpanel off<br /> chkconfig exim off<br /> chkconfig dovecot off<br /> chkconfig pure-ftpd off<br /> chkconfig named off<br /> chkconfig mysql off<br /> chkconfig csf off<br /> chkconfig iptables off<br /> <br /> hostname: /etc/sysconfig/network<br /> <br /> change shared ip - You can change it in /etc/wwwacct.conf infront of ADDR parameter.<br /> change ip - Usage: /usr/local/cpanel/bin/setsiteip [-u user | domain] ip (/etc/trueuserowners)<br /> rebuild httpd conf<br /> restart apache<br /> <br /> == Apache memory usage ==<br /> <br /> ps -ylC httpd | awk '{x += $8;y += 1} END {print "Apache Memory Usage (MB): "x/1024; print "Average Proccess Size (MB): "x/((y-1)*1024)}'<br /> <br /> <br /> == Wordpress pingback ==<br /> <br /> Nginx:<br /> <br /> # WordPress Pingback Request Denial<br /> if ($http_user_agent ~* "WordPress") {<br /> return 403;<br /> }<br /> <br /> Apache:<br /> <br /> BrowserMatchNoCase WordPress wordpress_ping<br /> BrowserMatchNoCase Wordpress wordpress_ping<br /> Order Deny,Allow<br /> Deny from env=wordpress_ping<br /> <br /> == Find big files and folders ==<br /> <br /> find / -mount -type f -print0 2>/dev/null | xargs -0 du 2>/dev/null | grep -v "virtfs" | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> find / -mount -type d -print0 2>/dev/null | xargs -0 du 2>/dev/null | grep -v "virtfs" | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> du -sh /var/cpanel/user_notifications && du -sh /backup/cpbackup/*/dirs/_var_cpanel/user_notifications<br /> <br /> == Rebuild Sophos when disk full ==<br /> <br /> /etc/init.d/postgresql92 rebuild<br /> <br /> On older versions:<br /> /var/mdw/scripts/smtp stop<br /> dropdb -U postgres smtp<br /> createdb -U postgres smtp<br /> /var/mdw/scripts/smtp start<br /> <br /> == Clear allowed networks on Sophos ==<br /> <br /> Login to the Sophos<br /> Type ‘cc’<br /> In cc, you’ll be in MAIN, if not, type ‘MAIN’<br /> Type ‘webadmin'<br /> Type ‘allowed_networks@'<br /> =['REF_NetworkAny']<br /> <br /> <br /> == Most accessed sites in the last minute ==<br /> <br /> cat <<'SCRIPT' >>/root/sitesLoad.sh<br /> <br /> #!/bin/bash<br /> <nowiki>if [[ `netstat -ntalp | grep :80 | awk '$4 ~ /:80/ {print $0;exit}' | grep -q httpd; echo $?` -ne 0 ]]; then echo "Main web server is not Apache. Exiting..."; exit 1; fi</nowiki><br /> <br /> log=/tmp/hostPop<br /> i=0<br /> find /usr/local/apache/domlogs/ -type f -mmin -1 ! -group root -exec ls -l {} \+ | awk '{print $4, $9}' | column -t>$log<br /> <br /> while read line; do<br /> ((++i))<br /> arr[$i]=$i<br /> arr[$i*1000]=$(printf "$line" | awk '{print $1}')<br /> arr[$i*1001]=$(printf "$line" | awk '{print $2}')<br /> arr[$i*1002]=$(wc -l `echo $line | awk '{print $NF}'` | cut -d' ' -f 1)<br /> done < <(cat $log)<br /> <br /> echo "Analyzing apache logs in realtime for 1 minute..."; sleep 60<br /> <br /> for (( var=1 ; var<=$i ; var++ ))<br /> do<br /> printf "${arr[$var*1000]} ${arr[$var*1001]} "<br /> echo $((`wc -l $(echo ${arr[$var*1001]}) | cut -d' ' -f 1` - ${arr[$var*1002]}));<br /> done | sed -e 's/\/usr\/local\/apache\/domlogs\///g' | sort -nrk 3 | column -t<br /> <br /> SCRIPT<br /> chmod 700 /root/sitesLoad.sh && /root/sitesLoad.sh<br /> <br /> == PHP.INI upload big files ==<br /> <br /> ini_set('upload_max_filesize', '10M');<br /> ini_set('post_max_size', '10M');<br /> ini_set('max_input_time', 300);<br /> ini_set('max_execution_time', 300);<br /> <br /> <br /> == Change permissions (chmod) to folders and files ==<br /> <br /> find . -type d -exec chmod 755 {} + <br /> find . -type f -exec chmod 644 {} + <br /> <br /> == Disable IPv6 ==<br /> <br /> For current session:<br /> echo 1 > /proc/sys/net/ipv6/conf/<interface-name>/disable_ipv6<br /> echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6<br /> <br /> Permanent:<br /> vi /etc/sysctl.conf<br /> net.ipv6.conf.all.disable_ipv6 = 1<br /> sudo sysctl -p /etc/sysctl.conf<br /> <br /> == Virtual box boot from USB ==<br /> VBoxManage internalcommands createrawvmdk -filename C:\usb.vmdk -rawdisk \\.\PhysicalDrive#<br /> <br /> <br /> == CSF GUI on ISPCONFIG 3 ==<br /> Install old CSF (before 8.13)<br /> <br /> Copy the ISPCONFIG folder to /etc/csf/ and enable CSF in ISPCONFIG<br /> <br /> Backup csfui* files<br /> <br /> Upgrade CSF<br /> <br /> Copy backuped csfui* files back<br /> <br /> Run the following commands:<br /> sed -i 's/checkip/ConfigServer::CheckIP::checkip/g' /usr/local/csf/bin/csfui.pl<br /> sed -i 's/sanity(/ConfigServer::Sanity::sanity(/g' /usr/local/csf/bin/csfui.pl<br /> <br /> <br /> == Max connections on Linux ==<br /> <br /> Add to /etc/sysctl.conf:<br /> <br /> fs.file-max = 70000<br /> net.ipv4.tcp_tw_recycle=0<br /> net.ipv4.tcp_fin_timeout = 10<br /> net.ipv4.ip_local_port_range = 15000 61000<br /> net.core.somaxconn = 1024<br /> net.core.netdev_max_backlog = 2000<br /> <br /> == CSF configuration ==<br /> <br /> ## Automated configuration:<br /> <br /> sed -i 's/TESTING = "1"/TESTING = "0"/' /etc/csf/csf.conf<br /> sed -i 's/RESTRICT_SYSLOG = "0"/RESTRICT_SYSLOG = "3"/' /etc/csf/csf.conf<br /> sed -i 's/IPV6 = "1"/IPV6 = "0"/' /etc/csf/csf.conf<br /> sed -i 's/IGNORE_ALLOW = "0"/IGNORE_ALLOW = "1"/' /etc/csf/csf.conf<br /> sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;70"/' /etc/csf/csf.conf<br /> sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;100;1,443;tcp;100;5"/' /etc/csf/csf.conf<br /> sed -i 's/CT_LIMIT = "0"/CT_LIMIT = "300"/' /etc/csf/csf.conf<br /> <br /> ## Disable LFD alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/LF_EMAIL_ALERT = "1"/LF_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SSH_EMAIL_ALERT = "1"/LF_SSH_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SU_EMAIL_ALERT = "1"/LF_SU_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_WEBMIN_EMAIL_ALERT = "1"/LF_WEBMIN_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_CONSOLE_EMAIL_ALERT = "1"/LF_CONSOLE_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LT_EMAIL_ALERT = "1"/LT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/CT_EMAIL_ALERT = "1"/CT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PS_EMAIL_ALERT = "1"/PS_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> <br /> ## Disable PT alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/PT_USERPROC = "10"/PT_USERPROC = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERMEM = "256"/PT_USERMEM = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERTIME = "1800"/PT_USERTIME = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERKILL_ALERT = "1"/PT_USERKILL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_LOAD = "30"/PT_LOAD = "0"/' /etc/csf/csf.conf<br /> <br /> <br /> == Rescan drives ==<br /> <br /> echo "- - -" > /sys/class/scsi_host/host0/scan<br /> <br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> <br /> <br /> == Find PTR owner - reversal ==<br /> <br /> dig 0.168.192.in-addr.arpa. NS<br /> <br /> <br /> == Fix locales in Ubuntu ==<br /> locale-gen en_US.UTF-8<br /> dpkg-reconfigure locales<br /> <br /> <br /> == Change permissions to all files and folders ==<br /> chown `stat -c %U .`.`stat -c %U .` * -R<br /> <br /> == Open last edited file ==<br /> less `ls -dx1tr /usr/local/cpanel/logs/cpbackup/*|tail -1`<br /> <br /> == Clear cache and swap ==<br /> echo 3 > /proc/sys/vm/drop_caches && swapoff -a && swapon -a<br /> <br /> == Disable core files in CPanel accounts ==<br /> <br /> Add this in /etc/sysctl.conf<br /> kernel.core_uses_pid = 0<br /> kernel.core_pattern = /dev/null<br /> <br /> And run:<br /> sysctl -p<br /> <br /> == Add HSTS support in CPANEL ==<br /> cp -p /var/cpanel/templates/apache2_4/ssl_vhost.default /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> vi /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> <br /> Edit:<br /> <VirtualHost[% FOREACH ipblock IN vhost.ips %] [% ipblock.ip %]:[% ipblock.port %][% END %]><br /> # Enable HTTP Strict Transport Security<br /> Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"<br /> <br /> cp -p /var/cpanel/templates/apache2_4/main.default /var/cpanel/templates/apache2_4/main.local<br /> vi /var/cpanel/templates/apache2_4/main.local<br /> <br /> Edit:<br /> [% IF main.sslprotocol.item.sslprotocol.length %]SSLProtocol [% main.sslprotocol.item.sslprotocol %][% END %]<br /> SSLHonorCipherOrder on<br /> <br /> Run:<br /> /scripts/rebuildhttpdconf<br /> service httpd restart<br /> <br /> <br /> == Install mod_pagespeed on WHM ==<br /> <br /> With EA3:<br /> /usr/local/cpanel/3rdparty/bin/git clone https://github.com/pagespeed/cpanel.git /tmp/pagespeed/<br /> cd /tmp/pagespeed/Easy<br /> tar -zcvf Speed.pm.tar.gz pagespeed<br /> mkdir -p /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy<br /> mv Speed.pm Speed.pm.tar.gz -t /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy/<br /> cd && rm -rf /tmp/pagespeed<br /> <br /> With EA4:<br /> <br /> Create file /etc/rpm/macros.apache2 and add the following lines of code exactly as below<br /> %_httpd_mmn 20120211x8664<br /> %_httpd_apxs /usr/bin/apxs<br /> %_httpd_dir /etc/apache2<br /> %_httpd_bindir %{_httpd_dir}/bin<br /> %_httpd_modconfdir %{_httpd_dir}/conf.modules.d<br /> %_httpd_confdir %{_httpd_dir}/conf.d<br /> %_httpd_contentdir /usr/share/apache2<br /> %_httpd_moddir /usr/lib64/apache2/modules<br /> <br /> Next run the following commands in order, make sure you run each command on it’s own<br /> rm -rf /root/rpmbuild/RPMS/x86_64/<br /> wget https://github.com/pagespeed/cpanel/raw/master/EA4/ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpmbuild --rebuild ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpm -Uvh /root/rpmbuild/RPMS/x86_64/ea-apache24-mod_pagespeed*.rpm<br /> /etc/init.d/httpd restart<br /> <br /> <br /> == Resize root partition without reboot ==<br /> <br /> Resize HD size in VC<br /> Run: (replace the device if needed)<br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> run fdisk:<br /> print the old partition and save the output<br /> delete the root partition<br /> create a new partition using the SAME start block and make sure that the end block is higher than previous one (enter, enter, enter…)<br /> write changes (ignore error)<br /> run:<br /> partx -u /dev/sda<br /> resize2fs -f /dev/sda3<br /> Make sure everything is OK:<br /> df -h<br /> <br /> <br /> == Delete files with a large file list - Argument list too long ==<br /> find . -name '*'|xargs rm<br /> <br /> <br /> == Show all domains in NGINX configuration ==<br /> <br /> grep -e "^\s*server_name" /etc/nginx/conf.d/*|sed -e 's/[\t ]*server_name//g;'|sed -e "s/ /\+/g"|sed -e 's/;//g'|while read line; do for i in $line; do echo -n "$i "|sed -e 's/://' -e 's/\+/\n |--/g'; done ;echo; done; echo<br /> <br /> <br /> == Kill process that runs more than X time ==<br /> <br /> Kill cgi after 30 secs:<br /> for i in `ps -eo pid,etime,cmd|grep cgi|awk '$2 > "00:30" {print $1}'`; do kill $i; done<br /> <br /> <br /> == Unblock Invalid packets in CSF ==<br /> # Drop out of order packets and packets in an INVALID state in iptables<br /> # connection tracking<br /> PACKET_FILTER = "0"<br /> <br /> <br /> == Who uses RAM ==<br /> <br /> ps aux | awk '{print $6/1024 " MB\t\t" $11}' | sort -n<br /> <br /> <br /> <br /> == Fix WHM/CPanel templates ==<br /> <br /> cp /usr/local/apache/conf/httpd.conf{,.cptech-`date +%Y%m%d`}<br /> mv /var/cpanel/templates/apache2_4/vhost.local /var/cpanel/templates/apache2_4/vhost.local.bak<br /> mv /var/cpanel/templates/apache2_4/ssl_vhost.local /var/cpanel/templates/apache2_4/ssl_vhost.local.bak<br /> /scripts/rebuildhttpdconf<br /> /scripts/restartsrv_httpd<br /> <br /> <br /> <br /> == Fix NFS mount on boot - Centos 7 ==<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-idmap.service<br /> [Install]<br /> WantedBy=multi-user.target<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-lock.service<br /> [Install]<br /> WantedBy=nfs.target<br /> <br /> Enable related services<br /> <br /> systemctl enable nfs-idmapd.service <br /> systemctl enable rpc-statd.service <br /> systemctl enable rpcbind.socket<br /> <br /> Reboot the server<br /> <br /> <br /> == Login to WHM with link ==<br /> <br /> whmapi1 create_user_session user=root service=whostmgrd locale=en<br /> <br /> <br /> <br /> == Update date and time on Linux server ==<br /> <br /> sudo ntpd -qg; sudo hwclock -w<br /> <br /> <br /> == Clone Linux user ==<br /> <br /> #!/bin/bash<br /> SRC=$1<br /> DEST=$2<br /> <br /> SRC_GROUPS=$(id -Gn ${SRC} | sed "s/${SRC} //g" | sed "s/ ${SRC}//g" | sed "s/ /,/g")<br /> SRC_SHELL=$(awk -F : -v name=${SRC} '(name == $1) { print $7 }' /etc/passwd)<br /> <br /> useradd --groups ${SRC_GROUPS} --shell ${SRC_SHELL} --create-home ${DEST}<br /> passwd ${DEST}<br /> <br /> <br /> == Reload VM after UUID change ==<br /> <br /> vim-cmd vmsvc/getallvms<br /> vim-cmd vmsvc/reload $vmID<br /> <br /> <br /> == Size of suspended accounts in WHM ==<br /> for i in `whmapi1 listsuspended|grep user|cut -d: -f2`; do echo "Suspended account: $i - using" `whmapi1 listaccts search=$i searchtype=user|grep diskused|cut -d: -f2`; done<br /> <br /> <br /> == Clear BOOT on Ubuntu when 100% ==<br /> dpkg --purge `dpkg --list|grep "linux-"|grep -v \`uname -r|sed 's/-generic//g'\`|cut -d" " -f3|grep "[0-9]-"|paste -sd " " -`<br /> <br /> <br /> == One-time login to wordpress ==<br /> <br /> Install wp cli:<br /> <br /> curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar<br /> chmod +x wp-cli.phar<br /> mv wp-cli.phar /usr/local/bin/wp<br /> <br /> Run from the WordPress installed location:<br /> <br /> useradmin=`wp user list --role=administrator --format=csv --allow-root | cut -d',' -f2 | head -2 | tail -1` && wp plugin install one-time-login --activate --allow-root && wp user one-time-login $useradmin --allow-root && user=$(stat -c "%U" `pwd`) && chown $user.$user wp-content/ -R<br /> <br /> <br /> == Cpanel resources consumption history per user ==<br /> <nowiki>OUT=$(/usr/local/cpanel/bin/dcpumonview | grep -v Top | sed -e 's#<[^>]*># #g' | while read i ; do NF=`echo $i | awk {'print NF'}` ; if [[ "$NF" == "5" ]] ; then USER=`echo $i | awk {'print $1'}`; OWNER=`grep -e "^OWNER=" /var/cpanel/users/$USER | cut -d= -f2` ; echo "$OWNER $i"; fi ; done) ; (echo "USER CPU" ; echo "$OUT" | sort -nrk4 | awk '{printf "%s %s%\n",$2,$4}' | head -5) | column -t ;echo;(echo -e "USER MEMORY" ; echo "$OUT" | sort -nrk5 | awk '{printf "%s %s%\n",$2,$5}' | head -5) | column -t ;echo;(echo -e "USER MYSQL" ; echo "$OUT" | sort -nrk6 | awk '{printf "%s %s%\n",$2,$6}' | head -5) | column -t ; </nowiki><br /> <br /> <br /> == Engintron generate custom_rules for all domains on the server. ==<br /> ip=`hostname -i` && for domain in `httpd -S | grep www. | awk -F 'www.' '{print $2}'`;do printf "if ( \$host ~ \"%s\") {set \$PROXY_DOMAIN_OR_IP \"$ip\";}\n" $domain ;done >> /etc/nginx/custom_rules && service nginx reload<br /> <br /> <br /> == Fix Installatron - error 500 or missing list/install ==<br /> /usr/local/installatron/repair -f --release --quick<br /> [https://installatron.com/docs/admin/troubleshooting#missinginstalls Installatron FIX]<br /> <br /> <br /> == Find root of a site and CD to it ==<br /> <br /> Replace domain.com with desired domain<br /> cd `grep "domain.com" /etc/apache2/conf/httpd.conf -A7|grep Root|head -1|awk '{print $2}'`<br /> <br /> <br /> == Generate CSR with OPENSSL ==<br /> <br /> Generate key:<br /> openssl genrsa -out private.key 2048<br /> <br /> Gemnerate CSR:<br /> openssl req -new -sha256 -key private.key -out mycsr.csr<br /> <br /> <br /> == PHP disable functions hardening ==<br /> <br /> disable_functions = "allow_url_fopen, apache_child_terminate, apache_setenv, base64_decode, chgrp, chmod, define_syslog_variables, dl, egy_perl, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftok, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, ini_set, inject_code, leak, link, mysql_pconnect, openlog, passthru, pclose, pcntl_exec, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, php_eval, phpinfo, php_uname, popen, posix_access, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_get_last_error, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix_getppid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_kill, posix_mkfifo, posix_mknod, posix_satty, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_strerror, posix_tims, posix_ttyname, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, putenv, readlink, root, safe_dir, set_time_limit, shell_exec, show_source, symlink, syslog, system, wscript, xmlrpc_entity_decode"<br /> <br /> <br /> == Mount Google Drive on Linux ==<br /> <br /> Install rclone:<br /> yum install rclone<br /> <br /> Config rclone: (select Google Drive and all other leave default)<br /> rclone config<br /> <br /> Browser will be opened on finish, auth with your account and then mount the drive:<br /> rclone mount gdrive: /gdrive/ &<br /> <br /> Use SSH tunneling for auth if running on Linux server (without GUI)<br /> <br /> <br /> == Links ==<br /> Installing Redis: [https://troubleshootguru.wordpress.com/2014/11/19/how-to-install-redis-on-a-centos-6-5-centos-7-0-server-2/] [https://www.fastcomet.com/community/question/wordpress-caching-with-redis-centos-cpanel/] [https://nixtree.com/blog/install-redis-daemon-and-redis-php-extention-on-centosrhelcpanel/]<br /> <br /> Windows images [http://torrent-win.net/windows_original/]<br /> <br /> Github: [https://github.com/romanost Github]<br /> <br /> Arista: [https://www.arista.com/assets/data/docs/Manuals/EOS-4.17.0F-Manual.pdf Manual] [https://www.arista.com/en/um-eos/eos-section-3-10-command-line-interface-commands CLI]<br /> <br /> VMware converter old version [http://soft.assenov.net/software/index.php?dir=VMWare/ Link]<br /> <br /> GEOip on EA4 [https://grepitout.com/install-mod_geoip-cpanel-easyapache-4/ link]<br /> <br /> PHP Malware finder [https://github.com/nbs-system/php-malware-finder link]<br /> <br /> Ahsay on QNAP patch [http://wiki.ahsay.com/doku.php?id=public:5356_no_suitable_python_found_for_arm-x41_installation_issue_on_qnap link]<br /> <br /> Kubernetes cheat sheet [https://linuxacademy.com/blog/containers/kubernetes-cheat-sheet/ link]<br /> <br /> Kubernetes Essentials [https://medium.com/devopslinks/kubernetes-essentials-282ac9951542 link]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=GCP&diff=74 GCP 2019-07-21T10:35:02Z

<p>Meadmin: </p> <hr /> <div><br /> == Install GCloud on Cygwin / MobaXterm ==<br /> <br /> curl https://sdk.cloud.google.com | bash<br /> <br /> <br /> == Get all instances from all projects ==<br /> <br /> for i in `gcloud projects list --format json|jq '.[].projectId'|xargs`; do gcloud compute instances list --project=$i --format="csv[no-heading](name,machineType,cpuPlatform)"|sed "s/^/$i,/"; done</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Main_Page&diff=73 Main Page 2019-07-21T10:34:29Z

<p>Meadmin: /* List of content */</p> <hr /> <div><br /> == List of content ==<br /> <br /> [[Windows]]<br /> <br /> [[Linux]]<br /> <br /> [[Dbs]]<br /> <br /> [[Mails]]<br /> <br /> [[Exim]]<br /> <br /> [[Dockers]]<br /> <br /> [[Kubernetes]]<br /> <br /> [[Yamls]]<br /> <br /> [[GCP]]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=GCP&diff=72 GCP 2019-07-21T09:26:28Z

<p>Meadmin: /* Get all instances from all projects */</p> <hr /> <div><br /> == Get all instances from all projects ==<br /> <br /> for i in `gcloud projects list --format json|jq '.[].projectId'|xargs`; do gcloud compute instances list --project=$i --format="csv[no-heading](name,machineType,cpuPlatform)"|sed "s/^/$i,/"; done</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=GCP&diff=71 GCP 2019-07-21T09:26:19Z

<p>Meadmin: Created page with " == Get all instances from all projects == for i in `gcloud projects list --format json|jq '.[].projectId'|xargs`; do gcloud compute instances list --project=$i --format="csv..."</p> <hr /> <div><br /> == Get all instances from all projects ==<br /> <br /> for i in `gcloud projects list --format json|jq '.[].projectId'|xargs`; do gcloud compute instances list --project=$i --format="csv[no-heading](name,machineType,cpuPlatform)"|sed "s/^/$i,/"; done</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Linux&diff=70 Linux 2019-06-19T08:08:08Z

<p>Meadmin: </p> <hr /> <div><br /> == Wordpress login attack check ==<br /> <br /> '''Crontab :'''<br /> 0 */6 * * * sh /root/wplogin.sh<br /> <br /> '''Script :'''<br /> #!/bin/bash<br /> <br /> ###start editing<br /> thold="100"<br /> btime="359m"<br /> ###stop editing<br /> <br /> egrep 'wp-login.php' /usr/local/apache/domlogs/* | grep -v ftp_log | awk -F : '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | awk -v limit="$thold" '$1 > limit{print $2}' > $$_ip_$$<br /> <br /> while IFS= read -r line<br /> do<br /> /usr/sbin/csf -td "$line" "$btime" "banned for wordpress attack"<br /> done < $$_ip_$$<br /> rm -f $$_ip_$$<br /> <br /> == Prevent OOM killer ==<br /> <br /> '''Edit file /etc/sysctl.conf'''<br /> <br /> vm.overcommit_memory = 2 <br /> vm.overcommit_ratio = 100<br /> <br /> In case of bad memory usage (php out of memory) use this settings:<br /> <br /> vm.overcommit_memory = 0<br /> vm.overcommit_ratio = 80<br /> <br /> == Who is using SWAP ==<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5<br /> <br /> Print with the process command:<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5|awk -F'/' '{cmd="cat /proc/" $3 "/cmdline"; cmd|getline var; close (cmd); printf $0 "\t"; print var}' <br /> <br /> == Plesk on CentOS 12 bind fix ==<br /> <br /> The problem was nginx was attempting to bind to port 443 before the IP was initialized.<br /> <br /> To fix edit the /etx/sysctl.conf file and add <br /> net.ipv4.ip_nonlocal_bind = 1<br /> <br /> == WHM replica ==<br /> <br /> rsync -avz 192.168.1.122:/home/ /home/ --exclude="virtfs" --exclude="\.cp*" --exclude="cpeasyapache" <br /> rsync -avz 192.168.1.122:/usr/local/apache/conf/ /usr/local/apache/conf/<br /> rsync -avz 192.168.1.122:/var/named/ /var/named/<br /> rsync -avz 192.168.1.122:/usr/local/cpanel/ /usr/local/cpanel/<br /> rsync -avz 192.168.1.122:/var/cpanel/ /var/cpanel<br /> <br /> chkconfig cpanel off<br /> chkconfig exim off<br /> chkconfig dovecot off<br /> chkconfig pure-ftpd off<br /> chkconfig named off<br /> chkconfig mysql off<br /> chkconfig csf off<br /> chkconfig iptables off<br /> <br /> hostname: /etc/sysconfig/network<br /> <br /> change shared ip - You can change it in /etc/wwwacct.conf infront of ADDR parameter.<br /> change ip - Usage: /usr/local/cpanel/bin/setsiteip [-u user | domain] ip (/etc/trueuserowners)<br /> rebuild httpd conf<br /> restart apache<br /> <br /> == Apache memory usage ==<br /> <br /> ps -ylC httpd | awk '{x += $8;y += 1} END {print "Apache Memory Usage (MB): "x/1024; print "Average Proccess Size (MB): "x/((y-1)*1024)}'<br /> <br /> <br /> == Wordpress pingback ==<br /> <br /> Nginx:<br /> <br /> # WordPress Pingback Request Denial<br /> if ($http_user_agent ~* "WordPress") {<br /> return 403;<br /> }<br /> <br /> Apache:<br /> <br /> BrowserMatchNoCase WordPress wordpress_ping<br /> BrowserMatchNoCase Wordpress wordpress_ping<br /> Order Deny,Allow<br /> Deny from env=wordpress_ping<br /> <br /> == Find big files and folders ==<br /> <br /> find / -mount -type f -print0 2>/dev/null | xargs -0 du 2>/dev/null | grep -v "virtfs" | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> find / -mount -type d -print0 2>/dev/null | xargs -0 du 2>/dev/null | grep -v "virtfs" | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> du -sh /var/cpanel/user_notifications && du -sh /backup/cpbackup/*/dirs/_var_cpanel/user_notifications<br /> <br /> == Rebuild Sophos when disk full ==<br /> <br /> /etc/init.d/postgresql92 rebuild<br /> <br /> On older versions:<br /> /var/mdw/scripts/smtp stop<br /> dropdb -U postgres smtp<br /> createdb -U postgres smtp<br /> /var/mdw/scripts/smtp start<br /> <br /> == Clear allowed networks on Sophos ==<br /> <br /> Login to the Sophos<br /> Type ‘cc’<br /> In cc, you’ll be in MAIN, if not, type ‘MAIN’<br /> Type ‘webadmin'<br /> Type ‘allowed_networks@'<br /> =['REF_NetworkAny']<br /> <br /> <br /> == Most accessed sites in the last minute ==<br /> <br /> cat <<'SCRIPT' >>/root/sitesLoad.sh<br /> <br /> #!/bin/bash<br /> <nowiki>if [[ `netstat -ntalp | grep :80 | awk '$4 ~ /:80/ {print $0;exit}' | grep -q httpd; echo $?` -ne 0 ]]; then echo "Main web server is not Apache. Exiting..."; exit 1; fi</nowiki><br /> <br /> log=/tmp/hostPop<br /> i=0<br /> find /usr/local/apache/domlogs/ -type f -mmin -1 ! -group root -exec ls -l {} \+ | awk '{print $4, $9}' | column -t>$log<br /> <br /> while read line; do<br /> ((++i))<br /> arr[$i]=$i<br /> arr[$i*1000]=$(printf "$line" | awk '{print $1}')<br /> arr[$i*1001]=$(printf "$line" | awk '{print $2}')<br /> arr[$i*1002]=$(wc -l `echo $line | awk '{print $NF}'` | cut -d' ' -f 1)<br /> done < <(cat $log)<br /> <br /> echo "Analyzing apache logs in realtime for 1 minute..."; sleep 60<br /> <br /> for (( var=1 ; var<=$i ; var++ ))<br /> do<br /> printf "${arr[$var*1000]} ${arr[$var*1001]} "<br /> echo $((`wc -l $(echo ${arr[$var*1001]}) | cut -d' ' -f 1` - ${arr[$var*1002]}));<br /> done | sed -e 's/\/usr\/local\/apache\/domlogs\///g' | sort -nrk 3 | column -t<br /> <br /> SCRIPT<br /> chmod 700 /root/sitesLoad.sh && /root/sitesLoad.sh<br /> <br /> == PHP.INI upload big files ==<br /> <br /> ini_set('upload_max_filesize', '10M');<br /> ini_set('post_max_size', '10M');<br /> ini_set('max_input_time', 300);<br /> ini_set('max_execution_time', 300);<br /> <br /> <br /> == Change permissions (chmod) to folders and files ==<br /> <br /> find . -type d -exec chmod 755 {} + <br /> find . -type f -exec chmod 644 {} + <br /> <br /> == Disable IPv6 ==<br /> <br /> For current session:<br /> echo 1 > /proc/sys/net/ipv6/conf/<interface-name>/disable_ipv6<br /> echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6<br /> <br /> Permanent:<br /> vi /etc/sysctl.conf<br /> net.ipv6.conf.all.disable_ipv6 = 1<br /> sudo sysctl -p /etc/sysctl.conf<br /> <br /> == Virtual box boot from USB ==<br /> VBoxManage internalcommands createrawvmdk -filename C:\usb.vmdk -rawdisk \\.\PhysicalDrive#<br /> <br /> <br /> == CSF GUI on ISPCONFIG 3 ==<br /> Install old CSF (before 8.13)<br /> <br /> Copy the ISPCONFIG folder to /etc/csf/ and enable CSF in ISPCONFIG<br /> <br /> Backup csfui* files<br /> <br /> Upgrade CSF<br /> <br /> Copy backuped csfui* files back<br /> <br /> Run the following commands:<br /> sed -i 's/checkip/ConfigServer::CheckIP::checkip/g' /usr/local/csf/bin/csfui.pl<br /> sed -i 's/sanity(/ConfigServer::Sanity::sanity(/g' /usr/local/csf/bin/csfui.pl<br /> <br /> <br /> == Max connections on Linux ==<br /> <br /> Add to /etc/sysctl.conf:<br /> <br /> fs.file-max = 70000<br /> net.ipv4.tcp_tw_recycle=0<br /> net.ipv4.tcp_fin_timeout = 10<br /> net.ipv4.ip_local_port_range = 15000 61000<br /> net.core.somaxconn = 1024<br /> net.core.netdev_max_backlog = 2000<br /> <br /> == CSF configuration ==<br /> <br /> ## Automated configuration:<br /> <br /> sed -i 's/TESTING = "1"/TESTING = "0"/' /etc/csf/csf.conf<br /> sed -i 's/RESTRICT_SYSLOG = "0"/RESTRICT_SYSLOG = "3"/' /etc/csf/csf.conf<br /> sed -i 's/IPV6 = "1"/IPV6 = "0"/' /etc/csf/csf.conf<br /> sed -i 's/IGNORE_ALLOW = "0"/IGNORE_ALLOW = "1"/' /etc/csf/csf.conf<br /> sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;70"/' /etc/csf/csf.conf<br /> sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;100;1,443;tcp;100;5"/' /etc/csf/csf.conf<br /> sed -i 's/CT_LIMIT = "0"/CT_LIMIT = "300"/' /etc/csf/csf.conf<br /> <br /> ## Disable LFD alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/LF_EMAIL_ALERT = "1"/LF_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SSH_EMAIL_ALERT = "1"/LF_SSH_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SU_EMAIL_ALERT = "1"/LF_SU_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_WEBMIN_EMAIL_ALERT = "1"/LF_WEBMIN_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_CONSOLE_EMAIL_ALERT = "1"/LF_CONSOLE_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LT_EMAIL_ALERT = "1"/LT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/CT_EMAIL_ALERT = "1"/CT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PS_EMAIL_ALERT = "1"/PS_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> <br /> ## Disable PT alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/PT_USERPROC = "10"/PT_USERPROC = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERMEM = "256"/PT_USERMEM = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERTIME = "1800"/PT_USERTIME = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERKILL_ALERT = "1"/PT_USERKILL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_LOAD = "30"/PT_LOAD = "0"/' /etc/csf/csf.conf<br /> <br /> <br /> == Rescan drives ==<br /> <br /> echo "- - -" > /sys/class/scsi_host/host0/scan<br /> <br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> <br /> <br /> == Find PTR owner - reversal ==<br /> <br /> dig 0.168.192.in-addr.arpa. NS<br /> <br /> <br /> == Fix locales in Ubuntu ==<br /> locale-gen en_US.UTF-8<br /> dpkg-reconfigure locales<br /> <br /> <br /> == Change permissions to all files and folders ==<br /> chown `stat -c %U .`.`stat -c %U .` * -R<br /> <br /> == Open last edited file ==<br /> less `ls -dx1tr /usr/local/cpanel/logs/cpbackup/*|tail -1`<br /> <br /> == Clear cache and swap ==<br /> echo 3 > /proc/sys/vm/drop_caches && swapoff -a && swapon -a<br /> <br /> == Disable core files in CPanel accounts ==<br /> <br /> Add this in /etc/sysctl.conf<br /> kernel.core_uses_pid = 0<br /> kernel.core_pattern = /dev/null<br /> <br /> And run:<br /> sysctl -p<br /> <br /> == Add HSTS support in CPANEL ==<br /> cp -p /var/cpanel/templates/apache2_4/ssl_vhost.default /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> vi /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> <br /> Edit:<br /> <VirtualHost[% FOREACH ipblock IN vhost.ips %] [% ipblock.ip %]:[% ipblock.port %][% END %]><br /> # Enable HTTP Strict Transport Security<br /> Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"<br /> <br /> cp -p /var/cpanel/templates/apache2_4/main.default /var/cpanel/templates/apache2_4/main.local<br /> vi /var/cpanel/templates/apache2_4/main.local<br /> <br /> Edit:<br /> [% IF main.sslprotocol.item.sslprotocol.length %]SSLProtocol [% main.sslprotocol.item.sslprotocol %][% END %]<br /> SSLHonorCipherOrder on<br /> <br /> Run:<br /> /scripts/rebuildhttpdconf<br /> service httpd restart<br /> <br /> <br /> == Install mod_pagespeed on WHM ==<br /> <br /> With EA3:<br /> /usr/local/cpanel/3rdparty/bin/git clone https://github.com/pagespeed/cpanel.git /tmp/pagespeed/<br /> cd /tmp/pagespeed/Easy<br /> tar -zcvf Speed.pm.tar.gz pagespeed<br /> mkdir -p /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy<br /> mv Speed.pm Speed.pm.tar.gz -t /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy/<br /> cd && rm -rf /tmp/pagespeed<br /> <br /> With EA4:<br /> <br /> Create file /etc/rpm/macros.apache2 and add the following lines of code exactly as below<br /> %_httpd_mmn 20120211x8664<br /> %_httpd_apxs /usr/bin/apxs<br /> %_httpd_dir /etc/apache2<br /> %_httpd_bindir %{_httpd_dir}/bin<br /> %_httpd_modconfdir %{_httpd_dir}/conf.modules.d<br /> %_httpd_confdir %{_httpd_dir}/conf.d<br /> %_httpd_contentdir /usr/share/apache2<br /> %_httpd_moddir /usr/lib64/apache2/modules<br /> <br /> Next run the following commands in order, make sure you run each command on it’s own<br /> rm -rf /root/rpmbuild/RPMS/x86_64/<br /> wget https://github.com/pagespeed/cpanel/raw/master/EA4/ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpmbuild --rebuild ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpm -Uvh /root/rpmbuild/RPMS/x86_64/ea-apache24-mod_pagespeed*.rpm<br /> /etc/init.d/httpd restart<br /> <br /> <br /> == Resize root partition without reboot ==<br /> <br /> Resize HD size in VC<br /> Run: (replace the device if needed)<br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> run fdisk:<br /> print the old partition and save the output<br /> delete the root partition<br /> create a new partition using the SAME start block and make sure that the end block is higher than previous one (enter, enter, enter…)<br /> write changes (ignore error)<br /> run:<br /> partx -u /dev/sda<br /> resize2fs -f /dev/sda3<br /> Make sure everything is OK:<br /> df -h<br /> <br /> <br /> == Delete files with a large file list - Argument list too long ==<br /> find . -name '*'|xargs rm<br /> <br /> <br /> == Show all domains in NGINX configuration ==<br /> <br /> grep -e "^\s*server_name" /etc/nginx/conf.d/*|sed -e 's/[\t ]*server_name//g;'|sed -e "s/ /\+/g"|sed -e 's/;//g'|while read line; do for i in $line; do echo -n "$i "|sed -e 's/://' -e 's/\+/\n |--/g'; done ;echo; done; echo<br /> <br /> <br /> == Kill process that runs more than X time ==<br /> <br /> Kill cgi after 30 secs:<br /> for i in `ps -eo pid,etime,cmd|grep cgi|awk '$2 > "00:30" {print $1}'`; do kill $i; done<br /> <br /> <br /> == Unblock Invalid packets in CSF ==<br /> # Drop out of order packets and packets in an INVALID state in iptables<br /> # connection tracking<br /> PACKET_FILTER = "0"<br /> <br /> <br /> == Who uses RAM ==<br /> <br /> ps aux | awk '{print $6/1024 " MB\t\t" $11}' | sort -n<br /> <br /> <br /> <br /> == Fix WHM/CPanel templates ==<br /> <br /> cp /usr/local/apache/conf/httpd.conf{,.cptech-`date +%Y%m%d`}<br /> mv /var/cpanel/templates/apache2_4/vhost.local /var/cpanel/templates/apache2_4/vhost.local.bak<br /> mv /var/cpanel/templates/apache2_4/ssl_vhost.local /var/cpanel/templates/apache2_4/ssl_vhost.local.bak<br /> /scripts/rebuildhttpdconf<br /> /scripts/restartsrv_httpd<br /> <br /> <br /> <br /> == Fix NFS mount on boot - Centos 7 ==<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-idmap.service<br /> [Install]<br /> WantedBy=multi-user.target<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-lock.service<br /> [Install]<br /> WantedBy=nfs.target<br /> <br /> Enable related services<br /> <br /> systemctl enable nfs-idmapd.service <br /> systemctl enable rpc-statd.service <br /> systemctl enable rpcbind.socket<br /> <br /> Reboot the server<br /> <br /> <br /> == Login to WHM with link ==<br /> <br /> whmapi1 create_user_session user=root service=whostmgrd locale=en<br /> <br /> <br /> <br /> == Update date and time on Linux server ==<br /> <br /> sudo ntpd -qg; sudo hwclock -w<br /> <br /> <br /> == Clone Linux user ==<br /> <br /> #!/bin/bash<br /> SRC=$1<br /> DEST=$2<br /> <br /> SRC_GROUPS=$(id -Gn ${SRC} | sed "s/${SRC} //g" | sed "s/ ${SRC}//g" | sed "s/ /,/g")<br /> SRC_SHELL=$(awk -F : -v name=${SRC} '(name == $1) { print $7 }' /etc/passwd)<br /> <br /> useradd --groups ${SRC_GROUPS} --shell ${SRC_SHELL} --create-home ${DEST}<br /> passwd ${DEST}<br /> <br /> <br /> == Reload VM after UUID change ==<br /> <br /> vim-cmd vmsvc/getallvms<br /> vim-cmd vmsvc/reload $vmID<br /> <br /> <br /> == Size of suspended accounts in WHM ==<br /> for i in `whmapi1 listsuspended|grep user|cut -d: -f2`; do echo "Suspended account: $i - using" `whmapi1 listaccts search=$i searchtype=user|grep diskused|cut -d: -f2`; done<br /> <br /> <br /> == Clear BOOT on Ubuntu when 100% ==<br /> dpkg --purge `dpkg --list|grep "linux-"|grep -v \`uname -r|sed 's/-generic//g'\`|cut -d" " -f3|grep "[0-9]-"|paste -sd " " -`<br /> <br /> <br /> == One-time login to wordpress ==<br /> <br /> Install wp cli:<br /> <br /> curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar<br /> chmod +x wp-cli.phar<br /> mv wp-cli.phar /usr/local/bin/wp<br /> <br /> Run from the WordPress installed location:<br /> <br /> useradmin=`wp user list --role=administrator --format=csv --allow-root | cut -d',' -f2 | head -2 | tail -1` && wp plugin install one-time-login --activate --allow-root && wp user one-time-login $useradmin --allow-root && user=$(stat -c "%U" `pwd`) && chown $user.$user wp-content/ -R<br /> <br /> <br /> == Cpanel resources consumption history per user ==<br /> <nowiki>OUT=$(/usr/local/cpanel/bin/dcpumonview | grep -v Top | sed -e 's#<[^>]*># #g' | while read i ; do NF=`echo $i | awk {'print NF'}` ; if [[ "$NF" == "5" ]] ; then USER=`echo $i | awk {'print $1'}`; OWNER=`grep -e "^OWNER=" /var/cpanel/users/$USER | cut -d= -f2` ; echo "$OWNER $i"; fi ; done) ; (echo "USER CPU" ; echo "$OUT" | sort -nrk4 | awk '{printf "%s %s%\n",$2,$4}' | head -5) | column -t ;echo;(echo -e "USER MEMORY" ; echo "$OUT" | sort -nrk5 | awk '{printf "%s %s%\n",$2,$5}' | head -5) | column -t ;echo;(echo -e "USER MYSQL" ; echo "$OUT" | sort -nrk6 | awk '{printf "%s %s%\n",$2,$6}' | head -5) | column -t ; </nowiki><br /> <br /> <br /> == Engintron generate custom_rules for all domains on the server. ==<br /> ip=`hostname -i` && for domain in `httpd -S | grep www. | awk -F 'www.' '{print $2}'`;do printf "if ( \$host ~ \"%s\") {set \$PROXY_DOMAIN_OR_IP \"$ip\";}\n" $domain ;done >> /etc/nginx/custom_rules && service nginx reload<br /> <br /> <br /> == Fix Installatron - error 500 or missing list/install ==<br /> /usr/local/installatron/repair -f --release --quick<br /> [https://installatron.com/docs/admin/troubleshooting#missinginstalls Installatron FIX]<br /> <br /> <br /> == Find root of a site and CD to it ==<br /> <br /> Replace domain.com with desired domain<br /> cd `grep "domain.com" /etc/apache2/conf/httpd.conf -A7|grep Root|head -1|awk '{print $2}'`<br /> <br /> <br /> == Generate CSR with OPENSSL ==<br /> <br /> Generate key:<br /> openssl genrsa -out private.key 2048<br /> <br /> Gemnerate CSR:<br /> openssl req -new -sha256 -key private.key -out mycsr.csr<br /> <br /> <br /> == PHP disable functions hardening ==<br /> <br /> disable_functions = "allow_url_fopen, apache_child_terminate, apache_setenv, base64_decode, chgrp, chmod, define_syslog_variables, dl, egy_perl, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftok, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, ini_set, inject_code, leak, link, mysql_pconnect, openlog, passthru, pclose, pcntl_exec, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, php_eval, phpinfo, php_uname, popen, posix_access, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_get_last_error, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix_getppid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_kill, posix_mkfifo, posix_mknod, posix_satty, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_strerror, posix_tims, posix_ttyname, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, putenv, readlink, root, safe_dir, set_time_limit, shell_exec, show_source, symlink, syslog, system, wscript, xmlrpc_entity_decode"<br /> <br /> <br /> == Links ==<br /> Installing Redis: [https://troubleshootguru.wordpress.com/2014/11/19/how-to-install-redis-on-a-centos-6-5-centos-7-0-server-2/] [https://www.fastcomet.com/community/question/wordpress-caching-with-redis-centos-cpanel/] [https://nixtree.com/blog/install-redis-daemon-and-redis-php-extention-on-centosrhelcpanel/]<br /> <br /> Windows images [http://torrent-win.net/windows_original/]<br /> <br /> Github: [https://github.com/romanost Github]<br /> <br /> Arista: [https://www.arista.com/assets/data/docs/Manuals/EOS-4.17.0F-Manual.pdf Manual] [https://www.arista.com/en/um-eos/eos-section-3-10-command-line-interface-commands CLI]<br /> <br /> VMware converter old version [http://soft.assenov.net/software/index.php?dir=VMWare/ Link]<br /> <br /> GEOip on EA4 [https://grepitout.com/install-mod_geoip-cpanel-easyapache-4/ link]<br /> <br /> PHP Malware finder [https://github.com/nbs-system/php-malware-finder link]<br /> <br /> Ahsay on QNAP patch [http://wiki.ahsay.com/doku.php?id=public:5356_no_suitable_python_found_for_arm-x41_installation_issue_on_qnap link]<br /> <br /> Kubernetes cheat sheet [https://linuxacademy.com/blog/containers/kubernetes-cheat-sheet/ link]<br /> <br /> Kubernetes Essentials [https://medium.com/devopslinks/kubernetes-essentials-282ac9951542 link]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Yamls&diff=69 Yamls 2019-06-02T09:25:18Z

<p>Meadmin: Created page with " == POD with NFS mount == # Create a pod that reads and writes to the NFS server via an NFS volume. kind: Pod apiVersion: v1 metadata: name: pod-using-nfs spec:..."</p> <hr /> <div><br /> == POD with NFS mount ==<br /> <br /> # Create a pod that reads and writes to the NFS server via an NFS volume.<br /> <br /> kind: Pod<br /> apiVersion: v1<br /> metadata:<br /> name: pod-using-nfs<br /> spec:<br /> # Add the server as an NFS volume for the pod<br /> volumes:<br /> - name: nfs-volume<br /> nfs: <br /> # URL for the NFS server<br /> server: 10.128.0.4 # Change to the NFS server IP<br /> path: /mnt/sharedfolder # Change to the exported folder name<br /> <br /> # In this container, we'll mount the NFS volume<br /> # and write the date to a file inside it.<br /> containers:<br /> - name: app<br /> image: alpine # Change to the needed image<br /> <br /> # Mount the NFS volume in the container<br /> volumeMounts:<br /> - name: nfs-volume<br /> mountPath: /var/nfs # Change to the desired mount point<br /> <br /> <br /> == VPN client ==<br /> <br /> Deployment YAML:<br /> <br /> apiVersion: extensions/v1beta1<br /> kind: Deployment<br /> metadata:<br /> annotations:<br /> kompose.cmd: kompose convert --volumes persistentVolumeClaim<br /> kompose.version: 1.16.0 (0c01309)<br /> creationTimestamp: null<br /> labels:<br /> io.kompose.service: vpn<br /> name: vpn<br /> spec:<br /> replicas: 1<br /> strategy:<br /> type: Recreate<br /> template:<br /> metadata:<br /> creationTimestamp: null<br /> labels:<br /> io.kompose.service: vpn<br /> spec:<br /> containers:<br /> - env:<br /> - name: TZ<br /> value: EST5EDT<br /> image: dperson/openvpn-client<br /> name: vpn<br /> resources: {}<br /> securityContext:<br /> capabilities:<br /> add:<br /> - net_admin<br /> stdin: true<br /> tty: true<br /> volumeMounts:<br /> - mountPath: /vpn<br /> name: vpn-claim0<br /> - mountPath: /run<br /> name: vpn-tmpfs0<br /> - mountPath: /tmp<br /> name: vpn-tmpfs1<br /> restartPolicy: Always<br /> volumes:<br /> - name: vpn-claim0<br /> persistentVolumeClaim:<br /> claimName: vpn-claim0<br /> - emptyDir:<br /> medium: Memory<br /> name: vpn-tmpfs0<br /> - emptyDir:<br /> medium: Memory<br /> name: vpn-tmpfs1<br /> status: {}<br /> <br /> <br /> Storage yaml:<br /> <br /> apiVersion: v1<br /> kind: PersistentVolumeClaim<br /> metadata:<br /> creationTimestamp: null<br /> labels:<br /> io.kompose.service: vpn-claim0<br /> name: vpn-claim0<br /> spec:<br /> accessModes:<br /> - ReadWriteOnce<br /> resources:<br /> requests:<br /> storage: 100Mi<br /> status: {}</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Main_Page&diff=68 Main Page 2019-06-02T09:21:54Z

<p>Meadmin: /* List of content */</p> <hr /> <div><br /> == List of content ==<br /> <br /> [[Windows]]<br /> <br /> [[Linux]]<br /> <br /> [[Dbs]]<br /> <br /> [[Mails]]<br /> <br /> [[Exim]]<br /> <br /> [[Dockers]]<br /> <br /> [[Kubernetes]]<br /> <br /> [[Yamls]]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Kubernetes&diff=67 Kubernetes 2019-06-02T09:21:15Z

<p>Meadmin: Created page with " == Deploy using kubectl == kubectl -f file.yaml == Convert docker-compose to Kubectl yamls == kompose convert -f docker-compose.yaml"</p> <hr /> <div><br /> == Deploy using kubectl ==<br /> kubectl -f file.yaml<br /> <br /> == Convert docker-compose to Kubectl yamls ==<br /> kompose convert -f docker-compose.yaml</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Linux&diff=66 Linux 2019-04-10T14:29:11Z

<p>Meadmin: </p> <hr /> <div><br /> == Wordpress login attack check ==<br /> <br /> '''Crontab :'''<br /> 0 */6 * * * sh /root/wplogin.sh<br /> <br /> '''Script :'''<br /> #!/bin/bash<br /> <br /> ###start editing<br /> thold="100"<br /> btime="359m"<br /> ###stop editing<br /> <br /> egrep 'wp-login.php' /usr/local/apache/domlogs/* | grep -v ftp_log | awk -F : '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | awk -v limit="$thold" '$1 > limit{print $2}' > $$_ip_$$<br /> <br /> while IFS= read -r line<br /> do<br /> /usr/sbin/csf -td "$line" "$btime" "banned for wordpress attack"<br /> done < $$_ip_$$<br /> rm -f $$_ip_$$<br /> <br /> == Prevent OOM killer ==<br /> <br /> '''Edit file /etc/sysctl.conf'''<br /> <br /> vm.overcommit_memory = 2 <br /> vm.overcommit_ratio = 100<br /> <br /> In case of bad memory usage (php out of memory) use this settings:<br /> <br /> vm.overcommit_memory = 0<br /> vm.overcommit_ratio = 80<br /> <br /> == Who is using SWAP ==<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5<br /> <br /> Print with the process command:<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5|awk -F'/' '{cmd="cat /proc/" $3 "/cmdline"; cmd|getline var; close (cmd); printf $0 "\t"; print var}' <br /> <br /> == Plesk on CentOS 12 bind fix ==<br /> <br /> The problem was nginx was attempting to bind to port 443 before the IP was initialized.<br /> <br /> To fix edit the /etx/sysctl.conf file and add <br /> net.ipv4.ip_nonlocal_bind = 1<br /> <br /> == WHM replica ==<br /> <br /> rsync -avz 192.168.1.122:/home/ /home/ --exclude="virtfs" --exclude="\.cp*" --exclude="cpeasyapache" <br /> rsync -avz 192.168.1.122:/usr/local/apache/conf/ /usr/local/apache/conf/<br /> rsync -avz 192.168.1.122:/var/named/ /var/named/<br /> rsync -avz 192.168.1.122:/usr/local/cpanel/ /usr/local/cpanel/<br /> rsync -avz 192.168.1.122:/var/cpanel/ /var/cpanel<br /> <br /> chkconfig cpanel off<br /> chkconfig exim off<br /> chkconfig dovecot off<br /> chkconfig pure-ftpd off<br /> chkconfig named off<br /> chkconfig mysql off<br /> chkconfig csf off<br /> chkconfig iptables off<br /> <br /> hostname: /etc/sysconfig/network<br /> <br /> change shared ip - You can change it in /etc/wwwacct.conf infront of ADDR parameter.<br /> change ip - Usage: /usr/local/cpanel/bin/setsiteip [-u user | domain] ip (/etc/trueuserowners)<br /> rebuild httpd conf<br /> restart apache<br /> <br /> == Apache memory usage ==<br /> <br /> ps -ylC httpd | awk '{x += $8;y += 1} END {print "Apache Memory Usage (MB): "x/1024; print "Average Proccess Size (MB): "x/((y-1)*1024)}'<br /> <br /> <br /> == Wordpress pingback ==<br /> <br /> Nginx:<br /> <br /> # WordPress Pingback Request Denial<br /> if ($http_user_agent ~* "WordPress") {<br /> return 403;<br /> }<br /> <br /> Apache:<br /> <br /> BrowserMatchNoCase WordPress wordpress_ping<br /> BrowserMatchNoCase Wordpress wordpress_ping<br /> Order Deny,Allow<br /> Deny from env=wordpress_ping<br /> <br /> == Find big files and folders ==<br /> <br /> find / -mount -type f -print0 2>/dev/null | xargs -0 du 2>/dev/null | grep -v "virtfs" | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> find / -mount -type d -print0 2>/dev/null | xargs -0 du 2>/dev/null | grep -v "virtfs" | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> du -sh /var/cpanel/user_notifications && du -sh /backup/cpbackup/*/dirs/_var_cpanel/user_notifications<br /> <br /> == Rebuild Sophos when disk full ==<br /> <br /> /etc/init.d/postgresql92 rebuild<br /> <br /> On older versions:<br /> /var/mdw/scripts/smtp stop<br /> dropdb -U postgres smtp<br /> createdb -U postgres smtp<br /> /var/mdw/scripts/smtp start<br /> <br /> == Clear allowed networks on Sophos ==<br /> <br /> Login to the Sophos<br /> Type ‘cc’<br /> In cc, you’ll be in MAIN, if not, type ‘MAIN’<br /> Type ‘webadmin'<br /> Type ‘allowed_networks@'<br /> =['REF_NetworkAny']<br /> <br /> <br /> == Most accessed sites in the last minute ==<br /> <br /> cat <<'SCRIPT' >>/root/sitesLoad.sh<br /> <br /> #!/bin/bash<br /> <nowiki>if [[ `netstat -ntalp | grep :80 | awk '$4 ~ /:80/ {print $0;exit}' | grep -q httpd; echo $?` -ne 0 ]]; then echo "Main web server is not Apache. Exiting..."; exit 1; fi</nowiki><br /> <br /> log=/tmp/hostPop<br /> i=0<br /> find /usr/local/apache/domlogs/ -type f -mmin -1 ! -group root -exec ls -l {} \+ | awk '{print $4, $9}' | column -t>$log<br /> <br /> while read line; do<br /> ((++i))<br /> arr[$i]=$i<br /> arr[$i*1000]=$(printf "$line" | awk '{print $1}')<br /> arr[$i*1001]=$(printf "$line" | awk '{print $2}')<br /> arr[$i*1002]=$(wc -l `echo $line | awk '{print $NF}'` | cut -d' ' -f 1)<br /> done < <(cat $log)<br /> <br /> echo "Analyzing apache logs in realtime for 1 minute..."; sleep 60<br /> <br /> for (( var=1 ; var<=$i ; var++ ))<br /> do<br /> printf "${arr[$var*1000]} ${arr[$var*1001]} "<br /> echo $((`wc -l $(echo ${arr[$var*1001]}) | cut -d' ' -f 1` - ${arr[$var*1002]}));<br /> done | sed -e 's/\/usr\/local\/apache\/domlogs\///g' | sort -nrk 3 | column -t<br /> <br /> SCRIPT<br /> chmod 700 /root/sitesLoad.sh && /root/sitesLoad.sh<br /> <br /> == PHP.INI upload big files ==<br /> <br /> ini_set('upload_max_filesize', '10M');<br /> ini_set('post_max_size', '10M');<br /> ini_set('max_input_time', 300);<br /> ini_set('max_execution_time', 300);<br /> <br /> <br /> == Change permissions (chmod) to folders and files ==<br /> <br /> find . -type d -exec chmod 755 {} + <br /> find . -type f -exec chmod 644 {} + <br /> <br /> == Disable IPv6 ==<br /> <br /> For current session:<br /> echo 1 > /proc/sys/net/ipv6/conf/<interface-name>/disable_ipv6<br /> echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6<br /> <br /> Permanent:<br /> vi /etc/sysctl.conf<br /> net.ipv6.conf.all.disable_ipv6 = 1<br /> sudo sysctl -p /etc/sysctl.conf<br /> <br /> == Virtual box boot from USB ==<br /> VBoxManage internalcommands createrawvmdk -filename C:\usb.vmdk -rawdisk \\.\PhysicalDrive#<br /> <br /> <br /> == CSF GUI on ISPCONFIG 3 ==<br /> Install old CSF (before 8.13)<br /> <br /> Copy the ISPCONFIG folder to /etc/csf/ and enable CSF in ISPCONFIG<br /> <br /> Backup csfui* files<br /> <br /> Upgrade CSF<br /> <br /> Copy backuped csfui* files back<br /> <br /> Run the following commands:<br /> sed -i 's/checkip/ConfigServer::CheckIP::checkip/g' /usr/local/csf/bin/csfui.pl<br /> sed -i 's/sanity(/ConfigServer::Sanity::sanity(/g' /usr/local/csf/bin/csfui.pl<br /> <br /> <br /> == Max connections on Linux ==<br /> <br /> Add to /etc/sysctl.conf:<br /> <br /> fs.file-max = 70000<br /> net.ipv4.tcp_tw_recycle=0<br /> net.ipv4.tcp_fin_timeout = 10<br /> net.ipv4.ip_local_port_range = 15000 61000<br /> net.core.somaxconn = 1024<br /> net.core.netdev_max_backlog = 2000<br /> <br /> == CSF configuration ==<br /> <br /> ## Automated configuration:<br /> <br /> sed -i 's/TESTING = "1"/TESTING = "0"/' /etc/csf/csf.conf<br /> sed -i 's/RESTRICT_SYSLOG = "0"/RESTRICT_SYSLOG = "3"/' /etc/csf/csf.conf<br /> sed -i 's/IPV6 = "1"/IPV6 = "0"/' /etc/csf/csf.conf<br /> sed -i 's/IGNORE_ALLOW = "0"/IGNORE_ALLOW = "1"/' /etc/csf/csf.conf<br /> sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;70"/' /etc/csf/csf.conf<br /> sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;100;1,443;tcp;100;5"/' /etc/csf/csf.conf<br /> sed -i 's/CT_LIMIT = "0"/CT_LIMIT = "300"/' /etc/csf/csf.conf<br /> <br /> ## Disable LFD alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/LF_EMAIL_ALERT = "1"/LF_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SSH_EMAIL_ALERT = "1"/LF_SSH_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SU_EMAIL_ALERT = "1"/LF_SU_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_WEBMIN_EMAIL_ALERT = "1"/LF_WEBMIN_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_CONSOLE_EMAIL_ALERT = "1"/LF_CONSOLE_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LT_EMAIL_ALERT = "1"/LT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/CT_EMAIL_ALERT = "1"/CT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PS_EMAIL_ALERT = "1"/PS_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> <br /> ## Disable PT alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/PT_USERPROC = "10"/PT_USERPROC = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERMEM = "256"/PT_USERMEM = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERTIME = "1800"/PT_USERTIME = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERKILL_ALERT = "1"/PT_USERKILL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_LOAD = "30"/PT_LOAD = "0"/' /etc/csf/csf.conf<br /> <br /> <br /> == Rescan drives ==<br /> <br /> echo "- - -" > /sys/class/scsi_host/host0/scan<br /> <br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> <br /> <br /> == Find PTR owner - reversal ==<br /> <br /> dig 0.168.192.in-addr.arpa. NS<br /> <br /> <br /> == Fix locales in Ubuntu ==<br /> locale-gen en_US.UTF-8<br /> dpkg-reconfigure locales<br /> <br /> <br /> == Change permissions to all files and folders ==<br /> chown `stat -c %U .`.`stat -c %U .` * -R<br /> <br /> == Open last edited file ==<br /> less `ls -dx1tr /usr/local/cpanel/logs/cpbackup/*|tail -1`<br /> <br /> == Clear cache and swap ==<br /> echo 3 > /proc/sys/vm/drop_caches && swapoff -a && swapon -a<br /> <br /> == Disable core files in CPanel accounts ==<br /> <br /> Add this in /etc/sysctl.conf<br /> kernel.core_uses_pid = 0<br /> kernel.core_pattern = /dev/null<br /> <br /> And run:<br /> sysctl -p<br /> <br /> == Add HSTS support in CPANEL ==<br /> cp -p /var/cpanel/templates/apache2_4/ssl_vhost.default /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> vi /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> <br /> Edit:<br /> <VirtualHost[% FOREACH ipblock IN vhost.ips %] [% ipblock.ip %]:[% ipblock.port %][% END %]><br /> # Enable HTTP Strict Transport Security<br /> Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"<br /> <br /> cp -p /var/cpanel/templates/apache2_4/main.default /var/cpanel/templates/apache2_4/main.local<br /> vi /var/cpanel/templates/apache2_4/main.local<br /> <br /> Edit:<br /> [% IF main.sslprotocol.item.sslprotocol.length %]SSLProtocol [% main.sslprotocol.item.sslprotocol %][% END %]<br /> SSLHonorCipherOrder on<br /> <br /> Run:<br /> /scripts/rebuildhttpdconf<br /> service httpd restart<br /> <br /> <br /> == Install mod_pagespeed on WHM ==<br /> <br /> With EA3:<br /> /usr/local/cpanel/3rdparty/bin/git clone https://github.com/pagespeed/cpanel.git /tmp/pagespeed/<br /> cd /tmp/pagespeed/Easy<br /> tar -zcvf Speed.pm.tar.gz pagespeed<br /> mkdir -p /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy<br /> mv Speed.pm Speed.pm.tar.gz -t /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy/<br /> cd && rm -rf /tmp/pagespeed<br /> <br /> With EA4:<br /> <br /> Create file /etc/rpm/macros.apache2 and add the following lines of code exactly as below<br /> %_httpd_mmn 20120211x8664<br /> %_httpd_apxs /usr/bin/apxs<br /> %_httpd_dir /etc/apache2<br /> %_httpd_bindir %{_httpd_dir}/bin<br /> %_httpd_modconfdir %{_httpd_dir}/conf.modules.d<br /> %_httpd_confdir %{_httpd_dir}/conf.d<br /> %_httpd_contentdir /usr/share/apache2<br /> %_httpd_moddir /usr/lib64/apache2/modules<br /> <br /> Next run the following commands in order, make sure you run each command on it’s own<br /> rm -rf /root/rpmbuild/RPMS/x86_64/<br /> wget https://github.com/pagespeed/cpanel/raw/master/EA4/ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpmbuild --rebuild ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpm -Uvh /root/rpmbuild/RPMS/x86_64/ea-apache24-mod_pagespeed*.rpm<br /> /etc/init.d/httpd restart<br /> <br /> <br /> == Resize root partition without reboot ==<br /> <br /> Resize HD size in VC<br /> Run: (replace the device if needed)<br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> run fdisk:<br /> print the old partition and save the output<br /> delete the root partition<br /> create a new partition using the SAME start block and make sure that the end block is higher than previous one (enter, enter, enter…)<br /> write changes (ignore error)<br /> run:<br /> partx -u /dev/sda<br /> resize2fs -f /dev/sda3<br /> Make sure everything is OK:<br /> df -h<br /> <br /> <br /> == Delete files with a large file list - Argument list too long ==<br /> find . -name '*'|xargs rm<br /> <br /> <br /> == Show all domains in NGINX configuration ==<br /> <br /> grep -e "^\s*server_name" /etc/nginx/conf.d/*|sed -e 's/[\t ]*server_name//g;'|sed -e "s/ /\+/g"|sed -e 's/;//g'|while read line; do for i in $line; do echo -n "$i "|sed -e 's/://' -e 's/\+/\n |--/g'; done ;echo; done; echo<br /> <br /> <br /> == Kill process that runs more than X time ==<br /> <br /> Kill cgi after 30 secs:<br /> for i in `ps -eo pid,etime,cmd|grep cgi|awk '$2 > "00:30" {print $1}'`; do kill $i; done<br /> <br /> <br /> == Unblock Invalid packets in CSF ==<br /> # Drop out of order packets and packets in an INVALID state in iptables<br /> # connection tracking<br /> PACKET_FILTER = "0"<br /> <br /> <br /> == Who uses RAM ==<br /> <br /> ps aux | awk '{print $6/1024 " MB\t\t" $11}' | sort -n<br /> <br /> <br /> <br /> == Fix WHM/CPanel templates ==<br /> <br /> cp /usr/local/apache/conf/httpd.conf{,.cptech-`date +%Y%m%d`}<br /> mv /var/cpanel/templates/apache2_4/vhost.local /var/cpanel/templates/apache2_4/vhost.local.bak<br /> mv /var/cpanel/templates/apache2_4/ssl_vhost.local /var/cpanel/templates/apache2_4/ssl_vhost.local.bak<br /> /scripts/rebuildhttpdconf<br /> /scripts/restartsrv_httpd<br /> <br /> <br /> <br /> == Fix NFS mount on boot - Centos 7 ==<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-idmap.service<br /> [Install]<br /> WantedBy=multi-user.target<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-lock.service<br /> [Install]<br /> WantedBy=nfs.target<br /> <br /> Enable related services<br /> <br /> systemctl enable nfs-idmapd.service <br /> systemctl enable rpc-statd.service <br /> systemctl enable rpcbind.socket<br /> <br /> Reboot the server<br /> <br /> <br /> == Login to WHM with link ==<br /> <br /> whmapi1 create_user_session user=root service=whostmgrd locale=en<br /> <br /> <br /> <br /> == Update date and time on Linux server ==<br /> <br /> sudo ntpd -qg; sudo hwclock -w<br /> <br /> <br /> == Clone Linux user ==<br /> <br /> #!/bin/bash<br /> SRC=$1<br /> DEST=$2<br /> <br /> SRC_GROUPS=$(id -Gn ${SRC} | sed "s/${SRC} //g" | sed "s/ ${SRC}//g" | sed "s/ /,/g")<br /> SRC_SHELL=$(awk -F : -v name=${SRC} '(name == $1) { print $7 }' /etc/passwd)<br /> <br /> useradd --groups ${SRC_GROUPS} --shell ${SRC_SHELL} --create-home ${DEST}<br /> passwd ${DEST}<br /> <br /> <br /> == Reload VM after UUID change ==<br /> <br /> vim-cmd vmsvc/getallvms<br /> vim-cmd vmsvc/reload $vmID<br /> <br /> <br /> == Size of suspended accounts in WHM ==<br /> for i in `whmapi1 listsuspended|grep user|cut -d: -f2`; do echo "Suspended account: $i - using" `whmapi1 listaccts search=$i searchtype=user|grep diskused|cut -d: -f2`; done<br /> <br /> <br /> == Clear BOOT on Ubuntu when 100% ==<br /> dpkg --purge `dpkg --list|grep "linux-"|grep -v \`uname -r|sed 's/-generic//g'\`|cut -d" " -f3|grep "[0-9]-"|paste -sd " " -`<br /> <br /> <br /> == One-time login to wordpress ==<br /> <br /> Install wp cli:<br /> <br /> curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar<br /> chmod +x wp-cli.phar<br /> mv wp-cli.phar /usr/local/bin/wp<br /> <br /> Run from the WordPress installed location:<br /> <br /> useradmin=`wp user list --role=administrator --format=csv --allow-root | cut -d',' -f2 | head -2 | tail -1` && wp plugin install one-time-login --activate --allow-root && wp user one-time-login $useradmin --allow-root && user=$(stat -c "%U" `pwd`) && chown $user.$user wp-content/ -R<br /> <br /> <br /> == Cpanel resources consumption history per user ==<br /> <nowiki>OUT=$(/usr/local/cpanel/bin/dcpumonview | grep -v Top | sed -e 's#<[^>]*># #g' | while read i ; do NF=`echo $i | awk {'print NF'}` ; if [[ "$NF" == "5" ]] ; then USER=`echo $i | awk {'print $1'}`; OWNER=`grep -e "^OWNER=" /var/cpanel/users/$USER | cut -d= -f2` ; echo "$OWNER $i"; fi ; done) ; (echo "USER CPU" ; echo "$OUT" | sort -nrk4 | awk '{printf "%s %s%\n",$2,$4}' | head -5) | column -t ;echo;(echo -e "USER MEMORY" ; echo "$OUT" | sort -nrk5 | awk '{printf "%s %s%\n",$2,$5}' | head -5) | column -t ;echo;(echo -e "USER MYSQL" ; echo "$OUT" | sort -nrk6 | awk '{printf "%s %s%\n",$2,$6}' | head -5) | column -t ; </nowiki><br /> <br /> <br /> == Engintron generate custom_rules for all domains on the server. ==<br /> ip=`hostname -i` && for domain in `httpd -S | grep www. | awk -F 'www.' '{print $2}'`;do printf "if ( \$host ~ \"%s\") {set \$PROXY_DOMAIN_OR_IP \"$ip\";}\n" $domain ;done >> /etc/nginx/custom_rules && service nginx reload<br /> <br /> <br /> == Fix Installatron - error 500 or missing list/install ==<br /> /usr/local/installatron/repair -f --release --quick<br /> [https://installatron.com/docs/admin/troubleshooting#missinginstalls Installatron FIX]<br /> <br /> <br /> == Find root of a site and CD to it ==<br /> <br /> Replace domain.com with desired domain<br /> cd `grep "domain.com" /etc/apache2/conf/httpd.conf -A7|grep Root|head -1|awk '{print $2}'`<br /> <br /> <br /> == Generate CSR with OPENSSL ==<br /> <br /> Generate key:<br /> openssl genrsa -out private.key 2048<br /> <br /> Gemnerate CSR:<br /> openssl req -new -sha256 -key private.key -out mycsr.csr<br /> <br /> == Links ==<br /> Installing Redis: [https://troubleshootguru.wordpress.com/2014/11/19/how-to-install-redis-on-a-centos-6-5-centos-7-0-server-2/] [https://www.fastcomet.com/community/question/wordpress-caching-with-redis-centos-cpanel/] [https://nixtree.com/blog/install-redis-daemon-and-redis-php-extention-on-centosrhelcpanel/]<br /> <br /> Windows images [http://torrent-win.net/windows_original/]<br /> <br /> Github: [https://github.com/romanost Github]<br /> <br /> Arista: [https://www.arista.com/assets/data/docs/Manuals/EOS-4.17.0F-Manual.pdf Manual] [https://www.arista.com/en/um-eos/eos-section-3-10-command-line-interface-commands CLI]<br /> <br /> VMware converter old version [http://soft.assenov.net/software/index.php?dir=VMWare/ Link]<br /> <br /> GEOip on EA4 [https://grepitout.com/install-mod_geoip-cpanel-easyapache-4/ link]<br /> <br /> PHP Malware finder [https://github.com/nbs-system/php-malware-finder link]<br /> <br /> Ahsay on QNAP patch [http://wiki.ahsay.com/doku.php?id=public:5356_no_suitable_python_found_for_arm-x41_installation_issue_on_qnap link]<br /> <br /> Kubernetes cheat sheet [https://linuxacademy.com/blog/containers/kubernetes-cheat-sheet/ link]<br /> <br /> Kubernetes Essentials [https://medium.com/devopslinks/kubernetes-essentials-282ac9951542 link]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Linux&diff=65 Linux 2019-04-08T05:41:54Z

<p>Meadmin: </p> <hr /> <div><br /> == Wordpress login attack check ==<br /> <br /> '''Crontab :'''<br /> 0 */6 * * * sh /root/wplogin.sh<br /> <br /> '''Script :'''<br /> #!/bin/bash<br /> <br /> ###start editing<br /> thold="100"<br /> btime="359m"<br /> ###stop editing<br /> <br /> egrep 'wp-login.php' /usr/local/apache/domlogs/* | grep -v ftp_log | awk -F : '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | awk -v limit="$thold" '$1 > limit{print $2}' > $$_ip_$$<br /> <br /> while IFS= read -r line<br /> do<br /> /usr/sbin/csf -td "$line" "$btime" "banned for wordpress attack"<br /> done < $$_ip_$$<br /> rm -f $$_ip_$$<br /> <br /> == Prevent OOM killer ==<br /> <br /> '''Edit file /etc/sysctl.conf'''<br /> <br /> vm.overcommit_memory = 2 <br /> vm.overcommit_ratio = 100<br /> <br /> In case of bad memory usage (php out of memory) use this settings:<br /> <br /> vm.overcommit_memory = 0<br /> vm.overcommit_ratio = 80<br /> <br /> == Who is using SWAP ==<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5<br /> <br /> Print with the process command:<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5|awk -F'/' '{cmd="cat /proc/" $3 "/cmdline"; cmd|getline var; close (cmd); printf $0 "\t"; print var}' <br /> <br /> == Plesk on CentOS 12 bind fix ==<br /> <br /> The problem was nginx was attempting to bind to port 443 before the IP was initialized.<br /> <br /> To fix edit the /etx/sysctl.conf file and add <br /> net.ipv4.ip_nonlocal_bind = 1<br /> <br /> == WHM replica ==<br /> <br /> rsync -avz 192.168.1.122:/home/ /home/ --exclude="virtfs" --exclude="\.cp*" --exclude="cpeasyapache" <br /> rsync -avz 192.168.1.122:/usr/local/apache/conf/ /usr/local/apache/conf/<br /> rsync -avz 192.168.1.122:/var/named/ /var/named/<br /> rsync -avz 192.168.1.122:/usr/local/cpanel/ /usr/local/cpanel/<br /> rsync -avz 192.168.1.122:/var/cpanel/ /var/cpanel<br /> <br /> chkconfig cpanel off<br /> chkconfig exim off<br /> chkconfig dovecot off<br /> chkconfig pure-ftpd off<br /> chkconfig named off<br /> chkconfig mysql off<br /> chkconfig csf off<br /> chkconfig iptables off<br /> <br /> hostname: /etc/sysconfig/network<br /> <br /> change shared ip - You can change it in /etc/wwwacct.conf infront of ADDR parameter.<br /> change ip - Usage: /usr/local/cpanel/bin/setsiteip [-u user | domain] ip (/etc/trueuserowners)<br /> rebuild httpd conf<br /> restart apache<br /> <br /> == Apache memory usage ==<br /> <br /> ps -ylC httpd | awk '{x += $8;y += 1} END {print "Apache Memory Usage (MB): "x/1024; print "Average Proccess Size (MB): "x/((y-1)*1024)}'<br /> <br /> <br /> == Wordpress pingback ==<br /> <br /> Nginx:<br /> <br /> # WordPress Pingback Request Denial<br /> if ($http_user_agent ~* "WordPress") {<br /> return 403;<br /> }<br /> <br /> Apache:<br /> <br /> BrowserMatchNoCase WordPress wordpress_ping<br /> BrowserMatchNoCase Wordpress wordpress_ping<br /> Order Deny,Allow<br /> Deny from env=wordpress_ping<br /> <br /> == Find big files and folders ==<br /> <br /> find / -mount -type f -print0 2>/dev/null | xargs -0 du 2>/dev/null | grep -v "virtfs" | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> find / -mount -type d -print0 2>/dev/null | xargs -0 du 2>/dev/null | grep -v "virtfs" | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> du -sh /var/cpanel/user_notifications && du -sh /backup/cpbackup/*/dirs/_var_cpanel/user_notifications<br /> <br /> == Rebuild Sophos when disk full ==<br /> <br /> /etc/init.d/postgresql92 rebuild<br /> <br /> On older versions:<br /> /var/mdw/scripts/smtp stop<br /> dropdb -U postgres smtp<br /> createdb -U postgres smtp<br /> /var/mdw/scripts/smtp start<br /> <br /> == Clear allowed networks on Sophos ==<br /> <br /> Login to the Sophos<br /> Type ‘cc’<br /> In cc, you’ll be in MAIN, if not, type ‘MAIN’<br /> Type ‘webadmin'<br /> Type ‘allowed_networks@'<br /> =['REF_NetworkAny']<br /> <br /> <br /> == Most accessed sites in the last minute ==<br /> <br /> cat <<'SCRIPT' >>/root/sitesLoad.sh<br /> <br /> #!/bin/bash<br /> <nowiki>if [[ `netstat -ntalp | grep :80 | awk '$4 ~ /:80/ {print $0;exit}' | grep -q httpd; echo $?` -ne 0 ]]; then echo "Main web server is not Apache. Exiting..."; exit 1; fi</nowiki><br /> <br /> log=/tmp/hostPop<br /> i=0<br /> find /usr/local/apache/domlogs/ -type f -mmin -1 ! -group root -exec ls -l {} \+ | awk '{print $4, $9}' | column -t>$log<br /> <br /> while read line; do<br /> ((++i))<br /> arr[$i]=$i<br /> arr[$i*1000]=$(printf "$line" | awk '{print $1}')<br /> arr[$i*1001]=$(printf "$line" | awk '{print $2}')<br /> arr[$i*1002]=$(wc -l `echo $line | awk '{print $NF}'` | cut -d' ' -f 1)<br /> done < <(cat $log)<br /> <br /> echo "Analyzing apache logs in realtime for 1 minute..."; sleep 60<br /> <br /> for (( var=1 ; var<=$i ; var++ ))<br /> do<br /> printf "${arr[$var*1000]} ${arr[$var*1001]} "<br /> echo $((`wc -l $(echo ${arr[$var*1001]}) | cut -d' ' -f 1` - ${arr[$var*1002]}));<br /> done | sed -e 's/\/usr\/local\/apache\/domlogs\///g' | sort -nrk 3 | column -t<br /> <br /> SCRIPT<br /> chmod 700 /root/sitesLoad.sh && /root/sitesLoad.sh<br /> <br /> == PHP.INI upload big files ==<br /> <br /> ini_set('upload_max_filesize', '10M');<br /> ini_set('post_max_size', '10M');<br /> ini_set('max_input_time', 300);<br /> ini_set('max_execution_time', 300);<br /> <br /> <br /> == Change permissions (chmod) to folders and files ==<br /> <br /> find . -type d -exec chmod 755 {} + <br /> find . -type f -exec chmod 644 {} + <br /> <br /> == Disable IPv6 ==<br /> <br /> For current session:<br /> echo 1 > /proc/sys/net/ipv6/conf/<interface-name>/disable_ipv6<br /> echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6<br /> <br /> Permanent:<br /> vi /etc/sysctl.conf<br /> net.ipv6.conf.all.disable_ipv6 = 1<br /> sudo sysctl -p /etc/sysctl.conf<br /> <br /> == Virtual box boot from USB ==<br /> VBoxManage internalcommands createrawvmdk -filename C:\usb.vmdk -rawdisk \\.\PhysicalDrive#<br /> <br /> <br /> == CSF GUI on ISPCONFIG 3 ==<br /> Install old CSF (before 8.13)<br /> <br /> Copy the ISPCONFIG folder to /etc/csf/ and enable CSF in ISPCONFIG<br /> <br /> Backup csfui* files<br /> <br /> Upgrade CSF<br /> <br /> Copy backuped csfui* files back<br /> <br /> Run the following commands:<br /> sed -i 's/checkip/ConfigServer::CheckIP::checkip/g' /usr/local/csf/bin/csfui.pl<br /> sed -i 's/sanity(/ConfigServer::Sanity::sanity(/g' /usr/local/csf/bin/csfui.pl<br /> <br /> <br /> == Max connections on Linux ==<br /> <br /> Add to /etc/sysctl.conf:<br /> <br /> fs.file-max = 70000<br /> net.ipv4.tcp_tw_recycle=0<br /> net.ipv4.tcp_fin_timeout = 10<br /> net.ipv4.ip_local_port_range = 15000 61000<br /> net.core.somaxconn = 1024<br /> net.core.netdev_max_backlog = 2000<br /> <br /> == CSF configuration ==<br /> <br /> ## Automated configuration:<br /> <br /> sed -i 's/TESTING = "1"/TESTING = "0"/' /etc/csf/csf.conf<br /> sed -i 's/RESTRICT_SYSLOG = "0"/RESTRICT_SYSLOG = "3"/' /etc/csf/csf.conf<br /> sed -i 's/IPV6 = "1"/IPV6 = "0"/' /etc/csf/csf.conf<br /> sed -i 's/IGNORE_ALLOW = "0"/IGNORE_ALLOW = "1"/' /etc/csf/csf.conf<br /> sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;70"/' /etc/csf/csf.conf<br /> sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;100;1,443;tcp;100;5"/' /etc/csf/csf.conf<br /> sed -i 's/CT_LIMIT = "0"/CT_LIMIT = "300"/' /etc/csf/csf.conf<br /> <br /> ## Disable LFD alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/LF_EMAIL_ALERT = "1"/LF_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SSH_EMAIL_ALERT = "1"/LF_SSH_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SU_EMAIL_ALERT = "1"/LF_SU_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_WEBMIN_EMAIL_ALERT = "1"/LF_WEBMIN_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_CONSOLE_EMAIL_ALERT = "1"/LF_CONSOLE_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LT_EMAIL_ALERT = "1"/LT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/CT_EMAIL_ALERT = "1"/CT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PS_EMAIL_ALERT = "1"/PS_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> <br /> ## Disable PT alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/PT_USERPROC = "10"/PT_USERPROC = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERMEM = "256"/PT_USERMEM = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERTIME = "1800"/PT_USERTIME = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERKILL_ALERT = "1"/PT_USERKILL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_LOAD = "30"/PT_LOAD = "0"/' /etc/csf/csf.conf<br /> <br /> <br /> == Rescan drives ==<br /> <br /> echo "- - -" > /sys/class/scsi_host/host0/scan<br /> <br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> <br /> <br /> == Find PTR owner - reversal ==<br /> <br /> dig 0.168.192.in-addr.arpa. NS<br /> <br /> <br /> == Fix locales in Ubuntu ==<br /> locale-gen en_US.UTF-8<br /> dpkg-reconfigure locales<br /> <br /> <br /> == Change permissions to all files and folders ==<br /> chown `stat -c %U .`.`stat -c %U .` * -R<br /> <br /> == Open last edited file ==<br /> less `ls -dx1tr /usr/local/cpanel/logs/cpbackup/*|tail -1`<br /> <br /> == Clear cache and swap ==<br /> echo 3 > /proc/sys/vm/drop_caches && swapoff -a && swapon -a<br /> <br /> == Disable core files in CPanel accounts ==<br /> <br /> Add this in /etc/sysctl.conf<br /> kernel.core_uses_pid = 0<br /> kernel.core_pattern = /dev/null<br /> <br /> And run:<br /> sysctl -p<br /> <br /> == Add HSTS support in CPANEL ==<br /> cp -p /var/cpanel/templates/apache2_4/ssl_vhost.default /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> vi /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> <br /> Edit:<br /> <VirtualHost[% FOREACH ipblock IN vhost.ips %] [% ipblock.ip %]:[% ipblock.port %][% END %]><br /> # Enable HTTP Strict Transport Security<br /> Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"<br /> <br /> cp -p /var/cpanel/templates/apache2_4/main.default /var/cpanel/templates/apache2_4/main.local<br /> vi /var/cpanel/templates/apache2_4/main.local<br /> <br /> Edit:<br /> [% IF main.sslprotocol.item.sslprotocol.length %]SSLProtocol [% main.sslprotocol.item.sslprotocol %][% END %]<br /> SSLHonorCipherOrder on<br /> <br /> Run:<br /> /scripts/rebuildhttpdconf<br /> service httpd restart<br /> <br /> <br /> == Install mod_pagespeed on WHM ==<br /> <br /> With EA3:<br /> /usr/local/cpanel/3rdparty/bin/git clone https://github.com/pagespeed/cpanel.git /tmp/pagespeed/<br /> cd /tmp/pagespeed/Easy<br /> tar -zcvf Speed.pm.tar.gz pagespeed<br /> mkdir -p /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy<br /> mv Speed.pm Speed.pm.tar.gz -t /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy/<br /> cd && rm -rf /tmp/pagespeed<br /> <br /> With EA4:<br /> <br /> Create file /etc/rpm/macros.apache2 and add the following lines of code exactly as below<br /> %_httpd_mmn 20120211x8664<br /> %_httpd_apxs /usr/bin/apxs<br /> %_httpd_dir /etc/apache2<br /> %_httpd_bindir %{_httpd_dir}/bin<br /> %_httpd_modconfdir %{_httpd_dir}/conf.modules.d<br /> %_httpd_confdir %{_httpd_dir}/conf.d<br /> %_httpd_contentdir /usr/share/apache2<br /> %_httpd_moddir /usr/lib64/apache2/modules<br /> <br /> Next run the following commands in order, make sure you run each command on it’s own<br /> rm -rf /root/rpmbuild/RPMS/x86_64/<br /> wget https://github.com/pagespeed/cpanel/raw/master/EA4/ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpmbuild --rebuild ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpm -Uvh /root/rpmbuild/RPMS/x86_64/ea-apache24-mod_pagespeed*.rpm<br /> /etc/init.d/httpd restart<br /> <br /> <br /> == Resize root partition without reboot ==<br /> <br /> Resize HD size in VC<br /> Run: (replace the device if needed)<br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> run fdisk:<br /> print the old partition and save the output<br /> delete the root partition<br /> create a new partition using the SAME start block and make sure that the end block is higher than previous one (enter, enter, enter…)<br /> write changes (ignore error)<br /> run:<br /> partx -u /dev/sda<br /> resize2fs -f /dev/sda3<br /> Make sure everything is OK:<br /> df -h<br /> <br /> <br /> == Delete files with a large file list - Argument list too long ==<br /> find . -name '*'|xargs rm<br /> <br /> <br /> == Show all domains in NGINX configuration ==<br /> <br /> grep -e "^\s*server_name" /etc/nginx/conf.d/*|sed -e 's/[\t ]*server_name//g;'|sed -e "s/ /\+/g"|sed -e 's/;//g'|while read line; do for i in $line; do echo -n "$i "|sed -e 's/://' -e 's/\+/\n |--/g'; done ;echo; done; echo<br /> <br /> <br /> == Kill process that runs more than X time ==<br /> <br /> Kill cgi after 30 secs:<br /> for i in `ps -eo pid,etime,cmd|grep cgi|awk '$2 > "00:30" {print $1}'`; do kill $i; done<br /> <br /> <br /> == Unblock Invalid packets in CSF ==<br /> # Drop out of order packets and packets in an INVALID state in iptables<br /> # connection tracking<br /> PACKET_FILTER = "0"<br /> <br /> <br /> == Who uses RAM ==<br /> <br /> ps aux | awk '{print $6/1024 " MB\t\t" $11}' | sort -n<br /> <br /> <br /> <br /> == Fix WHM/CPanel templates ==<br /> <br /> cp /usr/local/apache/conf/httpd.conf{,.cptech-`date +%Y%m%d`}<br /> mv /var/cpanel/templates/apache2_4/vhost.local /var/cpanel/templates/apache2_4/vhost.local.bak<br /> mv /var/cpanel/templates/apache2_4/ssl_vhost.local /var/cpanel/templates/apache2_4/ssl_vhost.local.bak<br /> /scripts/rebuildhttpdconf<br /> /scripts/restartsrv_httpd<br /> <br /> <br /> <br /> == Fix NFS mount on boot - Centos 7 ==<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-idmap.service<br /> [Install]<br /> WantedBy=multi-user.target<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-lock.service<br /> [Install]<br /> WantedBy=nfs.target<br /> <br /> Enable related services<br /> <br /> systemctl enable nfs-idmapd.service <br /> systemctl enable rpc-statd.service <br /> systemctl enable rpcbind.socket<br /> <br /> Reboot the server<br /> <br /> <br /> == Login to WHM with link ==<br /> <br /> whmapi1 create_user_session user=root service=whostmgrd locale=en<br /> <br /> <br /> <br /> == Update date and time on Linux server ==<br /> <br /> sudo ntpd -qg; sudo hwclock -w<br /> <br /> <br /> == Clone Linux user ==<br /> <br /> #!/bin/bash<br /> SRC=$1<br /> DEST=$2<br /> <br /> SRC_GROUPS=$(id -Gn ${SRC} | sed "s/${SRC} //g" | sed "s/ ${SRC}//g" | sed "s/ /,/g")<br /> SRC_SHELL=$(awk -F : -v name=${SRC} '(name == $1) { print $7 }' /etc/passwd)<br /> <br /> useradd --groups ${SRC_GROUPS} --shell ${SRC_SHELL} --create-home ${DEST}<br /> passwd ${DEST}<br /> <br /> <br /> == Reload VM after UUID change ==<br /> <br /> vim-cmd vmsvc/getallvms<br /> vim-cmd vmsvc/reload $vmID<br /> <br /> <br /> == Size of suspended accounts in WHM ==<br /> for i in `whmapi1 listsuspended|grep user|cut -d: -f2`; do echo "Suspended account: $i - using" `whmapi1 listaccts search=$i searchtype=user|grep diskused|cut -d: -f2`; done<br /> <br /> <br /> == Clear BOOT on Ubuntu when 100% ==<br /> dpkg --purge `dpkg --list|grep "linux-"|grep -v \`uname -r|sed 's/-generic//g'\`|cut -d" " -f3|grep "[0-9]-"|paste -sd " " -`<br /> <br /> <br /> == One-time login to wordpress ==<br /> <br /> Install wp cli:<br /> <br /> curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar<br /> chmod +x wp-cli.phar<br /> mv wp-cli.phar /usr/local/bin/wp<br /> <br /> Run from the WordPress installed location:<br /> <br /> useradmin=`wp user list --role=administrator --format=csv --allow-root | cut -d',' -f2 | head -2 | tail -1` && wp plugin install one-time-login --activate --allow-root && wp user one-time-login $useradmin --allow-root && user=$(stat -c "%U" `pwd`) && chown $user.$user wp-content/ -R<br /> <br /> <br /> == Cpanel resources consumption history per user ==<br /> <nowiki>OUT=$(/usr/local/cpanel/bin/dcpumonview | grep -v Top | sed -e 's#<[^>]*># #g' | while read i ; do NF=`echo $i | awk {'print NF'}` ; if [[ "$NF" == "5" ]] ; then USER=`echo $i | awk {'print $1'}`; OWNER=`grep -e "^OWNER=" /var/cpanel/users/$USER | cut -d= -f2` ; echo "$OWNER $i"; fi ; done) ; (echo "USER CPU" ; echo "$OUT" | sort -nrk4 | awk '{printf "%s %s%\n",$2,$4}' | head -5) | column -t ;echo;(echo -e "USER MEMORY" ; echo "$OUT" | sort -nrk5 | awk '{printf "%s %s%\n",$2,$5}' | head -5) | column -t ;echo;(echo -e "USER MYSQL" ; echo "$OUT" | sort -nrk6 | awk '{printf "%s %s%\n",$2,$6}' | head -5) | column -t ; </nowiki><br /> <br /> <br /> == Engintron generate custom_rules for all domains on the server. ==<br /> ip=`hostname -i` && for domain in `httpd -S | grep www. | awk -F 'www.' '{print $2}'`;do printf "if ( \$host ~ \"%s\") {set \$PROXY_DOMAIN_OR_IP \"$ip\";}\n" $domain ;done >> /etc/nginx/custom_rules && service nginx reload<br /> <br /> <br /> == Fix Installatron - error 500 or missing list/install ==<br /> /usr/local/installatron/repair -f --release --quick<br /> [https://installatron.com/docs/admin/troubleshooting#missinginstalls Installatron FIX]<br /> <br /> <br /> == Find root of a site and CD to it ==<br /> <br /> Replace domain.com with desired domain<br /> cd `grep "domain.com" /etc/apache2/conf/httpd.conf -A7|grep Root|head -1|awk '{print $2}'`<br /> <br /> <br /> == Generate CSR with OPENSSL ==<br /> <br /> Generate key:<br /> openssl genrsa -out private.key 2048<br /> <br /> Gemnerate CSR:<br /> openssl req -new -sha256 -key private.key -out mycsr.csr<br /> <br /> == Links ==<br /> Installing Redis: [https://troubleshootguru.wordpress.com/2014/11/19/how-to-install-redis-on-a-centos-6-5-centos-7-0-server-2/] [https://www.fastcomet.com/community/question/wordpress-caching-with-redis-centos-cpanel/] [https://nixtree.com/blog/install-redis-daemon-and-redis-php-extention-on-centosrhelcpanel/]<br /> <br /> Windows images [http://torrent-win.net/windows_original/]<br /> <br /> Github: [https://github.com/romanost Github]<br /> <br /> Arista: [https://www.arista.com/assets/data/docs/Manuals/EOS-4.17.0F-Manual.pdf Manual] [https://www.arista.com/en/um-eos/eos-section-3-10-command-line-interface-commands CLI]<br /> <br /> VMware converter old version [http://soft.assenov.net/software/index.php?dir=VMWare/ Link]<br /> <br /> GEOip on EA4 [https://grepitout.com/install-mod_geoip-cpanel-easyapache-4/ link]<br /> <br /> PHP Malware finder [https://github.com/nbs-system/php-malware-finder link]<br /> <br /> Ahsay on QNAP patch [http://wiki.ahsay.com/doku.php?id=public:5356_no_suitable_python_found_for_arm-x41_installation_issue_on_qnap link]<br /> <br /> Kubernetes cheat sheet [https://linuxacademy.com/blog/containers/kubernetes-cheat-sheet/ link]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Linux&diff=64 Linux 2019-02-17T11:28:23Z

<p>Meadmin: </p> <hr /> <div><br /> == Wordpress login attack check ==<br /> <br /> '''Crontab :'''<br /> 0 */6 * * * sh /root/wplogin.sh<br /> <br /> '''Script :'''<br /> #!/bin/bash<br /> <br /> ###start editing<br /> thold="100"<br /> btime="359m"<br /> ###stop editing<br /> <br /> egrep 'wp-login.php' /usr/local/apache/domlogs/* | grep -v ftp_log | awk -F : '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | awk -v limit="$thold" '$1 > limit{print $2}' > $$_ip_$$<br /> <br /> while IFS= read -r line<br /> do<br /> /usr/sbin/csf -td "$line" "$btime" "banned for wordpress attack"<br /> done < $$_ip_$$<br /> rm -f $$_ip_$$<br /> <br /> == Prevent OOM killer ==<br /> <br /> '''Edit file /etc/sysctl.conf'''<br /> <br /> vm.overcommit_memory = 2 <br /> vm.overcommit_ratio = 100<br /> <br /> In case of bad memory usage (php out of memory) use this settings:<br /> <br /> vm.overcommit_memory = 0<br /> vm.overcommit_ratio = 80<br /> <br /> == Who is using SWAP ==<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5<br /> <br /> Print with the process command:<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5|awk -F'/' '{cmd="cat /proc/" $3 "/cmdline"; cmd|getline var; close (cmd); printf $0 "\t"; print var}' <br /> <br /> == Plesk on CentOS 12 bind fix ==<br /> <br /> The problem was nginx was attempting to bind to port 443 before the IP was initialized.<br /> <br /> To fix edit the /etx/sysctl.conf file and add <br /> net.ipv4.ip_nonlocal_bind = 1<br /> <br /> == WHM replica ==<br /> <br /> rsync -avz 192.168.1.122:/home/ /home/ --exclude="virtfs" --exclude="\.cp*" --exclude="cpeasyapache" <br /> rsync -avz 192.168.1.122:/usr/local/apache/conf/ /usr/local/apache/conf/<br /> rsync -avz 192.168.1.122:/var/named/ /var/named/<br /> rsync -avz 192.168.1.122:/usr/local/cpanel/ /usr/local/cpanel/<br /> rsync -avz 192.168.1.122:/var/cpanel/ /var/cpanel<br /> <br /> chkconfig cpanel off<br /> chkconfig exim off<br /> chkconfig dovecot off<br /> chkconfig pure-ftpd off<br /> chkconfig named off<br /> chkconfig mysql off<br /> chkconfig csf off<br /> chkconfig iptables off<br /> <br /> hostname: /etc/sysconfig/network<br /> <br /> change shared ip - You can change it in /etc/wwwacct.conf infront of ADDR parameter.<br /> change ip - Usage: /usr/local/cpanel/bin/setsiteip [-u user | domain] ip (/etc/trueuserowners)<br /> rebuild httpd conf<br /> restart apache<br /> <br /> == Apache memory usage ==<br /> <br /> ps -ylC httpd | awk '{x += $8;y += 1} END {print "Apache Memory Usage (MB): "x/1024; print "Average Proccess Size (MB): "x/((y-1)*1024)}'<br /> <br /> <br /> == Wordpress pingback ==<br /> <br /> Nginx:<br /> <br /> # WordPress Pingback Request Denial<br /> if ($http_user_agent ~* "WordPress") {<br /> return 403;<br /> }<br /> <br /> Apache:<br /> <br /> BrowserMatchNoCase WordPress wordpress_ping<br /> BrowserMatchNoCase Wordpress wordpress_ping<br /> Order Deny,Allow<br /> Deny from env=wordpress_ping<br /> <br /> == Find big files and folders ==<br /> <br /> find / -mount -type f -print0 2>/dev/null | xargs -0 du 2>/dev/null | grep -v "virtfs" | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> find / -mount -type d -print0 2>/dev/null | xargs -0 du 2>/dev/null | grep -v "virtfs" | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> du -sh /var/cpanel/user_notifications && du -sh /backup/cpbackup/*/dirs/_var_cpanel/user_notifications<br /> <br /> == Rebuild Sophos when disk full ==<br /> <br /> /etc/init.d/postgresql92 rebuild<br /> <br /> On older versions:<br /> /var/mdw/scripts/smtp stop<br /> dropdb -U postgres smtp<br /> createdb -U postgres smtp<br /> /var/mdw/scripts/smtp start<br /> <br /> == Clear allowed networks on Sophos ==<br /> <br /> Login to the Sophos<br /> Type ‘cc’<br /> In cc, you’ll be in MAIN, if not, type ‘MAIN’<br /> Type ‘webadmin'<br /> Type ‘allowed_networks@'<br /> =['REF_NetworkAny']<br /> <br /> <br /> == Most accessed sites in the last minute ==<br /> <br /> cat <<'SCRIPT' >>/root/sitesLoad.sh<br /> <br /> #!/bin/bash<br /> <nowiki>if [[ `netstat -ntalp | grep :80 | awk '$4 ~ /:80/ {print $0;exit}' | grep -q httpd; echo $?` -ne 0 ]]; then echo "Main web server is not Apache. Exiting..."; exit 1; fi</nowiki><br /> <br /> log=/tmp/hostPop<br /> i=0<br /> find /usr/local/apache/domlogs/ -type f -mmin -1 ! -group root -exec ls -l {} \+ | awk '{print $4, $9}' | column -t>$log<br /> <br /> while read line; do<br /> ((++i))<br /> arr[$i]=$i<br /> arr[$i*1000]=$(printf "$line" | awk '{print $1}')<br /> arr[$i*1001]=$(printf "$line" | awk '{print $2}')<br /> arr[$i*1002]=$(wc -l `echo $line | awk '{print $NF}'` | cut -d' ' -f 1)<br /> done < <(cat $log)<br /> <br /> echo "Analyzing apache logs in realtime for 1 minute..."; sleep 60<br /> <br /> for (( var=1 ; var<=$i ; var++ ))<br /> do<br /> printf "${arr[$var*1000]} ${arr[$var*1001]} "<br /> echo $((`wc -l $(echo ${arr[$var*1001]}) | cut -d' ' -f 1` - ${arr[$var*1002]}));<br /> done | sed -e 's/\/usr\/local\/apache\/domlogs\///g' | sort -nrk 3 | column -t<br /> <br /> SCRIPT<br /> chmod 700 /root/sitesLoad.sh && /root/sitesLoad.sh<br /> <br /> == PHP.INI upload big files ==<br /> <br /> ini_set('upload_max_filesize', '10M');<br /> ini_set('post_max_size', '10M');<br /> ini_set('max_input_time', 300);<br /> ini_set('max_execution_time', 300);<br /> <br /> <br /> == Change permissions (chmod) to folders and files ==<br /> <br /> find . -type d -exec chmod 755 {} + <br /> find . -type f -exec chmod 644 {} + <br /> <br /> == Disable IPv6 ==<br /> <br /> For current session:<br /> echo 1 > /proc/sys/net/ipv6/conf/<interface-name>/disable_ipv6<br /> echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6<br /> <br /> Permanent:<br /> vi /etc/sysctl.conf<br /> net.ipv6.conf.all.disable_ipv6 = 1<br /> sudo sysctl -p /etc/sysctl.conf<br /> <br /> == Virtual box boot from USB ==<br /> VBoxManage internalcommands createrawvmdk -filename C:\usb.vmdk -rawdisk \\.\PhysicalDrive#<br /> <br /> <br /> == CSF GUI on ISPCONFIG 3 ==<br /> Install old CSF (before 8.13)<br /> <br /> Copy the ISPCONFIG folder to /etc/csf/ and enable CSF in ISPCONFIG<br /> <br /> Backup csfui* files<br /> <br /> Upgrade CSF<br /> <br /> Copy backuped csfui* files back<br /> <br /> Run the following commands:<br /> sed -i 's/checkip/ConfigServer::CheckIP::checkip/g' /usr/local/csf/bin/csfui.pl<br /> sed -i 's/sanity(/ConfigServer::Sanity::sanity(/g' /usr/local/csf/bin/csfui.pl<br /> <br /> <br /> == Max connections on Linux ==<br /> <br /> Add to /etc/sysctl.conf:<br /> <br /> fs.file-max = 70000<br /> net.ipv4.tcp_tw_recycle=0<br /> net.ipv4.tcp_fin_timeout = 10<br /> net.ipv4.ip_local_port_range = 15000 61000<br /> net.core.somaxconn = 1024<br /> net.core.netdev_max_backlog = 2000<br /> <br /> == CSF configuration ==<br /> <br /> ## Automated configuration:<br /> <br /> sed -i 's/TESTING = "1"/TESTING = "0"/' /etc/csf/csf.conf<br /> sed -i 's/RESTRICT_SYSLOG = "0"/RESTRICT_SYSLOG = "3"/' /etc/csf/csf.conf<br /> sed -i 's/IPV6 = "1"/IPV6 = "0"/' /etc/csf/csf.conf<br /> sed -i 's/IGNORE_ALLOW = "0"/IGNORE_ALLOW = "1"/' /etc/csf/csf.conf<br /> sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;70"/' /etc/csf/csf.conf<br /> sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;100;1,443;tcp;100;5"/' /etc/csf/csf.conf<br /> sed -i 's/CT_LIMIT = "0"/CT_LIMIT = "300"/' /etc/csf/csf.conf<br /> <br /> ## Disable LFD alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/LF_EMAIL_ALERT = "1"/LF_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SSH_EMAIL_ALERT = "1"/LF_SSH_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SU_EMAIL_ALERT = "1"/LF_SU_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_WEBMIN_EMAIL_ALERT = "1"/LF_WEBMIN_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_CONSOLE_EMAIL_ALERT = "1"/LF_CONSOLE_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LT_EMAIL_ALERT = "1"/LT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/CT_EMAIL_ALERT = "1"/CT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PS_EMAIL_ALERT = "1"/PS_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> <br /> ## Disable PT alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/PT_USERPROC = "10"/PT_USERPROC = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERMEM = "256"/PT_USERMEM = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERTIME = "1800"/PT_USERTIME = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERKILL_ALERT = "1"/PT_USERKILL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_LOAD = "30"/PT_LOAD = "0"/' /etc/csf/csf.conf<br /> <br /> <br /> == Rescan drives ==<br /> <br /> echo "- - -" > /sys/class/scsi_host/host0/scan<br /> <br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> <br /> <br /> == Find PTR owner - reversal ==<br /> <br /> dig 0.168.192.in-addr.arpa. NS<br /> <br /> <br /> == Fix locales in Ubuntu ==<br /> locale-gen en_US.UTF-8<br /> dpkg-reconfigure locales<br /> <br /> <br /> == Change permissions to all files and folders ==<br /> chown `stat -c %U .`.`stat -c %U .` * -R<br /> <br /> == Open last edited file ==<br /> less `ls -dx1tr /usr/local/cpanel/logs/cpbackup/*|tail -1`<br /> <br /> == Clear cache and swap ==<br /> echo 3 > /proc/sys/vm/drop_caches && swapoff -a && swapon -a<br /> <br /> == Disable core files in CPanel accounts ==<br /> <br /> Add this in /etc/sysctl.conf<br /> kernel.core_uses_pid = 0<br /> kernel.core_pattern = /dev/null<br /> <br /> And run:<br /> sysctl -p<br /> <br /> == Add HSTS support in CPANEL ==<br /> cp -p /var/cpanel/templates/apache2_4/ssl_vhost.default /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> vi /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> <br /> Edit:<br /> <VirtualHost[% FOREACH ipblock IN vhost.ips %] [% ipblock.ip %]:[% ipblock.port %][% END %]><br /> # Enable HTTP Strict Transport Security<br /> Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"<br /> <br /> cp -p /var/cpanel/templates/apache2_4/main.default /var/cpanel/templates/apache2_4/main.local<br /> vi /var/cpanel/templates/apache2_4/main.local<br /> <br /> Edit:<br /> [% IF main.sslprotocol.item.sslprotocol.length %]SSLProtocol [% main.sslprotocol.item.sslprotocol %][% END %]<br /> SSLHonorCipherOrder on<br /> <br /> Run:<br /> /scripts/rebuildhttpdconf<br /> service httpd restart<br /> <br /> <br /> == Install mod_pagespeed on WHM ==<br /> <br /> With EA3:<br /> /usr/local/cpanel/3rdparty/bin/git clone https://github.com/pagespeed/cpanel.git /tmp/pagespeed/<br /> cd /tmp/pagespeed/Easy<br /> tar -zcvf Speed.pm.tar.gz pagespeed<br /> mkdir -p /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy<br /> mv Speed.pm Speed.pm.tar.gz -t /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy/<br /> cd && rm -rf /tmp/pagespeed<br /> <br /> With EA4:<br /> <br /> Create file /etc/rpm/macros.apache2 and add the following lines of code exactly as below<br /> %_httpd_mmn 20120211x8664<br /> %_httpd_apxs /usr/bin/apxs<br /> %_httpd_dir /etc/apache2<br /> %_httpd_bindir %{_httpd_dir}/bin<br /> %_httpd_modconfdir %{_httpd_dir}/conf.modules.d<br /> %_httpd_confdir %{_httpd_dir}/conf.d<br /> %_httpd_contentdir /usr/share/apache2<br /> %_httpd_moddir /usr/lib64/apache2/modules<br /> <br /> Next run the following commands in order, make sure you run each command on it’s own<br /> rm -rf /root/rpmbuild/RPMS/x86_64/<br /> wget https://github.com/pagespeed/cpanel/raw/master/EA4/ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpmbuild --rebuild ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpm -Uvh /root/rpmbuild/RPMS/x86_64/ea-apache24-mod_pagespeed*.rpm<br /> /etc/init.d/httpd restart<br /> <br /> <br /> == Resize root partition without reboot ==<br /> <br /> Resize HD size in VC<br /> Run: (replace the device if needed)<br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> run fdisk:<br /> print the old partition and save the output<br /> delete the root partition<br /> create a new partition using the SAME start block and make sure that the end block is higher than previous one (enter, enter, enter…)<br /> write changes (ignore error)<br /> run:<br /> partx -u /dev/sda<br /> resize2fs -f /dev/sda3<br /> Make sure everything is OK:<br /> df -h<br /> <br /> <br /> == Delete files with a large file list - Argument list too long ==<br /> find . -name '*'|xargs rm<br /> <br /> <br /> == Show all domains in NGINX configuration ==<br /> <br /> grep -e "^\s*server_name" /etc/nginx/conf.d/*|sed -e 's/[\t ]*server_name//g;'|sed -e "s/ /\+/g"|sed -e 's/;//g'|while read line; do for i in $line; do echo -n "$i "|sed -e 's/://' -e 's/\+/\n |--/g'; done ;echo; done; echo<br /> <br /> <br /> == Kill process that runs more than X time ==<br /> <br /> Kill cgi after 30 secs:<br /> for i in `ps -eo pid,etime,cmd|grep cgi|awk '$2 > "00:30" {print $1}'`; do kill $i; done<br /> <br /> <br /> == Unblock Invalid packets in CSF ==<br /> # Drop out of order packets and packets in an INVALID state in iptables<br /> # connection tracking<br /> PACKET_FILTER = "0"<br /> <br /> <br /> == Who uses RAM ==<br /> <br /> ps aux | awk '{print $6/1024 " MB\t\t" $11}' | sort -n<br /> <br /> <br /> <br /> == Fix WHM/CPanel templates ==<br /> <br /> cp /usr/local/apache/conf/httpd.conf{,.cptech-`date +%Y%m%d`}<br /> mv /var/cpanel/templates/apache2_4/vhost.local /var/cpanel/templates/apache2_4/vhost.local.bak<br /> mv /var/cpanel/templates/apache2_4/ssl_vhost.local /var/cpanel/templates/apache2_4/ssl_vhost.local.bak<br /> /scripts/rebuildhttpdconf<br /> /scripts/restartsrv_httpd<br /> <br /> <br /> <br /> == Fix NFS mount on boot - Centos 7 ==<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-idmap.service<br /> [Install]<br /> WantedBy=multi-user.target<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-lock.service<br /> [Install]<br /> WantedBy=nfs.target<br /> <br /> Enable related services<br /> <br /> systemctl enable nfs-idmapd.service <br /> systemctl enable rpc-statd.service <br /> systemctl enable rpcbind.socket<br /> <br /> Reboot the server<br /> <br /> <br /> == Login to WHM with link ==<br /> <br /> whmapi1 create_user_session user=root service=whostmgrd locale=en<br /> <br /> <br /> <br /> == Update date and time on Linux server ==<br /> <br /> sudo ntpd -qg; sudo hwclock -w<br /> <br /> <br /> == Clone Linux user ==<br /> <br /> #!/bin/bash<br /> SRC=$1<br /> DEST=$2<br /> <br /> SRC_GROUPS=$(id -Gn ${SRC} | sed "s/${SRC} //g" | sed "s/ ${SRC}//g" | sed "s/ /,/g")<br /> SRC_SHELL=$(awk -F : -v name=${SRC} '(name == $1) { print $7 }' /etc/passwd)<br /> <br /> useradd --groups ${SRC_GROUPS} --shell ${SRC_SHELL} --create-home ${DEST}<br /> passwd ${DEST}<br /> <br /> <br /> == Reload VM after UUID change ==<br /> <br /> vim-cmd vmsvc/getallvms<br /> vim-cmd vmsvc/reload $vmID<br /> <br /> <br /> == Size of suspended accounts in WHM ==<br /> for i in `whmapi1 listsuspended|grep user|cut -d: -f2`; do echo "Suspended account: $i - using" `whmapi1 listaccts search=$i searchtype=user|grep diskused|cut -d: -f2`; done<br /> <br /> <br /> == Clear BOOT on Ubuntu when 100% ==<br /> dpkg --purge `dpkg --list|grep "linux-"|grep -v \`uname -r|sed 's/-generic//g'\`|cut -d" " -f3|grep "[0-9]-"|paste -sd " " -`<br /> <br /> <br /> == One-time login to wordpress ==<br /> <br /> Install wp cli:<br /> <br /> curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar<br /> chmod +x wp-cli.phar<br /> mv wp-cli.phar /usr/local/bin/wp<br /> <br /> Run from the WordPress installed location:<br /> <br /> useradmin=`wp user list --role=administrator --format=csv --allow-root | cut -d',' -f2 | head -2 | tail -1` && wp plugin install one-time-login --activate --allow-root && wp user one-time-login $useradmin --allow-root && user=$(stat -c "%U" `pwd`) && chown $user.$user wp-content/ -R<br /> <br /> <br /> == Cpanel resources consumption history per user ==<br /> <nowiki>OUT=$(/usr/local/cpanel/bin/dcpumonview | grep -v Top | sed -e 's#<[^>]*># #g' | while read i ; do NF=`echo $i | awk {'print NF'}` ; if [[ "$NF" == "5" ]] ; then USER=`echo $i | awk {'print $1'}`; OWNER=`grep -e "^OWNER=" /var/cpanel/users/$USER | cut -d= -f2` ; echo "$OWNER $i"; fi ; done) ; (echo "USER CPU" ; echo "$OUT" | sort -nrk4 | awk '{printf "%s %s%\n",$2,$4}' | head -5) | column -t ;echo;(echo -e "USER MEMORY" ; echo "$OUT" | sort -nrk5 | awk '{printf "%s %s%\n",$2,$5}' | head -5) | column -t ;echo;(echo -e "USER MYSQL" ; echo "$OUT" | sort -nrk6 | awk '{printf "%s %s%\n",$2,$6}' | head -5) | column -t ; </nowiki><br /> <br /> <br /> == Engintron generate custom_rules for all domains on the server. ==<br /> ip=`hostname -i` && for domain in `httpd -S | grep www. | awk -F 'www.' '{print $2}'`;do printf "if ( \$host ~ \"%s\") {set \$PROXY_DOMAIN_OR_IP \"$ip\";}\n" $domain ;done >> /etc/nginx/custom_rules && service nginx reload<br /> <br /> <br /> == Fix Installatron - error 500 or missing list/install ==<br /> /usr/local/installatron/repair -f --release --quick<br /> [https://installatron.com/docs/admin/troubleshooting#missinginstalls Installatron FIX]<br /> <br /> <br /> == Find root of a site and CD to it ==<br /> <br /> Replace domain.com with desired domain<br /> cd `grep "domain.com" /etc/apache2/conf/httpd.conf -A7|grep Root|head -1|awk '{print $2}'`<br /> <br /> <br /> == Generate CSR with OPENSSL ==<br /> <br /> Generate key:<br /> openssl genrsa -out private.key 2048<br /> <br /> Gemnerate CSR:<br /> openssl req -new -sha256 -key private.key -out mycsr.csr<br /> <br /> == Links ==<br /> Installing Redis: [https://troubleshootguru.wordpress.com/2014/11/19/how-to-install-redis-on-a-centos-6-5-centos-7-0-server-2/] [https://www.fastcomet.com/community/question/wordpress-caching-with-redis-centos-cpanel/] [https://nixtree.com/blog/install-redis-daemon-and-redis-php-extention-on-centosrhelcpanel/]<br /> <br /> Windows images [http://torrent-win.net/windows_original/]<br /> <br /> Github: [https://github.com/romanost Github]<br /> <br /> Arista: [https://www.arista.com/assets/data/docs/Manuals/EOS-4.17.0F-Manual.pdf Manual] [https://www.arista.com/en/um-eos/eos-section-3-10-command-line-interface-commands CLI]<br /> <br /> VMware converter old version [http://soft.assenov.net/software/index.php?dir=VMWare/ Link]<br /> <br /> GEOip on EA4 [https://grepitout.com/install-mod_geoip-cpanel-easyapache-4/ link]<br /> <br /> PHP Malware finder [https://github.com/nbs-system/php-malware-finder link]<br /> <br /> Ahsay on QNAP patch [http://wiki.ahsay.com/doku.php?id=public:5356_no_suitable_python_found_for_arm-x41_installation_issue_on_qnap link]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Scripts&diff=63 Scripts 2019-02-17T05:56:05Z

<p>Meadmin: </p> <hr /> <div><br /> == Flying replication ==<br /> <br /> rsync -avz 192.168.1.122:/usr/local/apache/conf/ /usr/local/apache/conf/ --delete<br /> rsync -avz 192.168.1.122:/var/named/ /var/named/ --delete<br /> rsync -avz 192.168.1.122:/usr/local/cpanel/ /usr/local/cpanel/ --delete<br /> rsync -avz 192.168.1.122:/var/cpanel/ /var/cpanel --delete<br /> <br /> for x in `cat /etc/trueuserowners|grep -v "#"|cut -d: -f1`;do /usr/local/cpanel/bin/setsiteip -u $x `hostname -i` ;done; <br /> <br /> /scripts/rebuildhttpdconf<br /> <br /> <br /> <br /> == WHM replication to clean server ==<br /> <br /> #!/bin/bash<br /> rsync -avz 192.168.1.21:/etc/apache2/conf/ /etc/httpd/conf/<br /> rsync -avz 192.168.1.21:/var/cpanel/ssl/installed/ /etc/ssl/certs/<br /> rsync -avz 192.168.1.21:/etc/apache2/conf.d/includes/ /etc/httpd/conf.d/includes/<br /> rsync -avz 192.168.1.21:/var/cpanel/ssl/cpanel/ /etc/ssl/certs/cpanel/<br /> sed -i "s/192.168.1.21/`hostname -i`/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/var\/cpanel\/ssl\/installed\//\/etc\/ssl\/certs\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/etc\/apache2\//\/etc\/httpd\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/RewriteMap LeechProtect/\#RewriteMap LeechProtect/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/Mutex file:\/run\/apache2/\#Mutex file:\/run\/apache2/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/apache2/httpd/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/var\/cpanel\/ssl\/cpanel\//\/etc\/ssl\/certs\/cpanel\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/Listen \[\:\:\]\:80/\#Listen \[\:\:\]\:80/g" /etc/httpd/conf/httpd.conf<br /> <br /> rsync -avz 192.168.1.21:/opt/cpanel/ea-php55/root/etc/php.ini /etc/<br /> rsync -avz 192.168.1.21:/etc/passwd /tmp/passwd<br /> rsync -avz 192.168.1.21:/etc/group /tmp/group<br /> <br /> var1=`cat /etc/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> var2=`cat /tmp/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> <br /> c1=`cat /etc/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> c2=`cat /tmp/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> <br /> if [ $c2 -gt $c1 ]; then<br /> newone=`comm --nocheck-order -13 <(echo $var1) <(echo $var2)`<br /> echo $newone >> /etc/passwd<br /> fi<br /> <br /> var1=`cat /etc/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> var2=`cat /tmp/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> <br /> c1=`cat /etc/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> c2=`cat /tmp/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> <br /> if [ $c2 -gt $c1 ]; then<br /> newone=`comm --nocheck-order -13 <(echo $var1) <(echo $var2)`<br /> echo $newone >> /etc/group<br /> fi<br /> <br /> == WHM replicate suphp to clean server ==<br /> <br /> scp /usr/lib64/httpd/modules/mod_suphp.so 172.18.0.6:/usr/lib64/httpd/modules/<br /> scp /etc/httpd/conf.modules.d/90-suphp.conf 172.18.0.6:/etc/httpd/conf.modules.d/<br /> scp /usr/lib64/httpd/modules/mod_suphp.so 172.18.0.6:/usr/lib64/httpd/modules/<br /> scp /usr/sbin/suphp 172.18.0.6:/usr/sbin/<br /> scp /etc/suphp.conf 172.18.0.6:/etc/<br /> scp /etc/httpd/conf.d/php.conf 172.18.0.6:/etc/httpd/conf.d/<br /> scp /etc/httpd/conf.modules.d/10-php.conf 172.18.0.6:/etc/httpd/conf.modules.d/<br /> <br /> chown root.nobody /usr/sbin/suphp<br /> chmod 4750 /usr/sbin/suphp<br /> <br /> <br /> == Sync nginx conf ==<br /> <br /> #!/bin/bash<br /> <br /> servs=(192.168.0.11 192.168.0.12 192.168.0.15 192.168.0.16 192.168.0.17 192.168.0.19 192.168.0.20 192.168.0.21 192.168.0.22 192.168.0.23 192.168.0.24 192.168.0.26 192.168.0.115 192.168.0.116 192.168.0.117 192.168.0.118 192.168.0.29 192.168.0.30)<br /> <br /> for i in "${servs[@]}"<br /> do<br /> echo $i<br /> scp nginx_conf/nginx.conf $i:/etc/nginx/<br /> scp nginx_conf/.htpasswd $i:/etc/nginx/<br /> scp -r nginx_conf/conf.d $i:/etc/nginx/<br /> ssh $i 'sed -i "s/Lxxx/`echo L\`hostname|cut -d "-" -f1|sed "s/web//"\``/g" /etc/nginx/conf.d/* && service nginx restart'<br /> done<br /> <br /> == Manage CWM auto start and stop server ==<br /> <br /> #!/bin/bash<br /> . keys.sh<br /> <br /> <br /> minservs=4<br /> maxservs=8<br /> locon=2500<br /> hicon=8000<br /> <br /> servs=($serv_01 $serv_02 $serv_03 $serv_04 $serv_05 $serv_06 $serv_07 $serv_08)<br /> onservs=0<br /> conns=0<br /> #echo ${servs[@]}<br /> <br /> for i in "${servs[@]}"<br /> do<br /> readarray -t values < <(curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" "https://console.cloudwm.com/service/server/${i}"|/root/api/jq -r '(map(values))[]') # | egrep "power|ip"<br /> #echo ${values[6]} ##power<br /> #echo ${values[14]} |sed 's/\"//g' ##ips<br /> if [ ${values[6]} == 'on' ]; then <br /> #onservs=$((onservs+1))<br /> ((onservs++))<br /> ip=$(echo ${values[14]} |tr -d \"\'\",\") ##ips<br /> curcon=$(ssh $ip "netstat -ant | grep :80 | wc -l")<br /> #echo $ip , $curcon<br /> conns=$((conns+curcon))<br /> fi<br /> #declare -p values<br /> done<br /> <br /> #echo "On servers: " $onservs<br /> #echo "Connections: " $conns<br /> <br /> mid=$((conns/onservs))<br /> #echo "mid: " $mid<br /> <br /> if [[ $mid > $hicon ]] && [[ $onservs < $maxservs ]]; then ## power on +1<br /> #echo "hi"<br /> srv=${servs[onservs]}<br /> #echo $srv<br /> curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" -X PUT -d "power=on" "https://console.cloudwm.com/service/server/${srv}/power"<br /> <br /> elif [[ $mid < $locon ]] && [[ $onservs > $minservs ]]; then ## power off -1<br /> #echo "lo" $onservs<br /> srv=${servs[onservs-1]}<br /> #echo $srv<br /> curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" -X PUT -d "power=off" "https://console.cloudwm.com/service/server/${srv}/power"<br /> fi<br /> <br /> == SQL dump ==<br /> <br /> <br /> #!/bin/bash<br /> <br /> retain=7 ## days to keep<br /> logdir="/var/www/html/sqlbackups/" ## dumps folder<br /> prename="db_Backup" ## name prefix<br /> postname=".sql.gz" ## name suffix<br /> mailaddr="eitani@gmail.com"<br /> <br /> dumpcmd="mysqldump --all-databases"<br /> date=`date +"%d%b%y"`<br /> tmst='date +%Y%m%d-%H%M%S.%N'<br /> outstr="[`$tmst`]: Dump started\n"<br /> <br /> fullname=$logdir$prename"_"$date$postname<br /> <br /> if [ -z "$logdir" ]; then<br /> outstr=$outstr"[`$tmst`]: Log directory not set\n"<br /> out=1<br /> else<br /> outstr=$outstr"[`$tmst`]: Running dump $dumpcmd | gzip -c > $fullname\n"<br /> $dumpcmd | gzip -c > $fullname<br /> out=$?<br /> fi<br /> <br /> if <nowiki>[[ $out = 0 ]]; then </nowiki><br /> outstr=$outstr"[`$tmst`]: Dump done, file: $fullname\n"<br /> outstr=$outstr"[`$tmst`]: Deleting old backups (older than $retain days) from folder: $logdir\n"<br /> outstr=$outstr"[`$tmst`]: Files to be deleted: `find $logdir -type f -mtime +$retain `\n"<br /> `find $logdir -type f -mtime +$retain -exec rm {} \;`<br /> else<br /> outstr=$outstr"[`$tmst`]: Dump failed\n"<br /> fi<br /> <br /> outstr=$outstr"[`$tmst`]: Script done\n"<br /> <br /> #echo -e $outstr<br /> <br /> mailtxt="Subject: SQLdump on webbit server\nFrom: script@webbit.web\nTo: $mailaddr\n\n$outstr"<br /> echo -e $mailtxt | sendmail -t<br /> <br /> <br /> == Check DNS zones ==<br /> <br /> #!/bin/bash<br /> <br /> iparr=()<br /> ipbad=()<br /> <br /> tempfile="/tmp/zonetempfile.db"<br /> backupdir="/root/oldzones"<br /> <br /> getzones () {<br /> zones=($(find /var/named/*.db -printf '%f\n'|sed 's/\.db//g'))<br /> #echo $zones<br /> }<br /> <br /> findoffs () {<br /> fl=$1<br /> a=()<br /> #echo "File: " $fl<br /> #cat $fl | while read line<br /> #do<br /> while read -r line<br /> do<br /> #echo "line: "$line<br /> <nowiki> if [[ "${line:0:1}" == ";" ]] && [[ $line == *"IN A"* ]] ; then</nowiki><br /> addr=$(echo $line|awk '{print $4}')<br /> #echo "adr:" $addr<br /> checkip $addr<br /> #echo done<br /> changed+=($res)<br /> fi<br /> done < <(cat $fl)<br /> #done<br /> }<br /> <br /> checkip () {<br /> ipad=$1<br /> #echo $ipad<br /> if [[ "${iparr[@]}" =~ "i${ipad}i" ]]; then<br /> #if [[ "${iparr[@]}" == "${ipad}" ]]; then<br /> #echo "Found: " $ipad<br /> return 0<br /> elif [[ "${ipbad[@]}" =~ "i${ipad}i" ]]; then<br /> #echo "found bad: " $ipad<br /> return 1<br /> else<br /> #echo "Not found: " $ipad<br /> timeout 2 ping -c 1 $addr > /dev/null<br /> res=$?<br /> ii="i"$ipad"i"<br /> if [[ $res == 0 ]]; then<br /> #echo $ii<br /> #iparr+=($ipad)<br /> iparr+=($ii)<br /> #echo "add to good: "$ii<br /> return 0<br /> else<br /> ipbad+=($ii)<br /> #echo "add to bad: "$ii ", old: "${ipbad[@]}<br /> return 1<br /> fi<br /> #echo "no"<br /> fi<br /> }<br /> <br /> parsezone () {<br /> zone=$1<br /> #echo "Zone: " $zone<br /> fname="/var/named/$1.db"<br /> #echo "Name: " $fname<br /> parsed=($(named-checkzone -q -i none -s full -D $1 /var/named/$1.db | egrep "IN SOA|IN A"))<br /> #for i in `named-checkzone -q -i none -s full -D $1 /var/named/$1.db | egrep "IN SOA|IN A"`<br /> #do<br /> # echo "u: " $i<br /> #done<br /> <br /> <br /> #echo "Parsed: " $parsed<br /> for i in ${parsed[@]}<br /> do<br /> #echo "z: " $zone "i: " $i<br /> if [[ $i == *"SOA"* ]]; then<br /> ser=$(echo $i|awk '{print $7}')<br /> #echo "Ser: " $ser<br /> elif [[ $i == *"IN A"* ]]; then<br /> host=$(echo $i|awk '{print $1}')<br /> addr=$(echo $i|awk '{print $5}')<br /> #echo "Pinging: *"$addr"*"<br /> #timeout 3 ping -c 1 $addr #> /dev/null<br /> checkip $addr<br /> res=$?<br /> let changed+=($res)<br /> if [[ $res > 0 ]]; then<br /> toblock+=($addr)<br /> fi<br /> #echo "Host: " $host "Addr: " $addr "Res: " $res<br /> fi<br /> done<br /> #echo "Block: " $toblock<br /> #echo "Parsed: " ${parsed[@]}<br /> #sers=$(echo $parsed|grep SOA|awk '{print $7}')<br /> #sers=$(echo $parsed|grep SOA)<br /> #arec=$(echo $parsed|grep "IN A")<br /> #echo "ser: " $sers<br /> #echo ${arec[@]}<br /> #for i in "${arec[@]}"<br /> #do<br /> # echo "As: " $i<br /> #done<br /> }<br /> <br /> updatezone () {<br /> uzone=$1<br /> zname=$2<br /> newser=$((ser+1))<br /> #echo "old ser" $ser<br /> #echo "new ser" $newser<br /> cp $zname /root/scripts/<br /> <br /> sed -i "s/$ser/$newser/" $zname # update serial<br /> infile=$(cat $zname)<br /> #outfile="z.z"<br /> outfile=tempfile<br /> > $outfile<br /> #echo $infile<br /> for f1 in $infile<br /> do<br /> #echo " - "$f1<br /> newline=$f1<br /> if [[ "${f1:0:1}" == ";" ]] && [[ $f1 == *"IN A"* ]] ; then<br /> fip=$(echo $f1|awk '{print $4}')<br /> #echo "add: "$fip<br /> if ! [[ "${ipbad[@]}" =~ "i${fip}i" ]]; then<br /> #echo "remove from bad" $fip<br /> newline=$(echo $f1|sed -r 's/^.{1}//')<br /> #echo "new: "$newline<br /> fi<br /> elif [[ $f1 == *"IN A"* ]]; then<br /> fip=$(echo $f1|awk '{print $4}')<br /> #echo "add: "$fip<br /> if ! [[ "${iparr[@]}" =~ "i${fip}i" ]]; then<br /> #echo "remove from good" $fip<br /> newline=";"$f1<br /> #echo "new: "$newline<br /> fi<br /> fi<br /> echo $newline >> $outfile<br /> done<br /> cat $outfile > $zname<br /> }<br /> <br /> IFS='<br /> '<br /> <br /> #zone="eye-t.co.il"<br /> getzones<br /> #echo $zones<br /> <br /> #if [ ! -d $backupdir ]; then<br /> # echo "nofolder"<br /> # mkdir $backupdir<br /> #fi<br /> <br /> curdate=$(date +"%Y%m%d-%H%M%S")<br /> <br /> #echo $curdate<br /> <br /> for zone in "${zones[@]}"<br /> do<br /> changed=0<br /> toblock=()<br /> toallow=()<br /> <br /> parsezone $zone<br /> #echo $fname<br /> findoffs $fname<br /> #echo "change: " $changed<br /> #echo "good: " ${iparr[@]}<br /> #echo "bad: " ${ipbad[@]}<br /> if [[ $changed > 0 ]]; then<br /> if [ ! -d $backupdir/$curdate ]; then<br /> mkdir $backupdir/$curdate -p<br /> fi<br /> echo "zone: " $zone "changed!!!"<br /> cp $fname $backupdir/$curdate/<br /> updatezone $zone $fname<br /> fi<br /> done<br /> <br /> <br /> <br /> == Get all CFS users ==<br /> <br /> After login, save the cookie.<br /> <br /> Get all organizations:<br /> curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/groups?size=500&sortBy=name&sortAsc=true&filter=&from="|jq -r '(map(values))[]'|grep "\"id"|cut -d"\"" -f4<br /> <br /> Get users of an organization:<br /> curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/group/$i"|jq -r '(map(values))[]'|grep "email"|cut -d"\"" -f4<br /> <br /> Get full list of all users:<br /> IFS=$'\n' ; for i in `curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/groups?size=500&sortBy=name&sortAsc=true&filter=&from="|jq -r '(map(values))[]'|grep "\"id"|cut -d"\"" -f4`; do z=$(echo $i|sed 's/ /%20/g') ; curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/group/$z"|jq -r '(map(values))[]'|grep "email"|cut -d"\"" -f4;done<br /> <br /> <br /> <br /> <br /> == Clone servers ==<br /> <br /> #!/bin/bash<br /> ########################################### README ###########################################################################<br /> ## make sure to use followin jq binary: https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 <br /> ## before running the script change, parameters in settings and copy ssh key to all haproxies<br /> ## made for web servers only , modify the function if you wish to use for different balancing modes<br /> #####################################################################################################################################<br /> <br /> while [ -z $numbers ];do<br /> <br /> read -p "How many servers you want to clone?: " numbers<br /> <br /> done<br /> <br /> cloneServer () {<br /> <br /> ################ Settings ################<br /> src="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"<br /> clientId="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"<br /> secret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"<br /> haproxy1="xxx.xxx.xx.xx"<br /> haproxy2="xxx.xxx.xxx.xx"<br /> prefix="web"<br /> domainsuff="example.com"<br /> dc="IL"<br /> cpu="1D"<br /> billing="hourly"<br /> power="on"<br /> port="80" <br /> ############### END SETTINGS #############<br /> <br /> NC='\033[0m'<br /> GREEN='\033[0;32m'<br /> YELLOW='\033[0;33m'<br /> <br /> last=$(curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" "https://api.cloudwm.com/service/servers" | jq '.[] | select( .datacenter | contains("'"${dc}"'"))' | jq '. | select( .name | startswith("'"${prefix}"'")) | .name' | cut -d'_' -f1 | grep -Eo '[0-9]{1,9}' | tail -1)<br /> <br /> name="${prefix}$((last+1)).${domainsuff}"<br /> <br /> lastname="${prefix}${last}.${domainsuff}"<br /> <br /> <br /> curl -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" -X POST -d "source=${src}&name=${name}&cpu=${cpu}&billing=${billing}&power=${power}" "https://console.clubvps.com/service/server"<br /> <br /> echo ""<br /> <br /> while [ -z "$newserverid" ] ;do<br /> <br /> newserverid=$(curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" "https://api.cloudwm.com/service/servers" | jq '.[] | select( .datacenter | contains("'"${dc}"'"))' | jq '. | select( .name | startswith("'"${name}"'")) | .id' | cut -d'"' -f2 | tail -1)<br /> <br /> sleep 5<br /> <br /> echo -e ${YELLOW}Waiting for new server named: ${GREEN}${name}${NC} ${YELLOW}to clone${NC}<br /> <br /> done<br /> <br /> newserverip=`curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" "https://api.cloudwm.com/service/server/${newserverid}" | jq '.networks[].ips[]' | cut -d'"' -f2`<br /> <br /> echo -e created new server named: ${GREEN}${name}${NC} with the ip: ${GREEN}${newserverip}${NC}<br /> <br /> echo -e ${GREEN}updating haproxies${NC}<br /> <br /> <br /> ssh root@${haproxy1} 'export '"lastname=$lastname"' && lastad=$(cat /etc/haproxy/haproxy.cfg | grep -e $lastname) && echo sed -i \"/${lastad}/a server '"${name}"' '"${newserverip}"':'"${port}"' check\" /etc/haproxy/haproxy.cfg > cmd.txt | cat cmd.txt|bash && service haproxy reload'<br /> ssh root@${haproxy1} 'export '"lastname=$lastname"' && lastad=$(cat /etc/haproxy/haproxy.cfg | grep -e $lastname) && echo sed -i \"/${lastad}/a server '"${name}"' '"${newserverip}"':'"${port}"' check\" /etc/haproxy/haproxy.cfg > cmd.txt | cat cmd.txt|bash && service haproxy reload'<br /> <br /> sleep 5<br /> echo -e ${GREEN}done${NC}<br /> <br /> <br /> <br /> }<br /> <br /> while [ $numbers -gt 0 ];<br /> do<br /> <br /> cloneServer;<br /> <br /> numbers=$(($numbers-1))<br /> <br /> done<br /> <br /> <br /> <br /> == Fix Centos 5 Repos ==<br /> <br /> rel=$(lsb_release -d | egrep -o '[0-9]\.[0-9]{1,2}')<br /> file="/etc/yum.repos.d/CentOS-Base.repo"<br /> sed -i.bak 's/mirror.centos.org\/centos\/$releasever/vault.centos.org\/'"$rel"'/g' $file<br /> sed -i 's/\#baseurl/baseurl/g' $file<br /> sed -i 's/mirror=*/\#mirrorlist=*/g' $file<br /> <br /> <br /> Long version:<br /> <br /> echo y | cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak<br /> rel=$(lsb_release -d | egrep -o '[0-9]\.[0-9]{1,2}')<br /> sed -i 's/\#baseurl=http:\/\/mirror.centos.org\/centos\/$releasever\/os\/$basearch\//baseurl=http:\/\/vault.centos.org\/'"$rel"'\/os\/$basearch/g' /etc/yum.repos.d/CentOS-Base.repo<br /> sed -i 's/\#baseurl=http:\/\/mirror.centos.org\/centos\/$releasever\/updates\/$basearch\//baseurl=http:\/\/vault.centos.org\/'"$rel"'\/updates\/$basearch/g' /etc/yum.repos.d/CentOS-Base.repo<br /> sed -i 's/\#baseurl=http:\/\/mirror.centos.org\/centos\/$releasever\/extras\/$basearch\//baseurl=http:\/\/vault.centos.org\/'"$rel"'\/extras\/$basearch/g' /etc/yum.repos.d/CentOS-Base.repo<br /> sed -i 's/\#baseurl=http:\/\/mirror.centos.org\/centos\/$releasever\/centosplus\/$basearch\//baseurl=http:\/\/vault.centos.org\/'"$rel"'\/centosplus\/$basearch/g' /etc/yum.repos.d/CentOS-Base.repo<br /> sed -i 's/\#baseurl=http:\/\/mirror.centos.org\/centos\/$releasever\/contrib\/$basearch\//baseurl=http:\/\/vault.centos.org\/'"$rel"'\/contrib\/$basearch/g' /etc/yum.repos.d/CentOS-Base.repo<br /> sed -i 's/\mirror=*/\#mirrorlist=*/g' /etc/yum.repos.d/CentOS-Base.repo</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Dockers&diff=62 Dockers 2019-02-11T14:16:04Z

<p>Meadmin: </p> <hr /> <div><br /> <br /> == Show all containers ==<br /> <br /> docker ps -a<br /> <br /> <br /> == Create mysql Docker with mapping to host ==<br /> <br /> docker run --name mysqldb -v /data/mysql:/var/lib/mysql -e MYSQL_ROOT_PASSWORD="qweQWE123" -p 3306:3306 -it mysql/mysql-server:5.7<br /> <br /> <br /> == SSH to a container ==<br /> <br /> docker exec -it mysqldb "bash"<br /> <br /> <br /> == exit container without closing ==<br /> <br /> crtl+shift+D<br /> <br /> <br /> == container specific logs (to view the output of commands running in container) ==<br /> docker logs mysqldb <br /> <br /> == Create volume and map container to it ==<br /> <br /> docker volume create vol1<br /> docker run --name mysqldb_map -v vol1:/var/lib/mysql -e MYSQL_ROOT_PASSWORD="qweQWE123" -p 3306:3306 -it mysql/mysql-server:5.7<br /> <br /> <br /> == view details for specific docker ==<br /> <br /> docker inspect mysqldb_map <br /> <br /> <br /> == rename a container ==<br /> <br /> docker rename CONTAINER NEW_NAME<br /> <br /> <br /> == copy files into docker container ==<br /> <br /> docker cp 1.txt mycontainer:/1.txt<br /> <br /> <br /> <br /> == run docker to map port 9000 to forward 3306 ==<br /> <br /> docker run -d -p 3306:9000 dockercloud/mysql<br /> <br /> <br /> == Allow outbound forwarding for the container to the world ==<br /> <br /> on the host server run the following command:<br /> sysctl net.ipv4.conf.all.forwarding=1<br /> iptables -P FORWARD ACCEPT</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Main_Page&diff=61 Main Page 2019-02-11T12:01:49Z

<p>Meadmin: /* List of content */</p> <hr /> <div><br /> == List of content ==<br /> <br /> [[Windows]]<br /> <br /> [[Linux]]<br /> <br /> [[Dbs]]<br /> <br /> [[Mails]]<br /> <br /> [[Exim]]<br /> <br /> [[Dockers]]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Dockers&diff=60 Dockers 2019-02-11T12:01:24Z

<p>Meadmin: Created page with " == Show all containers == docker ps -a == Create mysql Docker with mapping to host == docker run --name mysqldb -v /data/mysql:/var/lib/mysql -e MYSQL_ROOT_PASSWORD="q..."</p> <hr /> <div><br /> <br /> == Show all containers ==<br /> <br /> docker ps -a<br /> <br /> <br /> == Create mysql Docker with mapping to host ==<br /> <br /> docker run --name mysqldb -v /data/mysql:/var/lib/mysql -e MYSQL_ROOT_PASSWORD="qweQWE123" -p 3306:3306 -it mysql/mysql-server:5.7<br /> <br /> <br /> == SSH to a container ==<br /> <br /> docker exec -it mysqldb "bash"<br /> <br /> <br /> == Create volume and map container to it ==<br /> <br /> docker volume create vol1<br /> docker run --name mysqldb_map -v vol1:/var/lib/mysql -e MYSQL_ROOT_PASSWORD="qweQWE123" -p 3306:3306 -it mysql/mysql-server:5.7</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Linux&diff=59 Linux 2019-02-06T05:52:27Z

<p>Meadmin: </p> <hr /> <div><br /> == Wordpress login attack check ==<br /> <br /> '''Crontab :'''<br /> 0 */6 * * * sh /root/wplogin.sh<br /> <br /> '''Script :'''<br /> #!/bin/bash<br /> <br /> ###start editing<br /> thold="100"<br /> btime="359m"<br /> ###stop editing<br /> <br /> egrep 'wp-login.php' /usr/local/apache/domlogs/* | grep -v ftp_log | awk -F : '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | awk -v limit="$thold" '$1 > limit{print $2}' > $$_ip_$$<br /> <br /> while IFS= read -r line<br /> do<br /> /usr/sbin/csf -td "$line" "$btime" "banned for wordpress attack"<br /> done < $$_ip_$$<br /> rm -f $$_ip_$$<br /> <br /> == Prevent OOM killer ==<br /> <br /> '''Edit file /etc/sysctl.conf'''<br /> <br /> vm.overcommit_memory = 2 <br /> vm.overcommit_ratio = 100<br /> <br /> In case of bad memory usage (php out of memory) use this settings:<br /> <br /> vm.overcommit_memory = 0<br /> vm.overcommit_ratio = 80<br /> <br /> == Who is using SWAP ==<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5<br /> <br /> Print with the process command:<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5|awk -F'/' '{cmd="cat /proc/" $3 "/cmdline"; cmd|getline var; close (cmd); printf $0 "\t"; print var}' <br /> <br /> == Plesk on CentOS 12 bind fix ==<br /> <br /> The problem was nginx was attempting to bind to port 443 before the IP was initialized.<br /> <br /> To fix edit the /etx/sysctl.conf file and add <br /> net.ipv4.ip_nonlocal_bind = 1<br /> <br /> == WHM replica ==<br /> <br /> rsync -avz 192.168.1.122:/home/ /home/ --exclude="virtfs" --exclude="\.cp*" --exclude="cpeasyapache" <br /> rsync -avz 192.168.1.122:/usr/local/apache/conf/ /usr/local/apache/conf/<br /> rsync -avz 192.168.1.122:/var/named/ /var/named/<br /> rsync -avz 192.168.1.122:/usr/local/cpanel/ /usr/local/cpanel/<br /> rsync -avz 192.168.1.122:/var/cpanel/ /var/cpanel<br /> <br /> chkconfig cpanel off<br /> chkconfig exim off<br /> chkconfig dovecot off<br /> chkconfig pure-ftpd off<br /> chkconfig named off<br /> chkconfig mysql off<br /> chkconfig csf off<br /> chkconfig iptables off<br /> <br /> hostname: /etc/sysconfig/network<br /> <br /> change shared ip - You can change it in /etc/wwwacct.conf infront of ADDR parameter.<br /> change ip - Usage: /usr/local/cpanel/bin/setsiteip [-u user | domain] ip (/etc/trueuserowners)<br /> rebuild httpd conf<br /> restart apache<br /> <br /> == Apache memory usage ==<br /> <br /> ps -ylC httpd | awk '{x += $8;y += 1} END {print "Apache Memory Usage (MB): "x/1024; print "Average Proccess Size (MB): "x/((y-1)*1024)}'<br /> <br /> <br /> == Wordpress pingback ==<br /> <br /> Nginx:<br /> <br /> # WordPress Pingback Request Denial<br /> if ($http_user_agent ~* "WordPress") {<br /> return 403;<br /> }<br /> <br /> Apache:<br /> <br /> BrowserMatchNoCase WordPress wordpress_ping<br /> BrowserMatchNoCase Wordpress wordpress_ping<br /> Order Deny,Allow<br /> Deny from env=wordpress_ping<br /> <br /> == Find big files and folders ==<br /> <br /> find / -mount -type f -print0 2>/dev/null | xargs -0 du 2>/dev/null | grep -v "virtfs" | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> find / -mount -type d -print0 2>/dev/null | xargs -0 du 2>/dev/null | grep -v "virtfs" | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> du -sh /var/cpanel/user_notifications && du -sh /backup/cpbackup/*/dirs/_var_cpanel/user_notifications<br /> <br /> == Rebuild Sophos when disk full ==<br /> <br /> /etc/init.d/postgresql92 rebuild<br /> <br /> On older versions:<br /> /var/mdw/scripts/smtp stop<br /> dropdb -U postgres smtp<br /> createdb -U postgres smtp<br /> /var/mdw/scripts/smtp start<br /> <br /> == Clear allowed networks on Sophos ==<br /> <br /> Login to the Sophos<br /> Type ‘cc’<br /> In cc, you’ll be in MAIN, if not, type ‘MAIN’<br /> Type ‘webadmin'<br /> Type ‘allowed_networks@'<br /> =['REF_NetworkAny']<br /> <br /> <br /> == Most accessed sites in the last minute ==<br /> <br /> cat <<'SCRIPT' >>/root/sitesLoad.sh<br /> <br /> #!/bin/bash<br /> <nowiki>if [[ `netstat -ntalp | grep :80 | awk '$4 ~ /:80/ {print $0;exit}' | grep -q httpd; echo $?` -ne 0 ]]; then echo "Main web server is not Apache. Exiting..."; exit 1; fi</nowiki><br /> <br /> log=/tmp/hostPop<br /> i=0<br /> find /usr/local/apache/domlogs/ -type f -mmin -1 ! -group root -exec ls -l {} \+ | awk '{print $4, $9}' | column -t>$log<br /> <br /> while read line; do<br /> ((++i))<br /> arr[$i]=$i<br /> arr[$i*1000]=$(printf "$line" | awk '{print $1}')<br /> arr[$i*1001]=$(printf "$line" | awk '{print $2}')<br /> arr[$i*1002]=$(wc -l `echo $line | awk '{print $NF}'` | cut -d' ' -f 1)<br /> done < <(cat $log)<br /> <br /> echo "Analyzing apache logs in realtime for 1 minute..."; sleep 60<br /> <br /> for (( var=1 ; var<=$i ; var++ ))<br /> do<br /> printf "${arr[$var*1000]} ${arr[$var*1001]} "<br /> echo $((`wc -l $(echo ${arr[$var*1001]}) | cut -d' ' -f 1` - ${arr[$var*1002]}));<br /> done | sed -e 's/\/usr\/local\/apache\/domlogs\///g' | sort -nrk 3 | column -t<br /> <br /> SCRIPT<br /> chmod 700 /root/sitesLoad.sh && /root/sitesLoad.sh<br /> <br /> == PHP.INI upload big files ==<br /> <br /> ini_set('upload_max_filesize', '10M');<br /> ini_set('post_max_size', '10M');<br /> ini_set('max_input_time', 300);<br /> ini_set('max_execution_time', 300);<br /> <br /> <br /> == Change permissions (chmod) to folders and files ==<br /> <br /> find . -type d -exec chmod 755 {} + <br /> find . -type f -exec chmod 644 {} + <br /> <br /> == Disable IPv6 ==<br /> <br /> For current session:<br /> echo 1 > /proc/sys/net/ipv6/conf/<interface-name>/disable_ipv6<br /> echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6<br /> <br /> Permanent:<br /> vi /etc/sysctl.conf<br /> net.ipv6.conf.all.disable_ipv6 = 1<br /> sudo sysctl -p /etc/sysctl.conf<br /> <br /> == Virtual box boot from USB ==<br /> VBoxManage internalcommands createrawvmdk -filename C:\usb.vmdk -rawdisk \\.\PhysicalDrive#<br /> <br /> <br /> == CSF GUI on ISPCONFIG 3 ==<br /> Install old CSF (before 8.13)<br /> <br /> Copy the ISPCONFIG folder to /etc/csf/ and enable CSF in ISPCONFIG<br /> <br /> Backup csfui* files<br /> <br /> Upgrade CSF<br /> <br /> Copy backuped csfui* files back<br /> <br /> Run the following commands:<br /> sed -i 's/checkip/ConfigServer::CheckIP::checkip/g' /usr/local/csf/bin/csfui.pl<br /> sed -i 's/sanity(/ConfigServer::Sanity::sanity(/g' /usr/local/csf/bin/csfui.pl<br /> <br /> <br /> == Max connections on Linux ==<br /> <br /> Add to /etc/sysctl.conf:<br /> <br /> fs.file-max = 70000<br /> net.ipv4.tcp_tw_recycle=0<br /> net.ipv4.tcp_fin_timeout = 10<br /> net.ipv4.ip_local_port_range = 15000 61000<br /> net.core.somaxconn = 1024<br /> net.core.netdev_max_backlog = 2000<br /> <br /> == CSF configuration ==<br /> <br /> ## Automated configuration:<br /> <br /> sed -i 's/TESTING = "1"/TESTING = "0"/' /etc/csf/csf.conf<br /> sed -i 's/RESTRICT_SYSLOG = "0"/RESTRICT_SYSLOG = "3"/' /etc/csf/csf.conf<br /> sed -i 's/IPV6 = "1"/IPV6 = "0"/' /etc/csf/csf.conf<br /> sed -i 's/IGNORE_ALLOW = "0"/IGNORE_ALLOW = "1"/' /etc/csf/csf.conf<br /> sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;70"/' /etc/csf/csf.conf<br /> sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;100;1,443;tcp;100;5"/' /etc/csf/csf.conf<br /> sed -i 's/CT_LIMIT = "0"/CT_LIMIT = "300"/' /etc/csf/csf.conf<br /> <br /> ## Disable LFD alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/LF_EMAIL_ALERT = "1"/LF_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SSH_EMAIL_ALERT = "1"/LF_SSH_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SU_EMAIL_ALERT = "1"/LF_SU_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_WEBMIN_EMAIL_ALERT = "1"/LF_WEBMIN_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_CONSOLE_EMAIL_ALERT = "1"/LF_CONSOLE_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LT_EMAIL_ALERT = "1"/LT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/CT_EMAIL_ALERT = "1"/CT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PS_EMAIL_ALERT = "1"/PS_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> <br /> ## Disable PT alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/PT_USERPROC = "10"/PT_USERPROC = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERMEM = "256"/PT_USERMEM = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERTIME = "1800"/PT_USERTIME = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERKILL_ALERT = "1"/PT_USERKILL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_LOAD = "30"/PT_LOAD = "0"/' /etc/csf/csf.conf<br /> <br /> <br /> == Rescan drives ==<br /> <br /> echo "- - -" > /sys/class/scsi_host/host0/scan<br /> <br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> <br /> <br /> == Find PTR owner - reversal ==<br /> <br /> dig 0.168.192.in-addr.arpa. NS<br /> <br /> <br /> == Fix locales in Ubuntu ==<br /> locale-gen en_US.UTF-8<br /> dpkg-reconfigure locales<br /> <br /> <br /> == Change permissions to all files and folders ==<br /> chown `stat -c %U .`.`stat -c %U .` * -R<br /> <br /> == Open last edited file ==<br /> less `ls -dx1tr /usr/local/cpanel/logs/cpbackup/*|tail -1`<br /> <br /> == Clear cache and swap ==<br /> echo 3 > /proc/sys/vm/drop_caches && swapoff -a && swapon -a<br /> <br /> == Disable core files in CPanel accounts ==<br /> <br /> Add this in /etc/sysctl.conf<br /> kernel.core_uses_pid = 0<br /> kernel.core_pattern = /dev/null<br /> <br /> And run:<br /> sysctl -p<br /> <br /> == Add HSTS support in CPANEL ==<br /> cp -p /var/cpanel/templates/apache2_4/ssl_vhost.default /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> vi /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> <br /> Edit:<br /> <VirtualHost[% FOREACH ipblock IN vhost.ips %] [% ipblock.ip %]:[% ipblock.port %][% END %]><br /> # Enable HTTP Strict Transport Security<br /> Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"<br /> <br /> cp -p /var/cpanel/templates/apache2_4/main.default /var/cpanel/templates/apache2_4/main.local<br /> vi /var/cpanel/templates/apache2_4/main.local<br /> <br /> Edit:<br /> [% IF main.sslprotocol.item.sslprotocol.length %]SSLProtocol [% main.sslprotocol.item.sslprotocol %][% END %]<br /> SSLHonorCipherOrder on<br /> <br /> Run:<br /> /scripts/rebuildhttpdconf<br /> service httpd restart<br /> <br /> <br /> == Install mod_pagespeed on WHM ==<br /> <br /> With EA3:<br /> /usr/local/cpanel/3rdparty/bin/git clone https://github.com/pagespeed/cpanel.git /tmp/pagespeed/<br /> cd /tmp/pagespeed/Easy<br /> tar -zcvf Speed.pm.tar.gz pagespeed<br /> mkdir -p /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy<br /> mv Speed.pm Speed.pm.tar.gz -t /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy/<br /> cd && rm -rf /tmp/pagespeed<br /> <br /> With EA4:<br /> <br /> Create file /etc/rpm/macros.apache2 and add the following lines of code exactly as below<br /> %_httpd_mmn 20120211x8664<br /> %_httpd_apxs /usr/bin/apxs<br /> %_httpd_dir /etc/apache2<br /> %_httpd_bindir %{_httpd_dir}/bin<br /> %_httpd_modconfdir %{_httpd_dir}/conf.modules.d<br /> %_httpd_confdir %{_httpd_dir}/conf.d<br /> %_httpd_contentdir /usr/share/apache2<br /> %_httpd_moddir /usr/lib64/apache2/modules<br /> <br /> Next run the following commands in order, make sure you run each command on it’s own<br /> rm -rf /root/rpmbuild/RPMS/x86_64/<br /> wget https://github.com/pagespeed/cpanel/raw/master/EA4/ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpmbuild --rebuild ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpm -Uvh /root/rpmbuild/RPMS/x86_64/ea-apache24-mod_pagespeed*.rpm<br /> /etc/init.d/httpd restart<br /> <br /> <br /> == Resize root partition without reboot ==<br /> <br /> Resize HD size in VC<br /> Run: (replace the device if needed)<br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> run fdisk:<br /> print the old partition and save the output<br /> delete the root partition<br /> create a new partition using the SAME start block and make sure that the end block is higher than previous one (enter, enter, enter…)<br /> write changes (ignore error)<br /> run:<br /> partx -u /dev/sda<br /> resize2fs -f /dev/sda3<br /> Make sure everything is OK:<br /> df -h<br /> <br /> <br /> == Delete files with a large file list - Argument list too long ==<br /> find . -name '*'|xargs rm<br /> <br /> <br /> == Show all domains in NGINX configuration ==<br /> <br /> grep -e "^\s*server_name" /etc/nginx/conf.d/*|sed -e 's/[\t ]*server_name//g;'|sed -e "s/ /\+/g"|sed -e 's/;//g'|while read line; do for i in $line; do echo -n "$i "|sed -e 's/://' -e 's/\+/\n |--/g'; done ;echo; done; echo<br /> <br /> <br /> == Kill process that runs more than X time ==<br /> <br /> Kill cgi after 30 secs:<br /> for i in `ps -eo pid,etime,cmd|grep cgi|awk '$2 > "00:30" {print $1}'`; do kill $i; done<br /> <br /> <br /> == Unblock Invalid packets in CSF ==<br /> # Drop out of order packets and packets in an INVALID state in iptables<br /> # connection tracking<br /> PACKET_FILTER = "0"<br /> <br /> <br /> == Who uses RAM ==<br /> <br /> ps aux | awk '{print $6/1024 " MB\t\t" $11}' | sort -n<br /> <br /> <br /> <br /> == Fix WHM/CPanel templates ==<br /> <br /> cp /usr/local/apache/conf/httpd.conf{,.cptech-`date +%Y%m%d`}<br /> mv /var/cpanel/templates/apache2_4/vhost.local /var/cpanel/templates/apache2_4/vhost.local.bak<br /> mv /var/cpanel/templates/apache2_4/ssl_vhost.local /var/cpanel/templates/apache2_4/ssl_vhost.local.bak<br /> /scripts/rebuildhttpdconf<br /> /scripts/restartsrv_httpd<br /> <br /> <br /> <br /> == Fix NFS mount on boot - Centos 7 ==<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-idmap.service<br /> [Install]<br /> WantedBy=multi-user.target<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-lock.service<br /> [Install]<br /> WantedBy=nfs.target<br /> <br /> Enable related services<br /> <br /> systemctl enable nfs-idmapd.service <br /> systemctl enable rpc-statd.service <br /> systemctl enable rpcbind.socket<br /> <br /> Reboot the server<br /> <br /> <br /> == Login to WHM with link ==<br /> <br /> whmapi1 create_user_session user=root service=whostmgrd locale=en<br /> <br /> <br /> <br /> == Update date and time on Linux server ==<br /> <br /> sudo ntpd -qg; sudo hwclock -w<br /> <br /> <br /> == Clone Linux user ==<br /> <br /> #!/bin/bash<br /> SRC=$1<br /> DEST=$2<br /> <br /> SRC_GROUPS=$(id -Gn ${SRC} | sed "s/${SRC} //g" | sed "s/ ${SRC}//g" | sed "s/ /,/g")<br /> SRC_SHELL=$(awk -F : -v name=${SRC} '(name == $1) { print $7 }' /etc/passwd)<br /> <br /> useradd --groups ${SRC_GROUPS} --shell ${SRC_SHELL} --create-home ${DEST}<br /> passwd ${DEST}<br /> <br /> <br /> == Reload VM after UUID change ==<br /> <br /> vim-cmd vmsvc/getallvms<br /> vim-cmd vmsvc/reload $vmID<br /> <br /> <br /> == Size of suspended accounts in WHM ==<br /> for i in `whmapi1 listsuspended|grep user|cut -d: -f2`; do echo "Suspended account: $i - using" `whmapi1 listaccts search=$i searchtype=user|grep diskused|cut -d: -f2`; done<br /> <br /> <br /> == Clear BOOT on Ubuntu when 100% ==<br /> dpkg --purge `dpkg --list|grep "linux-"|grep -v \`uname -r|sed 's/-generic//g'\`|cut -d" " -f3|grep "[0-9]-"|paste -sd " " -`<br /> <br /> <br /> == One-time login to wordpress ==<br /> <br /> Install wp cli:<br /> <br /> curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar<br /> chmod +x wp-cli.phar<br /> mv wp-cli.phar /usr/local/bin/wp<br /> <br /> Run from the WordPress installed location:<br /> <br /> useradmin=`wp user list --role=administrator --format=csv --allow-root | cut -d',' -f2 | head -2 | tail -1` && wp plugin install one-time-login --activate --allow-root && wp user one-time-login $useradmin --allow-root && user=$(stat -c "%U" `pwd`) && chown $user.$user wp-content/ -R<br /> <br /> <br /> == Cpanel resources consumption history per user ==<br /> <nowiki>OUT=$(/usr/local/cpanel/bin/dcpumonview | grep -v Top | sed -e 's#<[^>]*># #g' | while read i ; do NF=`echo $i | awk {'print NF'}` ; if [[ "$NF" == "5" ]] ; then USER=`echo $i | awk {'print $1'}`; OWNER=`grep -e "^OWNER=" /var/cpanel/users/$USER | cut -d= -f2` ; echo "$OWNER $i"; fi ; done) ; (echo "USER CPU" ; echo "$OUT" | sort -nrk4 | awk '{printf "%s %s%\n",$2,$4}' | head -5) | column -t ;echo;(echo -e "USER MEMORY" ; echo "$OUT" | sort -nrk5 | awk '{printf "%s %s%\n",$2,$5}' | head -5) | column -t ;echo;(echo -e "USER MYSQL" ; echo "$OUT" | sort -nrk6 | awk '{printf "%s %s%\n",$2,$6}' | head -5) | column -t ; </nowiki><br /> <br /> <br /> == Engintron generate custom_rules for all domains on the server. ==<br /> ip=`hostname -i` && for domain in `httpd -S | grep www. | awk -F 'www.' '{print $2}'`;do printf "if ( \$host ~ \"%s\") {set \$PROXY_DOMAIN_OR_IP \"$ip\";}\n" $domain ;done >> /etc/nginx/custom_rules && service nginx reload<br /> <br /> <br /> == Fix Installatron - error 500 or missing list/install ==<br /> /usr/local/installatron/repair -f --release --quick<br /> [https://installatron.com/docs/admin/troubleshooting#missinginstalls Installatron FIX]<br /> <br /> <br /> == Find root of a site and CD to it ==<br /> <br /> Replace domain.com with desired domain<br /> cd `grep "domain.com" /etc/apache2/conf/httpd.conf -A7|grep Root|head -1|awk '{print $2}'`<br /> <br /> <br /> == Generate CSR with OPENSSL ==<br /> <br /> Generate key:<br /> openssl genrsa -out private.key 2048<br /> <br /> Gemnerate CSR:<br /> openssl req -new -sha256 -key private.key -out mycsr.csr<br /> <br /> == Links ==<br /> Installing Redis: [https://troubleshootguru.wordpress.com/2014/11/19/how-to-install-redis-on-a-centos-6-5-centos-7-0-server-2/] [https://www.fastcomet.com/community/question/wordpress-caching-with-redis-centos-cpanel/] [https://nixtree.com/blog/install-redis-daemon-and-redis-php-extention-on-centosrhelcpanel/]<br /> <br /> Windows images [http://torrent-win.net/windows_original/]<br /> <br /> Github: [https://github.com/romanost Github]<br /> <br /> Arista: [https://www.arista.com/assets/data/docs/Manuals/EOS-4.17.0F-Manual.pdf Manual] [https://www.arista.com/en/um-eos/eos-section-3-10-command-line-interface-commands CLI]<br /> <br /> VMware converter old version [http://soft.assenov.net/software/index.php?dir=VMWare/ Link]<br /> <br /> GEOip on EA4 [https://grepitout.com/install-mod_geoip-cpanel-easyapache-4/ link]<br /> <br /> PHP Malware finder [https://github.com/nbs-system/php-malware-finder link]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Linux&diff=58 Linux 2018-12-26T09:54:38Z

<p>Meadmin: </p> <hr /> <div><br /> == Wordpress login attack check ==<br /> <br /> '''Crontab :'''<br /> 0 */6 * * * sh /root/wplogin.sh<br /> <br /> '''Script :'''<br /> #!/bin/bash<br /> <br /> ###start editing<br /> thold="100"<br /> btime="359m"<br /> ###stop editing<br /> <br /> egrep 'wp-login.php' /usr/local/apache/domlogs/* | grep -v ftp_log | awk -F : '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | awk -v limit="$thold" '$1 > limit{print $2}' > $$_ip_$$<br /> <br /> while IFS= read -r line<br /> do<br /> /usr/sbin/csf -td "$line" "$btime" "banned for wordpress attack"<br /> done < $$_ip_$$<br /> rm -f $$_ip_$$<br /> <br /> == Prevent OOM killer ==<br /> <br /> '''Edit file /etc/sysctl.conf'''<br /> <br /> vm.overcommit_memory = 2 <br /> vm.overcommit_ratio = 100<br /> <br /> In case of bad memory usage (php out of memory) use this settings:<br /> <br /> vm.overcommit_memory = 0<br /> vm.overcommit_ratio = 80<br /> <br /> == Who is using SWAP ==<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5<br /> <br /> Print with the process command:<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5|awk -F'/' '{cmd="cat /proc/" $3 "/cmdline"; cmd|getline var; close (cmd); printf $0 "\t"; print var}' <br /> <br /> == Plesk on CentOS 12 bind fix ==<br /> <br /> The problem was nginx was attempting to bind to port 443 before the IP was initialized.<br /> <br /> To fix edit the /etx/sysctl.conf file and add <br /> net.ipv4.ip_nonlocal_bind = 1<br /> <br /> == WHM replica ==<br /> <br /> rsync -avz 192.168.1.122:/home/ /home/ --exclude="virtfs" --exclude="\.cp*" --exclude="cpeasyapache" <br /> rsync -avz 192.168.1.122:/usr/local/apache/conf/ /usr/local/apache/conf/<br /> rsync -avz 192.168.1.122:/var/named/ /var/named/<br /> rsync -avz 192.168.1.122:/usr/local/cpanel/ /usr/local/cpanel/<br /> rsync -avz 192.168.1.122:/var/cpanel/ /var/cpanel<br /> <br /> chkconfig cpanel off<br /> chkconfig exim off<br /> chkconfig dovecot off<br /> chkconfig pure-ftpd off<br /> chkconfig named off<br /> chkconfig mysql off<br /> chkconfig csf off<br /> chkconfig iptables off<br /> <br /> hostname: /etc/sysconfig/network<br /> <br /> change shared ip - You can change it in /etc/wwwacct.conf infront of ADDR parameter.<br /> change ip - Usage: /usr/local/cpanel/bin/setsiteip [-u user | domain] ip (/etc/trueuserowners)<br /> rebuild httpd conf<br /> restart apache<br /> <br /> == Apache memory usage ==<br /> <br /> ps -ylC httpd | awk '{x += $8;y += 1} END {print "Apache Memory Usage (MB): "x/1024; print "Average Proccess Size (MB): "x/((y-1)*1024)}'<br /> <br /> <br /> == Wordpress pingback ==<br /> <br /> Nginx:<br /> <br /> # WordPress Pingback Request Denial<br /> if ($http_user_agent ~* "WordPress") {<br /> return 403;<br /> }<br /> <br /> Apache:<br /> <br /> BrowserMatchNoCase WordPress wordpress_ping<br /> BrowserMatchNoCase Wordpress wordpress_ping<br /> Order Deny,Allow<br /> Deny from env=wordpress_ping<br /> <br /> == Find big files and folders ==<br /> <br /> find / -mount -type f -print0 2>/dev/null | xargs -0 du 2>/dev/null | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> find / -mount -type d -print0 2>/dev/null | xargs -0 du 2>/dev/null | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> du -sh /var/cpanel/user_notifications && du -sh /backup/cpbackup/*/dirs/_var_cpanel/user_notifications<br /> <br /> == Rebuild Sophos when disk full ==<br /> <br /> /etc/init.d/postgresql92 rebuild<br /> <br /> On older versions:<br /> /var/mdw/scripts/smtp stop<br /> dropdb -U postgres smtp<br /> createdb -U postgres smtp<br /> /var/mdw/scripts/smtp start<br /> <br /> == Clear allowed networks on Sophos ==<br /> <br /> Login to the Sophos<br /> Type ‘cc’<br /> In cc, you’ll be in MAIN, if not, type ‘MAIN’<br /> Type ‘webadmin'<br /> Type ‘allowed_networks@'<br /> =['REF_NetworkAny']<br /> <br /> <br /> == Most accessed sites in the last minute ==<br /> <br /> cat <<'SCRIPT' >>/root/sitesLoad.sh<br /> <br /> #!/bin/bash<br /> <nowiki>if [[ `netstat -ntalp | grep :80 | awk '$4 ~ /:80/ {print $0;exit}' | grep -q httpd; echo $?` -ne 0 ]]; then echo "Main web server is not Apache. Exiting..."; exit 1; fi</nowiki><br /> <br /> log=/tmp/hostPop<br /> i=0<br /> find /usr/local/apache/domlogs/ -type f -mmin -1 ! -group root -exec ls -l {} \+ | awk '{print $4, $9}' | column -t>$log<br /> <br /> while read line; do<br /> ((++i))<br /> arr[$i]=$i<br /> arr[$i*1000]=$(printf "$line" | awk '{print $1}')<br /> arr[$i*1001]=$(printf "$line" | awk '{print $2}')<br /> arr[$i*1002]=$(wc -l `echo $line | awk '{print $NF}'` | cut -d' ' -f 1)<br /> done < <(cat $log)<br /> <br /> echo "Analyzing apache logs in realtime for 1 minute..."; sleep 60<br /> <br /> for (( var=1 ; var<=$i ; var++ ))<br /> do<br /> printf "${arr[$var*1000]} ${arr[$var*1001]} "<br /> echo $((`wc -l $(echo ${arr[$var*1001]}) | cut -d' ' -f 1` - ${arr[$var*1002]}));<br /> done | sed -e 's/\/usr\/local\/apache\/domlogs\///g' | sort -nrk 3 | column -t<br /> <br /> SCRIPT<br /> chmod 700 /root/sitesLoad.sh && /root/sitesLoad.sh<br /> <br /> == PHP.INI upload big files ==<br /> <br /> ini_set('upload_max_filesize', '10M');<br /> ini_set('post_max_size', '10M');<br /> ini_set('max_input_time', 300);<br /> ini_set('max_execution_time', 300);<br /> <br /> <br /> == Change permissions (chmod) to folders and files ==<br /> <br /> find . -type d -exec chmod 755 {} + <br /> find . -type f -exec chmod 644 {} + <br /> <br /> == Disable IPv6 ==<br /> <br /> For current session:<br /> echo 1 > /proc/sys/net/ipv6/conf/<interface-name>/disable_ipv6<br /> echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6<br /> <br /> Permanent:<br /> vi /etc/sysctl.conf<br /> net.ipv6.conf.all.disable_ipv6 = 1<br /> sudo sysctl -p /etc/sysctl.conf<br /> <br /> == Virtual box boot from USB ==<br /> VBoxManage internalcommands createrawvmdk -filename C:\usb.vmdk -rawdisk \\.\PhysicalDrive#<br /> <br /> <br /> == CSF GUI on ISPCONFIG 3 ==<br /> Install old CSF (before 8.13)<br /> <br /> Copy the ISPCONFIG folder to /etc/csf/ and enable CSF in ISPCONFIG<br /> <br /> Backup csfui* files<br /> <br /> Upgrade CSF<br /> <br /> Copy backuped csfui* files back<br /> <br /> Run the following commands:<br /> sed -i 's/checkip/ConfigServer::CheckIP::checkip/g' /usr/local/csf/bin/csfui.pl<br /> sed -i 's/sanity(/ConfigServer::Sanity::sanity(/g' /usr/local/csf/bin/csfui.pl<br /> <br /> <br /> == Max connections on Linux ==<br /> <br /> Add to /etc/sysctl.conf:<br /> <br /> fs.file-max = 70000<br /> net.ipv4.tcp_tw_recycle=0<br /> net.ipv4.tcp_fin_timeout = 10<br /> net.ipv4.ip_local_port_range = 15000 61000<br /> net.core.somaxconn = 1024<br /> net.core.netdev_max_backlog = 2000<br /> <br /> == CSF configuration ==<br /> <br /> ## Automated configuration:<br /> <br /> sed -i 's/TESTING = "1"/TESTING = "0"/' /etc/csf/csf.conf<br /> sed -i 's/RESTRICT_SYSLOG = "0"/RESTRICT_SYSLOG = "3"/' /etc/csf/csf.conf<br /> sed -i 's/IPV6 = "1"/IPV6 = "0"/' /etc/csf/csf.conf<br /> sed -i 's/IGNORE_ALLOW = "0"/IGNORE_ALLOW = "1"/' /etc/csf/csf.conf<br /> sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;70"/' /etc/csf/csf.conf<br /> sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;100;1,443;tcp;100;5"/' /etc/csf/csf.conf<br /> sed -i 's/CT_LIMIT = "0"/CT_LIMIT = "300"/' /etc/csf/csf.conf<br /> <br /> ## Disable LFD alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/LF_EMAIL_ALERT = "1"/LF_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SSH_EMAIL_ALERT = "1"/LF_SSH_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SU_EMAIL_ALERT = "1"/LF_SU_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_WEBMIN_EMAIL_ALERT = "1"/LF_WEBMIN_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_CONSOLE_EMAIL_ALERT = "1"/LF_CONSOLE_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LT_EMAIL_ALERT = "1"/LT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/CT_EMAIL_ALERT = "1"/CT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PS_EMAIL_ALERT = "1"/PS_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> <br /> ## Disable PT alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/PT_USERPROC = "10"/PT_USERPROC = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERMEM = "256"/PT_USERMEM = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERTIME = "1800"/PT_USERTIME = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERKILL_ALERT = "1"/PT_USERKILL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_LOAD = "30"/PT_LOAD = "0"/' /etc/csf/csf.conf<br /> <br /> <br /> == Rescan drives ==<br /> <br /> echo "- - -" > /sys/class/scsi_host/host0/scan<br /> <br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> <br /> <br /> == Find PTR owner - reversal ==<br /> <br /> dig 0.168.192.in-addr.arpa. NS<br /> <br /> <br /> == Fix locales in Ubuntu ==<br /> locale-gen en_US.UTF-8<br /> dpkg-reconfigure locales<br /> <br /> <br /> == Change permissions to all files and folders ==<br /> chown `stat -c %U .`.`stat -c %U .` * -R<br /> <br /> == Open last edited file ==<br /> less `ls -dx1tr /usr/local/cpanel/logs/cpbackup/*|tail -1`<br /> <br /> == Clear cache and swap ==<br /> echo 3 > /proc/sys/vm/drop_caches && swapoff -a && swapon -a<br /> <br /> == Disable core files in CPanel accounts ==<br /> <br /> Add this in /etc/sysctl.conf<br /> kernel.core_uses_pid = 0<br /> kernel.core_pattern = /dev/null<br /> <br /> And run:<br /> sysctl -p<br /> <br /> == Add HSTS support in CPANEL ==<br /> cp -p /var/cpanel/templates/apache2_4/ssl_vhost.default /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> vi /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> <br /> Edit:<br /> <VirtualHost[% FOREACH ipblock IN vhost.ips %] [% ipblock.ip %]:[% ipblock.port %][% END %]><br /> # Enable HTTP Strict Transport Security<br /> Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"<br /> <br /> cp -p /var/cpanel/templates/apache2_4/main.default /var/cpanel/templates/apache2_4/main.local<br /> vi /var/cpanel/templates/apache2_4/main.local<br /> <br /> Edit:<br /> [% IF main.sslprotocol.item.sslprotocol.length %]SSLProtocol [% main.sslprotocol.item.sslprotocol %][% END %]<br /> SSLHonorCipherOrder on<br /> <br /> Run:<br /> /scripts/rebuildhttpdconf<br /> service httpd restart<br /> <br /> <br /> == Install mod_pagespeed on WHM ==<br /> <br /> With EA3:<br /> /usr/local/cpanel/3rdparty/bin/git clone https://github.com/pagespeed/cpanel.git /tmp/pagespeed/<br /> cd /tmp/pagespeed/Easy<br /> tar -zcvf Speed.pm.tar.gz pagespeed<br /> mkdir -p /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy<br /> mv Speed.pm Speed.pm.tar.gz -t /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy/<br /> cd && rm -rf /tmp/pagespeed<br /> <br /> With EA4:<br /> <br /> Create file /etc/rpm/macros.apache2 and add the following lines of code exactly as below<br /> %_httpd_mmn 20120211x8664<br /> %_httpd_apxs /usr/bin/apxs<br /> %_httpd_dir /etc/apache2<br /> %_httpd_bindir %{_httpd_dir}/bin<br /> %_httpd_modconfdir %{_httpd_dir}/conf.modules.d<br /> %_httpd_confdir %{_httpd_dir}/conf.d<br /> %_httpd_contentdir /usr/share/apache2<br /> %_httpd_moddir /usr/lib64/apache2/modules<br /> <br /> Next run the following commands in order, make sure you run each command on it’s own<br /> rm -rf /root/rpmbuild/RPMS/x86_64/<br /> wget https://github.com/pagespeed/cpanel/raw/master/EA4/ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpmbuild --rebuild ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpm -Uvh /root/rpmbuild/RPMS/x86_64/ea-apache24-mod_pagespeed*.rpm<br /> /etc/init.d/httpd restart<br /> <br /> <br /> == Resize root partition without reboot ==<br /> <br /> Resize HD size in VC<br /> Run: (replace the device if needed)<br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> run fdisk:<br /> print the old partition and save the output<br /> delete the root partition<br /> create a new partition using the SAME start block and make sure that the end block is higher than previous one (enter, enter, enter…)<br /> write changes (ignore error)<br /> run:<br /> partx -u /dev/sda<br /> resize2fs -f /dev/sda3<br /> Make sure everything is OK:<br /> df -h<br /> <br /> <br /> == Delete files with a large file list - Argument list too long ==<br /> find . -name '*'|xargs rm<br /> <br /> <br /> == Show all domains in NGINX configuration ==<br /> <br /> grep -e "^\s*server_name" /etc/nginx/conf.d/*|sed -e 's/[\t ]*server_name//g;'|sed -e "s/ /\+/g"|sed -e 's/;//g'|while read line; do for i in $line; do echo -n "$i "|sed -e 's/://' -e 's/\+/\n |--/g'; done ;echo; done; echo<br /> <br /> <br /> == Kill process that runs more than X time ==<br /> <br /> Kill cgi after 30 secs:<br /> for i in `ps -eo pid,etime,cmd|grep cgi|awk '$2 > "00:30" {print $1}'`; do kill $i; done<br /> <br /> <br /> == Unblock Invalid packets in CSF ==<br /> # Drop out of order packets and packets in an INVALID state in iptables<br /> # connection tracking<br /> PACKET_FILTER = "0"<br /> <br /> <br /> == Who uses RAM ==<br /> <br /> ps aux | awk '{print $6/1024 " MB\t\t" $11}' | sort -n<br /> <br /> <br /> <br /> == Fix WHM/CPanel templates ==<br /> <br /> cp /usr/local/apache/conf/httpd.conf{,.cptech-`date +%Y%m%d`}<br /> mv /var/cpanel/templates/apache2_4/vhost.local /var/cpanel/templates/apache2_4/vhost.local.bak<br /> mv /var/cpanel/templates/apache2_4/ssl_vhost.local /var/cpanel/templates/apache2_4/ssl_vhost.local.bak<br /> /scripts/rebuildhttpdconf<br /> /scripts/restartsrv_httpd<br /> <br /> <br /> <br /> == Fix NFS mount on boot - Centos 7 ==<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-idmap.service<br /> [Install]<br /> WantedBy=multi-user.target<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-lock.service<br /> [Install]<br /> WantedBy=nfs.target<br /> <br /> Enable related services<br /> <br /> systemctl enable nfs-idmapd.service <br /> systemctl enable rpc-statd.service <br /> systemctl enable rpcbind.socket<br /> <br /> Reboot the server<br /> <br /> <br /> == Login to WHM with link ==<br /> <br /> whmapi1 create_user_session user=root service=whostmgrd locale=en<br /> <br /> <br /> <br /> == Update date and time on Linux server ==<br /> <br /> sudo ntpd -qg; sudo hwclock -w<br /> <br /> <br /> == Clone Linux user ==<br /> <br /> #!/bin/bash<br /> SRC=$1<br /> DEST=$2<br /> <br /> SRC_GROUPS=$(id -Gn ${SRC} | sed "s/${SRC} //g" | sed "s/ ${SRC}//g" | sed "s/ /,/g")<br /> SRC_SHELL=$(awk -F : -v name=${SRC} '(name == $1) { print $7 }' /etc/passwd)<br /> <br /> useradd --groups ${SRC_GROUPS} --shell ${SRC_SHELL} --create-home ${DEST}<br /> passwd ${DEST}<br /> <br /> <br /> == Reload VM after UUID change ==<br /> <br /> vim-cmd vmsvc/getallvms<br /> vim-cmd vmsvc/reload $vmID<br /> <br /> <br /> == Size of suspended accounts in WHM ==<br /> for i in `whmapi1 listsuspended|grep user|cut -d: -f2`; do echo "Suspended account: $i - using" `whmapi1 listaccts search=$i searchtype=user|grep diskused|cut -d: -f2`; done<br /> <br /> <br /> == Clear BOOT on Ubuntu when 100% ==<br /> dpkg --purge `dpkg --list|grep "linux-"|grep -v \`uname -r|sed 's/-generic//g'\`|cut -d" " -f3|grep "[0-9]-"|paste -sd " " -`<br /> <br /> <br /> == One-time login to wordpress ==<br /> <br /> Install wp cli:<br /> <br /> curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar<br /> chmod +x wp-cli.phar<br /> mv wp-cli.phar /usr/local/bin/wp<br /> <br /> Run from the WordPress installed location:<br /> <br /> useradmin=`wp user list --role=administrator --format=csv --allow-root | cut -d',' -f2 | head -2 | tail -1` && wp plugin install one-time-login --activate --allow-root && wp user one-time-login $useradmin --allow-root && user=$(stat -c "%U" `pwd`) && chown $user.$user wp-content/ -R<br /> <br /> <br /> == Cpanel resources consumption history per user ==<br /> <nowiki>OUT=$(/usr/local/cpanel/bin/dcpumonview | grep -v Top | sed -e 's#<[^>]*># #g' | while read i ; do NF=`echo $i | awk {'print NF'}` ; if [[ "$NF" == "5" ]] ; then USER=`echo $i | awk {'print $1'}`; OWNER=`grep -e "^OWNER=" /var/cpanel/users/$USER | cut -d= -f2` ; echo "$OWNER $i"; fi ; done) ; (echo "USER CPU" ; echo "$OUT" | sort -nrk4 | awk '{printf "%s %s%\n",$2,$4}' | head -5) | column -t ;echo;(echo -e "USER MEMORY" ; echo "$OUT" | sort -nrk5 | awk '{printf "%s %s%\n",$2,$5}' | head -5) | column -t ;echo;(echo -e "USER MYSQL" ; echo "$OUT" | sort -nrk6 | awk '{printf "%s %s%\n",$2,$6}' | head -5) | column -t ; </nowiki><br /> <br /> <br /> == Engintron generate custom_rules for all domains on the server. ==<br /> ip=`hostname -i` && for domain in `httpd -S | grep www. | awk -F 'www.' '{print $2}'`;do printf "if ( \$host ~ \"%s\") {set \$PROXY_DOMAIN_OR_IP \"$ip\";}\n" $domain ;done >> /etc/nginx/custom_rules && service nginx reload<br /> <br /> <br /> == Fix Installatron - error 500 or missing list/install ==<br /> /usr/local/installatron/repair -f --release --quick<br /> [https://installatron.com/docs/admin/troubleshooting#missinginstalls Installatron FIX]<br /> <br /> <br /> == Find root of a site and CD to it ==<br /> <br /> Replace domain.com with desired domain<br /> cd `grep "domain.com" /etc/apache2/conf/httpd.conf -A7|grep Root|head -1|awk '{print $2}'`<br /> <br /> <br /> == Generate CSR with OPENSSL ==<br /> <br /> Generate key:<br /> openssl genrsa -out private.key 2048<br /> <br /> Gemnerate CSR:<br /> openssl req -new -sha256 -key private.key -out mycsr.csr<br /> <br /> == Links ==<br /> Installing Redis: [https://troubleshootguru.wordpress.com/2014/11/19/how-to-install-redis-on-a-centos-6-5-centos-7-0-server-2/] [https://www.fastcomet.com/community/question/wordpress-caching-with-redis-centos-cpanel/] [https://nixtree.com/blog/install-redis-daemon-and-redis-php-extention-on-centosrhelcpanel/]<br /> <br /> Windows images [http://torrent-win.net/windows_original/]<br /> <br /> Github: [https://github.com/romanost Github]<br /> <br /> Arista: [https://www.arista.com/assets/data/docs/Manuals/EOS-4.17.0F-Manual.pdf Manual] [https://www.arista.com/en/um-eos/eos-section-3-10-command-line-interface-commands CLI]<br /> <br /> VMware converter old version [http://soft.assenov.net/software/index.php?dir=VMWare/ Link]<br /> <br /> GEOip on EA4 [https://grepitout.com/install-mod_geoip-cpanel-easyapache-4/ link]<br /> <br /> PHP Malware finder [https://github.com/nbs-system/php-malware-finder link]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Windows&diff=57 Windows 2018-10-22T13:11:32Z

<p>Meadmin: </p> <hr /> <div>== Delete HX user ==<br /> <br /> <br /> $domain = "Domain_name.com"<br /> Get-AddressBookPolicy $domain* | Remove-AddressBookPolicy -Confirm:$false<br /> Get-AddressList $domain* | Remove-AddressList -Confirm:$false<br /> Get-GlobalAddressList $domain* | Remove-GlobalAddressList -Confirm:$false<br /> Get-OfflineAddressBook $domain* | Remove-OfflineAddressBook -Confirm:$false<br /> <br /> <br /> == Identify Worker Process in IIS 7.0 ==<br /> <br /> * From IIS 7.0 you need you to run IIS Command Tool ( appcmd ) .<br /> <br /> * Start > Run > Cmd<br /> * Go To Windows > System32 > Inetsrv<br /> * Run appcmd list wp<br /> <br /> <br /> <br /> == Installing terminal licenses server 2012 2008 R2 ==<br /> <br /> * In powershell enter the following commands:<br /> <br /> $obj = gwmi -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting<br /> $obj.ChangeMode(4)<br /> $obj.SetSpecifiedLicenseServerList("$env:computername")<br /> $obj.GetSpecifiedLicenseServerList()<br /> <br /> <br /> == Remote control windows server 2012 ==<br /> <br /> qwinsta<br /> mstsc.exe /shadow:sessionID /control /noConsentPrompt<br /> <br /> <br /> == Export IIS bindings ==<br /> <br /> %windir%\system32\inetsrv\appcmd list site > c:\sites-list.txt<br /> <br /> <br /> == Fix DCOM permissions error ==<br /> https://www.tenforums.com/general-support/69270-dcom-error-10016-re-appid-f72671a9-012c-4725-9d2f-2a4d32d65169.html<br /> <br /> Run regedit and let it search for the first Hive Key.<br /> Right click it and select "Permissions" A box will pop up. Tick "Advanced" <br /> Another box appears and you will see that the Hive Key is owned by "Trusted Installer"<br /> <br /> Click on "Change" and type "Administrators" (without the quotation marks). Click apply and OK until your back into the first panel. Select Administrators from the list there and click on the "Full Control" check box.<br /> <br /> Now do the same for the next Hive Key.<br /> <br /> Leave Regedit open and run dcomcnfg. Click on the right hand side object until you see dcomconfig. Double click it and scroll down to the object named:<br /> <br /> {F72671A9-012C-4725-9D2F-2A4D32D65169}<br /> <br /> Right click that and select "Properties". Under "Launch and Activation" click on "Edit" . Add User "SYSTEM" (no quotes),<br /> Click OK. Back in the first panel select "SYSTEM" and click on the local permissions. <br /> <br /> Close dcomcnfg and go back to regedit. In there you need to grant back ownership to the original owners.<br /> In this case one Hive Key was owned by "SYSTEM" the other by "TrustedInstaller" (type: NT SERVICE\TrustedInstaller)<br /> <br /> <br /> == Fix Israel daylight timezone==<br /> <br /> Old:<br /> <br /> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Israel Standard Time]<br /> 88 FF FF FF 00 00 00 00 <br /> C4 FF FF FF 00 00 0A 00<br /> 00 00 05 00 02 00 00 00<br /> 00 00 00 00 00 00 03 00<br /> 05 00 04 00 02 00 00 00<br /> 00 00 00 00<br /> <br /> New:<br /> 88 ff ff ff 00 00 00 00<br /> c4 ff ff ff 00 00 0a 00<br /> 00 00 01 00 02 00 00 00<br /> 00 00 00 00 00 00 03 00<br /> 05 00 05 00 02 00 00 00<br /> 00 00 00 00<br /> <br /> <br /> <br /> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Israel Standard Time\Dynamic DST]<br /> <br /> Old: 2018:<br /> 88 FF FF FF 00 00 00 00<br /> C4 FF FF FF 00 00 0A 00<br /> 00 00 05 00 02 00 00 00<br /> 00 00 00 00 00 00 03 00<br /> 05 00 04 00 02 00 00 00<br /> 00 00 00 00<br /> <br /> 2019,2020,2021,2022:<br /> 88 FF FF FF 00 00 00 00<br /> C4 FF FF FF 00 00 0A 00<br /> 00 00 05 00 02 00 00 00<br /> 00 00 00 00 00 00 03 00<br /> 05 00 05 00 02 00 00 00<br /> 00 00 00 00<br /> <br /> New:<br /> 2018:<br /> 88 ff ff ff 00 00 00 00<br /> c4 ff ff ff 00 00 0a 00<br /> 00 00 01 00 02 00 00 00<br /> 00 00 00 00 00 00 03 00<br /> 05 00 04 00 02 00 00 00<br /> 00 00 00 00<br /> <br /> <br /> 2019,2020,2021,2022:<br /> 88 ff ff ff 00 00 00 00<br /> c4 ff ff ff 00 00 0a 00<br /> 00 00 01 00 02 00 00 00<br /> 00 00 00 00 00 00 03 00<br /> 05 00 05 00 02 00 00 00<br /> 00 00 00 00<br /> <br /> <br /> <br /> == Links ==<br /> <br /> IIS 8.5 A+ SSL Labs [https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Linux&diff=56 Linux 2018-10-03T11:30:15Z

<p>Meadmin: </p> <hr /> <div><br /> == Wordpress login attack check ==<br /> <br /> '''Crontab :'''<br /> 0 */6 * * * sh /root/wplogin.sh<br /> <br /> '''Script :'''<br /> #!/bin/bash<br /> <br /> ###start editing<br /> thold="100"<br /> btime="359m"<br /> ###stop editing<br /> <br /> egrep 'wp-login.php' /usr/local/apache/domlogs/* | grep -v ftp_log | awk -F : '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | awk -v limit="$thold" '$1 > limit{print $2}' > $$_ip_$$<br /> <br /> while IFS= read -r line<br /> do<br /> /usr/sbin/csf -td "$line" "$btime" "banned for wordpress attack"<br /> done < $$_ip_$$<br /> rm -f $$_ip_$$<br /> <br /> == Prevent OOM killer ==<br /> <br /> '''Edit file /etc/sysctl.conf'''<br /> <br /> vm.overcommit_memory = 2 <br /> vm.overcommit_ratio = 100<br /> <br /> In case of bad memory usage (php out of memory) use this settings:<br /> <br /> vm.overcommit_memory = 0<br /> vm.overcommit_ratio = 80<br /> <br /> == Who is using SWAP ==<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5<br /> <br /> Print with the process command:<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5|awk -F'/' '{cmd="cat /proc/" $3 "/cmdline"; cmd|getline var; close (cmd); printf $0 "\t"; print var}' <br /> <br /> == Plesk on CentOS 12 bind fix ==<br /> <br /> The problem was nginx was attempting to bind to port 443 before the IP was initialized.<br /> <br /> To fix edit the /etx/sysctl.conf file and add <br /> net.ipv4.ip_nonlocal_bind = 1<br /> <br /> == WHM replica ==<br /> <br /> rsync -avz 192.168.1.122:/home/ /home/ --exclude="virtfs" --exclude="\.cp*" --exclude="cpeasyapache" <br /> rsync -avz 192.168.1.122:/usr/local/apache/conf/ /usr/local/apache/conf/<br /> rsync -avz 192.168.1.122:/var/named/ /var/named/<br /> rsync -avz 192.168.1.122:/usr/local/cpanel/ /usr/local/cpanel/<br /> rsync -avz 192.168.1.122:/var/cpanel/ /var/cpanel<br /> <br /> chkconfig cpanel off<br /> chkconfig exim off<br /> chkconfig dovecot off<br /> chkconfig pure-ftpd off<br /> chkconfig named off<br /> chkconfig mysql off<br /> chkconfig csf off<br /> chkconfig iptables off<br /> <br /> hostname: /etc/sysconfig/network<br /> <br /> change shared ip - You can change it in /etc/wwwacct.conf infront of ADDR parameter.<br /> change ip - Usage: /usr/local/cpanel/bin/setsiteip [-u user | domain] ip (/etc/trueuserowners)<br /> rebuild httpd conf<br /> restart apache<br /> <br /> == Apache memory usage ==<br /> <br /> ps -ylC httpd | awk '{x += $8;y += 1} END {print "Apache Memory Usage (MB): "x/1024; print "Average Proccess Size (MB): "x/((y-1)*1024)}'<br /> <br /> <br /> == Wordpress pingback ==<br /> <br /> Nginx:<br /> <br /> # WordPress Pingback Request Denial<br /> if ($http_user_agent ~* "WordPress") {<br /> return 403;<br /> }<br /> <br /> Apache:<br /> <br /> BrowserMatchNoCase WordPress wordpress_ping<br /> BrowserMatchNoCase Wordpress wordpress_ping<br /> Order Deny,Allow<br /> Deny from env=wordpress_ping<br /> <br /> == Find big files and folders ==<br /> <br /> find / -mount -type f -print0 2>/dev/null | xargs -0 du 2>/dev/null | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> find / -mount -type d -print0 2>/dev/null | xargs -0 du 2>/dev/null | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> du -sh /var/cpanel/user_notifications && du -sh /backup/cpbackup/*/dirs/_var_cpanel/user_notifications<br /> <br /> == Rebuild Sophos when disk full ==<br /> <br /> /etc/init.d/postgresql92 rebuild<br /> <br /> On older versions:<br /> /var/mdw/scripts/smtp stop<br /> dropdb -U postgres smtp<br /> createdb -U postgres smtp<br /> /var/mdw/scripts/smtp start<br /> <br /> == Clear allowed networks on Sophos ==<br /> <br /> Login to the Sophos<br /> Type ‘cc’<br /> In cc, you’ll be in MAIN, if not, type ‘MAIN’<br /> Type ‘webadmin'<br /> Type ‘allowed_networks@'<br /> =['REF_NetworkAny']<br /> <br /> <br /> == Most accessed sites in the last minute ==<br /> <br /> cat <<'SCRIPT' >>/root/sitesLoad.sh<br /> <br /> #!/bin/bash<br /> <nowiki>if [[ `netstat -ntalp | grep :80 | awk '$4 ~ /:80/ {print $0;exit}' | grep -q httpd; echo $?` -ne 0 ]]; then echo "Main web server is not Apache. Exiting..."; exit 1; fi</nowiki><br /> <br /> log=/tmp/hostPop<br /> i=0<br /> find /usr/local/apache/domlogs/ -type f -mmin -1 ! -group root -exec ls -l {} \+ | awk '{print $4, $9}' | column -t>$log<br /> <br /> while read line; do<br /> ((++i))<br /> arr[$i]=$i<br /> arr[$i*1000]=$(printf "$line" | awk '{print $1}')<br /> arr[$i*1001]=$(printf "$line" | awk '{print $2}')<br /> arr[$i*1002]=$(wc -l `echo $line | awk '{print $NF}'` | cut -d' ' -f 1)<br /> done < <(cat $log)<br /> <br /> echo "Analyzing apache logs in realtime for 1 minute..."; sleep 60<br /> <br /> for (( var=1 ; var<=$i ; var++ ))<br /> do<br /> printf "${arr[$var*1000]} ${arr[$var*1001]} "<br /> echo $((`wc -l $(echo ${arr[$var*1001]}) | cut -d' ' -f 1` - ${arr[$var*1002]}));<br /> done | sed -e 's/\/usr\/local\/apache\/domlogs\///g' | sort -nrk 3 | column -t<br /> <br /> SCRIPT<br /> chmod 700 /root/sitesLoad.sh && /root/sitesLoad.sh<br /> <br /> == PHP.INI upload big files ==<br /> <br /> ini_set('upload_max_filesize', '10M');<br /> ini_set('post_max_size', '10M');<br /> ini_set('max_input_time', 300);<br /> ini_set('max_execution_time', 300);<br /> <br /> <br /> == Change permissions (chmod) to folders and files ==<br /> <br /> find . -type d -exec chmod 755 {} + <br /> find . -type f -exec chmod 644 {} + <br /> <br /> == Disable IPv6 ==<br /> <br /> For current session:<br /> echo 1 > /proc/sys/net/ipv6/conf/<interface-name>/disable_ipv6<br /> echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6<br /> <br /> Permanent:<br /> vi /etc/sysctl.conf<br /> net.ipv6.conf.all.disable_ipv6 = 1<br /> sudo sysctl -p /etc/sysctl.conf<br /> <br /> == Virtual box boot from USB ==<br /> VBoxManage internalcommands createrawvmdk -filename C:\usb.vmdk -rawdisk \\.\PhysicalDrive#<br /> <br /> <br /> == CSF GUI on ISPCONFIG 3 ==<br /> Install old CSF (before 8.13)<br /> <br /> Copy the ISPCONFIG folder to /etc/csf/ and enable CSF in ISPCONFIG<br /> <br /> Backup csfui* files<br /> <br /> Upgrade CSF<br /> <br /> Copy backuped csfui* files back<br /> <br /> Run the following commands:<br /> sed -i 's/checkip/ConfigServer::CheckIP::checkip/g' /usr/local/csf/bin/csfui.pl<br /> sed -i 's/sanity(/ConfigServer::Sanity::sanity(/g' /usr/local/csf/bin/csfui.pl<br /> <br /> <br /> == Max connections on Linux ==<br /> <br /> Add to /etc/sysctl.conf:<br /> <br /> fs.file-max = 70000<br /> net.ipv4.tcp_tw_recycle=0<br /> net.ipv4.tcp_fin_timeout = 10<br /> net.ipv4.ip_local_port_range = 15000 61000<br /> net.core.somaxconn = 1024<br /> net.core.netdev_max_backlog = 2000<br /> <br /> == CSF configuration ==<br /> <br /> ## Automated configuration:<br /> <br /> sed -i 's/TESTING = "1"/TESTING = "0"/' /etc/csf/csf.conf<br /> sed -i 's/RESTRICT_SYSLOG = "0"/RESTRICT_SYSLOG = "3"/' /etc/csf/csf.conf<br /> sed -i 's/IPV6 = "1"/IPV6 = "0"/' /etc/csf/csf.conf<br /> sed -i 's/IGNORE_ALLOW = "0"/IGNORE_ALLOW = "1"/' /etc/csf/csf.conf<br /> sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;70"/' /etc/csf/csf.conf<br /> sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;100;1,443;tcp;100;5"/' /etc/csf/csf.conf<br /> sed -i 's/CT_LIMIT = "0"/CT_LIMIT = "300"/' /etc/csf/csf.conf<br /> <br /> ## Disable LFD alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/LF_EMAIL_ALERT = "1"/LF_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SSH_EMAIL_ALERT = "1"/LF_SSH_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SU_EMAIL_ALERT = "1"/LF_SU_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_WEBMIN_EMAIL_ALERT = "1"/LF_WEBMIN_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_CONSOLE_EMAIL_ALERT = "1"/LF_CONSOLE_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LT_EMAIL_ALERT = "1"/LT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/CT_EMAIL_ALERT = "1"/CT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PS_EMAIL_ALERT = "1"/PS_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> <br /> ## Disable PT alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/PT_USERPROC = "10"/PT_USERPROC = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERMEM = "256"/PT_USERMEM = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERTIME = "1800"/PT_USERTIME = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERKILL_ALERT = "1"/PT_USERKILL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_LOAD = "30"/PT_LOAD = "0"/' /etc/csf/csf.conf<br /> <br /> <br /> == Rescan drives ==<br /> <br /> echo "- - -" > /sys/class/scsi_host/host0/scan<br /> <br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> <br /> <br /> == Find PTR owner - reversal ==<br /> <br /> dig 0.168.192.in-addr.arpa. NS<br /> <br /> <br /> == Fix locales in Ubuntu ==<br /> locale-gen en_US.UTF-8<br /> dpkg-reconfigure locales<br /> <br /> <br /> == Change permissions to all files and folders ==<br /> chown `stat -c %U .`.`stat -c %U .` * -R<br /> <br /> == Open last edited file ==<br /> less `ls -dx1tr /usr/local/cpanel/logs/cpbackup/*|tail -1`<br /> <br /> == Clear cache and swap ==<br /> echo 3 > /proc/sys/vm/drop_caches && swapoff -a && swapon -a<br /> <br /> == Disable core files in CPanel accounts ==<br /> <br /> Add this in /etc/sysctl.conf<br /> kernel.core_uses_pid = 0<br /> kernel.core_pattern = /dev/null<br /> <br /> And run:<br /> sysctl -p<br /> <br /> == Add HSTS support in CPANEL ==<br /> cp -p /var/cpanel/templates/apache2_4/ssl_vhost.default /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> vi /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> <br /> Edit:<br /> <VirtualHost[% FOREACH ipblock IN vhost.ips %] [% ipblock.ip %]:[% ipblock.port %][% END %]><br /> # Enable HTTP Strict Transport Security<br /> Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"<br /> <br /> cp -p /var/cpanel/templates/apache2_4/main.default /var/cpanel/templates/apache2_4/main.local<br /> vi /var/cpanel/templates/apache2_4/main.local<br /> <br /> Edit:<br /> [% IF main.sslprotocol.item.sslprotocol.length %]SSLProtocol [% main.sslprotocol.item.sslprotocol %][% END %]<br /> SSLHonorCipherOrder on<br /> <br /> Run:<br /> /scripts/rebuildhttpdconf<br /> service httpd restart<br /> <br /> <br /> == Install mod_pagespeed on WHM ==<br /> <br /> With EA3:<br /> /usr/local/cpanel/3rdparty/bin/git clone https://github.com/pagespeed/cpanel.git /tmp/pagespeed/<br /> cd /tmp/pagespeed/Easy<br /> tar -zcvf Speed.pm.tar.gz pagespeed<br /> mkdir -p /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy<br /> mv Speed.pm Speed.pm.tar.gz -t /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy/<br /> cd && rm -rf /tmp/pagespeed<br /> <br /> With EA4:<br /> <br /> Create file /etc/rpm/macros.apache2 and add the following lines of code exactly as below<br /> %_httpd_mmn 20120211x8664<br /> %_httpd_apxs /usr/bin/apxs<br /> %_httpd_dir /etc/apache2<br /> %_httpd_bindir %{_httpd_dir}/bin<br /> %_httpd_modconfdir %{_httpd_dir}/conf.modules.d<br /> %_httpd_confdir %{_httpd_dir}/conf.d<br /> %_httpd_contentdir /usr/share/apache2<br /> %_httpd_moddir /usr/lib64/apache2/modules<br /> <br /> Next run the following commands in order, make sure you run each command on it’s own<br /> rm -rf /root/rpmbuild/RPMS/x86_64/<br /> wget https://github.com/pagespeed/cpanel/raw/master/EA4/ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpmbuild --rebuild ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpm -Uvh /root/rpmbuild/RPMS/x86_64/ea-apache24-mod_pagespeed*.rpm<br /> /etc/init.d/httpd restart<br /> <br /> <br /> == Resize root partition without reboot ==<br /> <br /> Resize HD size in VC<br /> Run: (replace the device if needed)<br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> run fdisk:<br /> print the old partition and save the output<br /> delete the root partition<br /> create a new partition using the SAME start block and make sure that the end block is higher than previous one (enter, enter, enter…)<br /> write changes (ignore error)<br /> run:<br /> partx -u /dev/sda<br /> resize2fs -f /dev/sda3<br /> Make sure everything is OK:<br /> df -h<br /> <br /> <br /> == Delete files with a large file list - Argument list too long ==<br /> find . -name '*'|xargs rm<br /> <br /> <br /> == Show all domains in NGINX configuration ==<br /> <br /> grep -e "^\s*server_name" /etc/nginx/conf.d/*|sed -e 's/[\t ]*server_name//g;'|sed -e "s/ /\+/g"|sed -e 's/;//g'|while read line; do for i in $line; do echo -n "$i "|sed -e 's/://' -e 's/\+/\n |--/g'; done ;echo; done; echo<br /> <br /> <br /> == Kill process that runs more than X time ==<br /> <br /> Kill cgi after 30 secs:<br /> for i in `ps -eo pid,etime,cmd|grep cgi|awk '$2 > "00:30" {print $1}'`; do kill $i; done<br /> <br /> <br /> == Unblock Invalid packets in CSF ==<br /> # Drop out of order packets and packets in an INVALID state in iptables<br /> # connection tracking<br /> PACKET_FILTER = "0"<br /> <br /> <br /> == Who uses RAM ==<br /> <br /> ps aux | awk '{print $6/1024 " MB\t\t" $11}' | sort -n<br /> <br /> <br /> <br /> == Fix WHM/CPanel templates ==<br /> <br /> cp /usr/local/apache/conf/httpd.conf{,.cptech-`date +%Y%m%d`}<br /> mv /var/cpanel/templates/apache2_4/vhost.local /var/cpanel/templates/apache2_4/vhost.local.bak<br /> mv /var/cpanel/templates/apache2_4/ssl_vhost.local /var/cpanel/templates/apache2_4/ssl_vhost.local.bak<br /> /scripts/rebuildhttpdconf<br /> /scripts/restartsrv_httpd<br /> <br /> <br /> <br /> == Fix NFS mount on boot - Centos 7 ==<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-idmap.service<br /> [Install]<br /> WantedBy=multi-user.target<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-lock.service<br /> [Install]<br /> WantedBy=nfs.target<br /> <br /> Enable related services<br /> <br /> systemctl enable nfs-idmapd.service <br /> systemctl enable rpc-statd.service <br /> systemctl enable rpcbind.socket<br /> <br /> Reboot the server<br /> <br /> <br /> == Login to WHM with link ==<br /> <br /> whmapi1 create_user_session user=root service=whostmgrd locale=en<br /> <br /> <br /> <br /> == Update date and time on Linux server ==<br /> <br /> sudo ntpd -qg; sudo hwclock -w<br /> <br /> <br /> == Clone Linux user ==<br /> <br /> #!/bin/bash<br /> SRC=$1<br /> DEST=$2<br /> <br /> SRC_GROUPS=$(id -Gn ${SRC} | sed "s/${SRC} //g" | sed "s/ ${SRC}//g" | sed "s/ /,/g")<br /> SRC_SHELL=$(awk -F : -v name=${SRC} '(name == $1) { print $7 }' /etc/passwd)<br /> <br /> useradd --groups ${SRC_GROUPS} --shell ${SRC_SHELL} --create-home ${DEST}<br /> passwd ${DEST}<br /> <br /> <br /> == Reload VM after UUID change ==<br /> <br /> vim-cmd vmsvc/getallvms<br /> vim-cmd vmsvc/reload $vmID<br /> <br /> <br /> == Size of suspended accounts in WHM ==<br /> for i in `whmapi1 listsuspended|grep user|cut -d: -f2`; do echo "Suspended account: $i - using" `whmapi1 listaccts search=$i searchtype=user|grep diskused|cut -d: -f2`; done<br /> <br /> <br /> == Clear BOOT on Ubuntu when 100% ==<br /> dpkg --purge `dpkg --list|grep "linux-"|grep -v \`uname -r|sed 's/-generic//g'\`|cut -d" " -f3|grep "[0-9]-"|paste -sd " " -`<br /> <br /> <br /> == One-time login to wordpress ==<br /> <br /> Install wp cli:<br /> <br /> curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar<br /> chmod +x wp-cli.phar<br /> mv wp-cli.phar /usr/local/bin/wp<br /> <br /> Run from the WordPress installed location:<br /> <br /> useradmin=`wp user list --role=administrator --format=csv --allow-root | cut -d',' -f2 | head -2 | tail -1` && wp plugin install one-time-login --activate --allow-root && wp user one-time-login $useradmin --allow-root && user=$(stat -c "%U" `pwd`) && chown $user.$user wp-content/ -R<br /> <br /> <br /> == Cpanel resources consumption history per user ==<br /> <nowiki>OUT=$(/usr/local/cpanel/bin/dcpumonview | grep -v Top | sed -e 's#<[^>]*># #g' | while read i ; do NF=`echo $i | awk {'print NF'}` ; if [[ "$NF" == "5" ]] ; then USER=`echo $i | awk {'print $1'}`; OWNER=`grep -e "^OWNER=" /var/cpanel/users/$USER | cut -d= -f2` ; echo "$OWNER $i"; fi ; done) ; (echo "USER CPU" ; echo "$OUT" | sort -nrk4 | awk '{printf "%s %s%\n",$2,$4}' | head -5) | column -t ;echo;(echo -e "USER MEMORY" ; echo "$OUT" | sort -nrk5 | awk '{printf "%s %s%\n",$2,$5}' | head -5) | column -t ;echo;(echo -e "USER MYSQL" ; echo "$OUT" | sort -nrk6 | awk '{printf "%s %s%\n",$2,$6}' | head -5) | column -t ; </nowiki><br /> <br /> <br /> == Engintron generate custom_rules for all domains on the server. ==<br /> ip=`hostname -i` && for domain in `httpd -S | grep www. | awk -F 'www.' '{print $2}'`;do printf "if ( \$host ~ \"%s\") {set \$PROXY_DOMAIN_OR_IP \"$ip\";}\n" $domain ;done >> /etc/nginx/custom_rules && service nginx reload<br /> <br /> <br /> == Fix Installatron - error 500 or missing list/install ==<br /> /usr/local/installatron/repair -f --release --quick<br /> [https://installatron.com/docs/admin/troubleshooting#missinginstalls Installatron FIX]<br /> <br /> <br /> == Find root of a site and CD to it ==<br /> <br /> Replace domain.com with desired domain<br /> cd `grep "domain.com" /etc/apache2/conf/httpd.conf -A7|grep Root|head -1|awk '{print $2}'`<br /> <br /> <br /> == Generate CSR with OPENSSL ==<br /> <br /> Generate key:<br /> openssl genrsa -out private.key 2048<br /> <br /> Gemnerate CSR:<br /> openssl req -new -sha256 -key private.key -out mycsr.csr<br /> <br /> == Links ==<br /> Installing Redis: [https://troubleshootguru.wordpress.com/2014/11/19/how-to-install-redis-on-a-centos-6-5-centos-7-0-server-2/] [https://www.fastcomet.com/community/question/wordpress-caching-with-redis-centos-cpanel/] [https://nixtree.com/blog/install-redis-daemon-and-redis-php-extention-on-centosrhelcpanel/]<br /> <br /> Windows images [http://torrent-win.net/windows_original/]<br /> <br /> Github: [https://github.com/romanost Github]<br /> <br /> Arista: [https://www.arista.com/assets/data/docs/Manuals/EOS-4.17.0F-Manual.pdf Manual] [https://www.arista.com/en/um-eos/eos-section-3-10-command-line-interface-commands CLI]<br /> <br /> VMware converter old version [http://soft.assenov.net/software/index.php?dir=VMWare/ Link]<br /> <br /> GEOip on EA4 [https://grepitout.com/install-mod_geoip-cpanel-easyapache-4/ link]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Linux&diff=55 Linux 2018-09-03T09:07:50Z

<p>Meadmin: </p> <hr /> <div><br /> == Wordpress login attack check ==<br /> <br /> '''Crontab :'''<br /> 0 */6 * * * sh /root/wplogin.sh<br /> <br /> '''Script :'''<br /> #!/bin/bash<br /> <br /> ###start editing<br /> thold="100"<br /> btime="359m"<br /> ###stop editing<br /> <br /> egrep 'wp-login.php' /usr/local/apache/domlogs/* | grep -v ftp_log | awk -F : '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | awk -v limit="$thold" '$1 > limit{print $2}' > $$_ip_$$<br /> <br /> while IFS= read -r line<br /> do<br /> /usr/sbin/csf -td "$line" "$btime" "banned for wordpress attack"<br /> done < $$_ip_$$<br /> rm -f $$_ip_$$<br /> <br /> == Prevent OOM killer ==<br /> <br /> '''Edit file /etc/sysctl.conf'''<br /> <br /> vm.overcommit_memory = 2 <br /> vm.overcommit_ratio = 100<br /> <br /> In case of bad memory usage (php out of memory) use this settings:<br /> <br /> vm.overcommit_memory = 0<br /> vm.overcommit_ratio = 80<br /> <br /> == Who is using SWAP ==<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5<br /> <br /> Print with the process command:<br /> grep VmSwap /proc/*/status 2>/dev/null | sort -nk2 | tail -n5|awk -F'/' '{cmd="cat /proc/" $3 "/cmdline"; cmd|getline var; close (cmd); printf $0 "\t"; print var}' <br /> <br /> == Plesk on CentOS 12 bind fix ==<br /> <br /> The problem was nginx was attempting to bind to port 443 before the IP was initialized.<br /> <br /> To fix edit the /etx/sysctl.conf file and add <br /> net.ipv4.ip_nonlocal_bind = 1<br /> <br /> == WHM replica ==<br /> <br /> rsync -avz 192.168.1.122:/home/ /home/ --exclude="virtfs" --exclude="\.cp*" --exclude="cpeasyapache" <br /> rsync -avz 192.168.1.122:/usr/local/apache/conf/ /usr/local/apache/conf/<br /> rsync -avz 192.168.1.122:/var/named/ /var/named/<br /> rsync -avz 192.168.1.122:/usr/local/cpanel/ /usr/local/cpanel/<br /> rsync -avz 192.168.1.122:/var/cpanel/ /var/cpanel<br /> <br /> chkconfig cpanel off<br /> chkconfig exim off<br /> chkconfig dovecot off<br /> chkconfig pure-ftpd off<br /> chkconfig named off<br /> chkconfig mysql off<br /> chkconfig csf off<br /> chkconfig iptables off<br /> <br /> hostname: /etc/sysconfig/network<br /> <br /> change shared ip - You can change it in /etc/wwwacct.conf infront of ADDR parameter.<br /> change ip - Usage: /usr/local/cpanel/bin/setsiteip [-u user | domain] ip (/etc/trueuserowners)<br /> rebuild httpd conf<br /> restart apache<br /> <br /> == Apache memory usage ==<br /> <br /> ps -ylC httpd | awk '{x += $8;y += 1} END {print "Apache Memory Usage (MB): "x/1024; print "Average Proccess Size (MB): "x/((y-1)*1024)}'<br /> <br /> <br /> == Wordpress pingback ==<br /> <br /> Nginx:<br /> <br /> # WordPress Pingback Request Denial<br /> if ($http_user_agent ~* "WordPress") {<br /> return 403;<br /> }<br /> <br /> Apache:<br /> <br /> BrowserMatchNoCase WordPress wordpress_ping<br /> BrowserMatchNoCase Wordpress wordpress_ping<br /> Order Deny,Allow<br /> Deny from env=wordpress_ping<br /> <br /> == Find big files and folders ==<br /> <br /> find / -mount -type f -print0 2>/dev/null | xargs -0 du 2>/dev/null | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> find / -mount -type d -print0 2>/dev/null | xargs -0 du 2>/dev/null | sort -n | tail -40 | cut -f2 | xargs -I{} du -sh 2>/dev/null {} | uniq; printf '+%.0s' {1..100}; echo; \<br /> du -sh /var/cpanel/user_notifications && du -sh /backup/cpbackup/*/dirs/_var_cpanel/user_notifications<br /> <br /> == Rebuild Sophos when disk full ==<br /> <br /> /etc/init.d/postgresql92 rebuild<br /> <br /> On older versions:<br /> /var/mdw/scripts/smtp stop<br /> dropdb -U postgres smtp<br /> createdb -U postgres smtp<br /> /var/mdw/scripts/smtp start<br /> <br /> == Clear allowed networks on Sophos ==<br /> <br /> Login to the Sophos<br /> Type ‘cc’<br /> In cc, you’ll be in MAIN, if not, type ‘MAIN’<br /> Type ‘webadmin'<br /> Type ‘allowed_networks@'<br /> =['REF_NetworkAny']<br /> <br /> <br /> == Most accessed sites in the last minute ==<br /> <br /> cat <<'SCRIPT' >>/root/sitesLoad.sh<br /> <br /> #!/bin/bash<br /> <nowiki>if [[ `netstat -ntalp | grep :80 | awk '$4 ~ /:80/ {print $0;exit}' | grep -q httpd; echo $?` -ne 0 ]]; then echo "Main web server is not Apache. Exiting..."; exit 1; fi</nowiki><br /> <br /> log=/tmp/hostPop<br /> i=0<br /> find /usr/local/apache/domlogs/ -type f -mmin -1 ! -group root -exec ls -l {} \+ | awk '{print $4, $9}' | column -t>$log<br /> <br /> while read line; do<br /> ((++i))<br /> arr[$i]=$i<br /> arr[$i*1000]=$(printf "$line" | awk '{print $1}')<br /> arr[$i*1001]=$(printf "$line" | awk '{print $2}')<br /> arr[$i*1002]=$(wc -l `echo $line | awk '{print $NF}'` | cut -d' ' -f 1)<br /> done < <(cat $log)<br /> <br /> echo "Analyzing apache logs in realtime for 1 minute..."; sleep 60<br /> <br /> for (( var=1 ; var<=$i ; var++ ))<br /> do<br /> printf "${arr[$var*1000]} ${arr[$var*1001]} "<br /> echo $((`wc -l $(echo ${arr[$var*1001]}) | cut -d' ' -f 1` - ${arr[$var*1002]}));<br /> done | sed -e 's/\/usr\/local\/apache\/domlogs\///g' | sort -nrk 3 | column -t<br /> <br /> SCRIPT<br /> chmod 700 /root/sitesLoad.sh && /root/sitesLoad.sh<br /> <br /> == PHP.INI upload big files ==<br /> <br /> ini_set('upload_max_filesize', '10M');<br /> ini_set('post_max_size', '10M');<br /> ini_set('max_input_time', 300);<br /> ini_set('max_execution_time', 300);<br /> <br /> <br /> == Change permissions (chmod) to folders and files ==<br /> <br /> find . -type d -exec chmod 755 {} + <br /> find . -type f -exec chmod 644 {} + <br /> <br /> == Disable IPv6 ==<br /> <br /> For current session:<br /> echo 1 > /proc/sys/net/ipv6/conf/<interface-name>/disable_ipv6<br /> echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6<br /> <br /> Permanent:<br /> vi /etc/sysctl.conf<br /> net.ipv6.conf.all.disable_ipv6 = 1<br /> sudo sysctl -p /etc/sysctl.conf<br /> <br /> == Virtual box boot from USB ==<br /> VBoxManage internalcommands createrawvmdk -filename C:\usb.vmdk -rawdisk \\.\PhysicalDrive#<br /> <br /> <br /> == CSF GUI on ISPCONFIG 3 ==<br /> Install old CSF (before 8.13)<br /> <br /> Copy the ISPCONFIG folder to /etc/csf/ and enable CSF in ISPCONFIG<br /> <br /> Backup csfui* files<br /> <br /> Upgrade CSF<br /> <br /> Copy backuped csfui* files back<br /> <br /> Run the following commands:<br /> sed -i 's/checkip/ConfigServer::CheckIP::checkip/g' /usr/local/csf/bin/csfui.pl<br /> sed -i 's/sanity(/ConfigServer::Sanity::sanity(/g' /usr/local/csf/bin/csfui.pl<br /> <br /> <br /> == Max connections on Linux ==<br /> <br /> Add to /etc/sysctl.conf:<br /> <br /> fs.file-max = 70000<br /> net.ipv4.tcp_tw_recycle=0<br /> net.ipv4.tcp_fin_timeout = 10<br /> net.ipv4.ip_local_port_range = 15000 61000<br /> net.core.somaxconn = 1024<br /> net.core.netdev_max_backlog = 2000<br /> <br /> == CSF configuration ==<br /> <br /> ## Automated configuration:<br /> <br /> sed -i 's/TESTING = "1"/TESTING = "0"/' /etc/csf/csf.conf<br /> sed -i 's/RESTRICT_SYSLOG = "0"/RESTRICT_SYSLOG = "3"/' /etc/csf/csf.conf<br /> sed -i 's/IPV6 = "1"/IPV6 = "0"/' /etc/csf/csf.conf<br /> sed -i 's/IGNORE_ALLOW = "0"/IGNORE_ALLOW = "1"/' /etc/csf/csf.conf<br /> sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;70"/' /etc/csf/csf.conf<br /> sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;100;1,443;tcp;100;5"/' /etc/csf/csf.conf<br /> sed -i 's/CT_LIMIT = "0"/CT_LIMIT = "300"/' /etc/csf/csf.conf<br /> <br /> ## Disable LFD alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/LF_EMAIL_ALERT = "1"/LF_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SSH_EMAIL_ALERT = "1"/LF_SSH_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_SU_EMAIL_ALERT = "1"/LF_SU_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_WEBMIN_EMAIL_ALERT = "1"/LF_WEBMIN_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LF_CONSOLE_EMAIL_ALERT = "1"/LF_CONSOLE_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/LT_EMAIL_ALERT = "1"/LT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/CT_EMAIL_ALERT = "1"/CT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PS_EMAIL_ALERT = "1"/PS_EMAIL_ALERT = "0"/' /etc/csf/csf.conf<br /> <br /> ## Disable PT alerts: Only if you want to disable them!!<br /> <br /> sed -i 's/PT_USERPROC = "10"/PT_USERPROC = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERMEM = "256"/PT_USERMEM = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERTIME = "1800"/PT_USERTIME = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_USERKILL_ALERT = "1"/PT_USERKILL_ALERT = "0"/' /etc/csf/csf.conf<br /> sed -i 's/PT_LOAD = "30"/PT_LOAD = "0"/' /etc/csf/csf.conf<br /> <br /> <br /> == Rescan drives ==<br /> <br /> echo "- - -" > /sys/class/scsi_host/host0/scan<br /> <br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> <br /> <br /> == Find PTR owner - reversal ==<br /> <br /> dig 0.168.192.in-addr.arpa. NS<br /> <br /> <br /> == Fix locales in Ubuntu ==<br /> locale-gen en_US.UTF-8<br /> dpkg-reconfigure locales<br /> <br /> <br /> == Change permissions to all files and folders ==<br /> chown `stat -c %U .`.`stat -c %U .` * -R<br /> <br /> == Open last edited file ==<br /> less `ls -dx1tr /usr/local/cpanel/logs/cpbackup/*|tail -1`<br /> <br /> == Clear cache and swap ==<br /> echo 3 > /proc/sys/vm/drop_caches && swapoff -a && swapon -a<br /> <br /> == Disable core files in CPanel accounts ==<br /> <br /> Add this in /etc/sysctl.conf<br /> kernel.core_uses_pid = 0<br /> kernel.core_pattern = /dev/null<br /> <br /> And run:<br /> sysctl -p<br /> <br /> == Add HSTS support in CPANEL ==<br /> cp -p /var/cpanel/templates/apache2_4/ssl_vhost.default /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> vi /var/cpanel/templates/apache2_4/ssl_vhost.local<br /> <br /> Edit:<br /> <VirtualHost[% FOREACH ipblock IN vhost.ips %] [% ipblock.ip %]:[% ipblock.port %][% END %]><br /> # Enable HTTP Strict Transport Security<br /> Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"<br /> <br /> cp -p /var/cpanel/templates/apache2_4/main.default /var/cpanel/templates/apache2_4/main.local<br /> vi /var/cpanel/templates/apache2_4/main.local<br /> <br /> Edit:<br /> [% IF main.sslprotocol.item.sslprotocol.length %]SSLProtocol [% main.sslprotocol.item.sslprotocol %][% END %]<br /> SSLHonorCipherOrder on<br /> <br /> Run:<br /> /scripts/rebuildhttpdconf<br /> service httpd restart<br /> <br /> <br /> == Install mod_pagespeed on WHM ==<br /> <br /> With EA3:<br /> /usr/local/cpanel/3rdparty/bin/git clone https://github.com/pagespeed/cpanel.git /tmp/pagespeed/<br /> cd /tmp/pagespeed/Easy<br /> tar -zcvf Speed.pm.tar.gz pagespeed<br /> mkdir -p /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy<br /> mv Speed.pm Speed.pm.tar.gz -t /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy/<br /> cd && rm -rf /tmp/pagespeed<br /> <br /> With EA4:<br /> <br /> Create file /etc/rpm/macros.apache2 and add the following lines of code exactly as below<br /> %_httpd_mmn 20120211x8664<br /> %_httpd_apxs /usr/bin/apxs<br /> %_httpd_dir /etc/apache2<br /> %_httpd_bindir %{_httpd_dir}/bin<br /> %_httpd_modconfdir %{_httpd_dir}/conf.modules.d<br /> %_httpd_confdir %{_httpd_dir}/conf.d<br /> %_httpd_contentdir /usr/share/apache2<br /> %_httpd_moddir /usr/lib64/apache2/modules<br /> <br /> Next run the following commands in order, make sure you run each command on it’s own<br /> rm -rf /root/rpmbuild/RPMS/x86_64/<br /> wget https://github.com/pagespeed/cpanel/raw/master/EA4/ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpmbuild --rebuild ea-apache24-mod_pagespeed-latest-stable.src.rpm<br /> rpm -Uvh /root/rpmbuild/RPMS/x86_64/ea-apache24-mod_pagespeed*.rpm<br /> /etc/init.d/httpd restart<br /> <br /> <br /> == Resize root partition without reboot ==<br /> <br /> Resize HD size in VC<br /> Run: (replace the device if needed)<br /> echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan<br /> run fdisk:<br /> print the old partition and save the output<br /> delete the root partition<br /> create a new partition using the SAME start block and make sure that the end block is higher than previous one (enter, enter, enter…)<br /> write changes (ignore error)<br /> run:<br /> partx -u /dev/sda<br /> resize2fs -f /dev/sda3<br /> Make sure everything is OK:<br /> df -h<br /> <br /> <br /> == Delete files with a large file list - Argument list too long ==<br /> find . -name '*'|xargs rm<br /> <br /> <br /> == Show all domains in NGINX configuration ==<br /> <br /> grep -e "^\s*server_name" /etc/nginx/conf.d/*|sed -e 's/[\t ]*server_name//g;'|sed -e "s/ /\+/g"|sed -e 's/;//g'|while read line; do for i in $line; do echo -n "$i "|sed -e 's/://' -e 's/\+/\n |--/g'; done ;echo; done; echo<br /> <br /> <br /> == Kill process that runs more than X time ==<br /> <br /> Kill cgi after 30 secs:<br /> for i in `ps -eo pid,etime,cmd|grep cgi|awk '$2 > "00:30" {print $1}'`; do kill $i; done<br /> <br /> <br /> == Unblock Invalid packets in CSF ==<br /> # Drop out of order packets and packets in an INVALID state in iptables<br /> # connection tracking<br /> PACKET_FILTER = "0"<br /> <br /> <br /> == Who uses RAM ==<br /> <br /> ps aux | awk '{print $6/1024 " MB\t\t" $11}' | sort -n<br /> <br /> <br /> <br /> == Fix WHM/CPanel templates ==<br /> <br /> cp /usr/local/apache/conf/httpd.conf{,.cptech-`date +%Y%m%d`}<br /> mv /var/cpanel/templates/apache2_4/vhost.local /var/cpanel/templates/apache2_4/vhost.local.bak<br /> mv /var/cpanel/templates/apache2_4/ssl_vhost.local /var/cpanel/templates/apache2_4/ssl_vhost.local.bak<br /> /scripts/rebuildhttpdconf<br /> /scripts/restartsrv_httpd<br /> <br /> <br /> <br /> == Fix NFS mount on boot - Centos 7 ==<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-idmap.service<br /> [Install]<br /> WantedBy=multi-user.target<br /> <br /> Append text to the end of /usr/lib/systemd/system/nfs-lock.service<br /> [Install]<br /> WantedBy=nfs.target<br /> <br /> Enable related services<br /> <br /> systemctl enable nfs-idmapd.service <br /> systemctl enable rpc-statd.service <br /> systemctl enable rpcbind.socket<br /> <br /> Reboot the server<br /> <br /> <br /> == Login to WHM with link ==<br /> <br /> whmapi1 create_user_session user=root service=whostmgrd locale=en<br /> <br /> <br /> <br /> == Update date and time on Linux server ==<br /> <br /> sudo ntpd -qg; sudo hwclock -w<br /> <br /> <br /> == Clone Linux user ==<br /> <br /> #!/bin/bash<br /> SRC=$1<br /> DEST=$2<br /> <br /> SRC_GROUPS=$(id -Gn ${SRC} | sed "s/${SRC} //g" | sed "s/ ${SRC}//g" | sed "s/ /,/g")<br /> SRC_SHELL=$(awk -F : -v name=${SRC} '(name == $1) { print $7 }' /etc/passwd)<br /> <br /> useradd --groups ${SRC_GROUPS} --shell ${SRC_SHELL} --create-home ${DEST}<br /> passwd ${DEST}<br /> <br /> <br /> == Reload VM after UUID change ==<br /> <br /> vim-cmd vmsvc/getallvms<br /> vim-cmd vmsvc/reload $vmID<br /> <br /> <br /> == Size of suspended accounts in WHM ==<br /> for i in `whmapi1 listsuspended|grep user|cut -d: -f2`; do echo "Suspended account: $i - using" `whmapi1 listaccts search=$i searchtype=user|grep diskused|cut -d: -f2`; done<br /> <br /> <br /> == Clear BOOT on Ubuntu when 100% ==<br /> dpkg --purge `dpkg --list|grep "linux-"|grep -v \`uname -r|sed 's/-generic//g'\`|cut -d" " -f3|grep "[0-9]-"|paste -sd " " -`<br /> <br /> <br /> == One-time login to wordpress ==<br /> <br /> Install wp cli:<br /> <br /> curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar<br /> chmod +x wp-cli.phar<br /> mv wp-cli.phar /usr/local/bin/wp<br /> <br /> Run from the WordPress installed location:<br /> <br /> useradmin=`wp user list --role=administrator --format=csv --allow-root | cut -d',' -f2 | head -2 | tail -1` && wp plugin install one-time-login --activate --allow-root && wp user one-time-login $useradmin --allow-root && user=$(stat -c "%U" `pwd`) && chown $user.$user wp-content/ -R<br /> <br /> <br /> == Cpanel resources consumption history per user ==<br /> <nowiki>OUT=$(/usr/local/cpanel/bin/dcpumonview | grep -v Top | sed -e 's#<[^>]*># #g' | while read i ; do NF=`echo $i | awk {'print NF'}` ; if [[ "$NF" == "5" ]] ; then USER=`echo $i | awk {'print $1'}`; OWNER=`grep -e "^OWNER=" /var/cpanel/users/$USER | cut -d= -f2` ; echo "$OWNER $i"; fi ; done) ; (echo "USER CPU" ; echo "$OUT" | sort -nrk4 | awk '{printf "%s %s%\n",$2,$4}' | head -5) | column -t ;echo;(echo -e "USER MEMORY" ; echo "$OUT" | sort -nrk5 | awk '{printf "%s %s%\n",$2,$5}' | head -5) | column -t ;echo;(echo -e "USER MYSQL" ; echo "$OUT" | sort -nrk6 | awk '{printf "%s %s%\n",$2,$6}' | head -5) | column -t ; </nowiki><br /> <br /> <br /> == Engintron generate custom_rules for all domains on the server. ==<br /> ip=`hostname -i` && for domain in `httpd -S | grep www. | awk -F 'www.' '{print $2}'`;do printf "if ( \$host ~ \"%s\") {set \$PROXY_DOMAIN_OR_IP \"$ip\";}\n" $domain ;done >> /etc/nginx/custom_rules && service nginx reload<br /> <br /> <br /> == Fix Installatron - error 500 or missing list/install ==<br /> /usr/local/installatron/repair -f --release --quick<br /> [https://installatron.com/docs/admin/troubleshooting#missinginstalls Installatron FIX]<br /> <br /> <br /> == Find root of a site and CD to it ==<br /> <br /> Replace domain.com with desired domain<br /> cd `grep "domain.com" /etc/apache2/conf/httpd.conf -A7|grep Root|head -1|awk '{print $2}'`<br /> <br /> <br /> == Generate CSR with OPENSSL ==<br /> <br /> Generate key:<br /> openssl genrsa -out private.key 2048<br /> <br /> Gemnerate CSR:<br /> openssl req -new -sha256 -key private.key -out mycsr.csr<br /> <br /> == Links ==<br /> Installing Redis: [https://troubleshootguru.wordpress.com/2014/11/19/how-to-install-redis-on-a-centos-6-5-centos-7-0-server-2/] [https://www.fastcomet.com/community/question/wordpress-caching-with-redis-centos-cpanel/] [https://nixtree.com/blog/install-redis-daemon-and-redis-php-extention-on-centosrhelcpanel/]<br /> <br /> Windows images [http://torrent-win.net/windows_original/]<br /> <br /> Github: [https://github.com/romanost Github]<br /> <br /> Arista: [https://www.arista.com/assets/data/docs/Manuals/EOS-4.17.0F-Manual.pdf Manual] [https://www.arista.com/en/um-eos/eos-section-3-10-command-line-interface-commands CLI]<br /> <br /> VMware converter old version [http://soft.assenov.net/software/index.php?dir=VMWare/ Link]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Scripts&diff=54 Scripts 2018-06-13T12:23:49Z

<p>Meadmin: </p> <hr /> <div><br /> == Flying replication ==<br /> <br /> rsync -avz 192.168.1.122:/usr/local/apache/conf/ /usr/local/apache/conf/ --delete<br /> rsync -avz 192.168.1.122:/var/named/ /var/named/ --delete<br /> rsync -avz 192.168.1.122:/usr/local/cpanel/ /usr/local/cpanel/ --delete<br /> rsync -avz 192.168.1.122:/var/cpanel/ /var/cpanel --delete<br /> <br /> for x in `cat /etc/trueuserowners|grep -v "#"|cut -d: -f1`;do /usr/local/cpanel/bin/setsiteip -u $x `hostname -i` ;done; <br /> <br /> /scripts/rebuildhttpdconf<br /> <br /> <br /> <br /> == WHM replication to clean server ==<br /> <br /> #!/bin/bash<br /> rsync -avz 192.168.1.21:/etc/apache2/conf/ /etc/httpd/conf/<br /> rsync -avz 192.168.1.21:/var/cpanel/ssl/installed/ /etc/ssl/certs/<br /> rsync -avz 192.168.1.21:/etc/apache2/conf.d/includes/ /etc/httpd/conf.d/includes/<br /> rsync -avz 192.168.1.21:/var/cpanel/ssl/cpanel/ /etc/ssl/certs/cpanel/<br /> sed -i "s/192.168.1.21/`hostname -i`/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/var\/cpanel\/ssl\/installed\//\/etc\/ssl\/certs\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/etc\/apache2\//\/etc\/httpd\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/RewriteMap LeechProtect/\#RewriteMap LeechProtect/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/Mutex file:\/run\/apache2/\#Mutex file:\/run\/apache2/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/apache2/httpd/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/var\/cpanel\/ssl\/cpanel\//\/etc\/ssl\/certs\/cpanel\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/Listen \[\:\:\]\:80/\#Listen \[\:\:\]\:80/g" /etc/httpd/conf/httpd.conf<br /> <br /> rsync -avz 192.168.1.21:/opt/cpanel/ea-php55/root/etc/php.ini /etc/<br /> rsync -avz 192.168.1.21:/etc/passwd /tmp/passwd<br /> rsync -avz 192.168.1.21:/etc/group /tmp/group<br /> <br /> var1=`cat /etc/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> var2=`cat /tmp/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> <br /> c1=`cat /etc/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> c2=`cat /tmp/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> <br /> if [ $c2 -gt $c1 ]; then<br /> newone=`comm --nocheck-order -13 <(echo $var1) <(echo $var2)`<br /> echo $newone >> /etc/passwd<br /> fi<br /> <br /> var1=`cat /etc/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> var2=`cat /tmp/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> <br /> c1=`cat /etc/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> c2=`cat /tmp/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> <br /> if [ $c2 -gt $c1 ]; then<br /> newone=`comm --nocheck-order -13 <(echo $var1) <(echo $var2)`<br /> echo $newone >> /etc/group<br /> fi<br /> <br /> == WHM replicate suphp to clean server ==<br /> <br /> scp /usr/lib64/httpd/modules/mod_suphp.so 172.18.0.6:/usr/lib64/httpd/modules/<br /> scp /etc/httpd/conf.modules.d/90-suphp.conf 172.18.0.6:/etc/httpd/conf.modules.d/<br /> scp /usr/lib64/httpd/modules/mod_suphp.so 172.18.0.6:/usr/lib64/httpd/modules/<br /> scp /usr/sbin/suphp 172.18.0.6:/usr/sbin/<br /> scp /etc/suphp.conf 172.18.0.6:/etc/<br /> scp /etc/httpd/conf.d/php.conf 172.18.0.6:/etc/httpd/conf.d/<br /> scp /etc/httpd/conf.modules.d/10-php.conf 172.18.0.6:/etc/httpd/conf.modules.d/<br /> <br /> chown root.nobody /usr/sbin/suphp<br /> chmod 4750 /usr/sbin/suphp<br /> <br /> <br /> == Sync nginx conf ==<br /> <br /> #!/bin/bash<br /> <br /> servs=(192.168.0.11 192.168.0.12 192.168.0.15 192.168.0.16 192.168.0.17 192.168.0.19 192.168.0.20 192.168.0.21 192.168.0.22 192.168.0.23 192.168.0.24 192.168.0.26 192.168.0.115 192.168.0.116 192.168.0.117 192.168.0.118 192.168.0.29 192.168.0.30)<br /> <br /> for i in "${servs[@]}"<br /> do<br /> echo $i<br /> scp nginx_conf/nginx.conf $i:/etc/nginx/<br /> scp nginx_conf/.htpasswd $i:/etc/nginx/<br /> scp -r nginx_conf/conf.d $i:/etc/nginx/<br /> ssh $i 'sed -i "s/Lxxx/`echo L\`hostname|cut -d "-" -f1|sed "s/web//"\``/g" /etc/nginx/conf.d/* && service nginx restart'<br /> done<br /> <br /> == Manage CWM auto start and stop server ==<br /> <br /> #!/bin/bash<br /> . keys.sh<br /> <br /> <br /> minservs=4<br /> maxservs=8<br /> locon=2500<br /> hicon=8000<br /> <br /> servs=($serv_01 $serv_02 $serv_03 $serv_04 $serv_05 $serv_06 $serv_07 $serv_08)<br /> onservs=0<br /> conns=0<br /> #echo ${servs[@]}<br /> <br /> for i in "${servs[@]}"<br /> do<br /> readarray -t values < <(curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" "https://console.cloudwm.com/service/server/${i}"|/root/api/jq -r '(map(values))[]') # | egrep "power|ip"<br /> #echo ${values[6]} ##power<br /> #echo ${values[14]} |sed 's/\"//g' ##ips<br /> if [ ${values[6]} == 'on' ]; then <br /> #onservs=$((onservs+1))<br /> ((onservs++))<br /> ip=$(echo ${values[14]} |tr -d \"\'\",\") ##ips<br /> curcon=$(ssh $ip "netstat -ant | grep :80 | wc -l")<br /> #echo $ip , $curcon<br /> conns=$((conns+curcon))<br /> fi<br /> #declare -p values<br /> done<br /> <br /> #echo "On servers: " $onservs<br /> #echo "Connections: " $conns<br /> <br /> mid=$((conns/onservs))<br /> #echo "mid: " $mid<br /> <br /> if [[ $mid > $hicon ]] && [[ $onservs < $maxservs ]]; then ## power on +1<br /> #echo "hi"<br /> srv=${servs[onservs]}<br /> #echo $srv<br /> curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" -X PUT -d "power=on" "https://console.cloudwm.com/service/server/${srv}/power"<br /> <br /> elif [[ $mid < $locon ]] && [[ $onservs > $minservs ]]; then ## power off -1<br /> #echo "lo" $onservs<br /> srv=${servs[onservs-1]}<br /> #echo $srv<br /> curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" -X PUT -d "power=off" "https://console.cloudwm.com/service/server/${srv}/power"<br /> fi<br /> <br /> == SQL dump ==<br /> <br /> <br /> #!/bin/bash<br /> <br /> retain=7 ## days to keep<br /> logdir="/var/www/html/sqlbackups/" ## dumps folder<br /> prename="db_Backup" ## name prefix<br /> postname=".sql.gz" ## name suffix<br /> mailaddr="eitani@gmail.com"<br /> <br /> dumpcmd="mysqldump --all-databases"<br /> date=`date +"%d%b%y"`<br /> tmst='date +%Y%m%d-%H%M%S.%N'<br /> outstr="[`$tmst`]: Dump started\n"<br /> <br /> fullname=$logdir$prename"_"$date$postname<br /> <br /> if [ -z "$logdir" ]; then<br /> outstr=$outstr"[`$tmst`]: Log directory not set\n"<br /> out=1<br /> else<br /> outstr=$outstr"[`$tmst`]: Running dump $dumpcmd | gzip -c > $fullname\n"<br /> $dumpcmd | gzip -c > $fullname<br /> out=$?<br /> fi<br /> <br /> if <nowiki>[[ $out = 0 ]]; then </nowiki><br /> outstr=$outstr"[`$tmst`]: Dump done, file: $fullname\n"<br /> outstr=$outstr"[`$tmst`]: Deleting old backups (older than $retain days) from folder: $logdir\n"<br /> outstr=$outstr"[`$tmst`]: Files to be deleted: `find $logdir -type f -mtime +$retain `\n"<br /> `find $logdir -type f -mtime +$retain -exec rm {} \;`<br /> else<br /> outstr=$outstr"[`$tmst`]: Dump failed\n"<br /> fi<br /> <br /> outstr=$outstr"[`$tmst`]: Script done\n"<br /> <br /> #echo -e $outstr<br /> <br /> mailtxt="Subject: SQLdump on webbit server\nFrom: script@webbit.web\nTo: $mailaddr\n\n$outstr"<br /> echo -e $mailtxt | sendmail -t<br /> <br /> <br /> == Check DNS zones ==<br /> <br /> #!/bin/bash<br /> <br /> iparr=()<br /> ipbad=()<br /> <br /> tempfile="/tmp/zonetempfile.db"<br /> backupdir="/root/oldzones"<br /> <br /> getzones () {<br /> zones=($(find /var/named/*.db -printf '%f\n'|sed 's/\.db//g'))<br /> #echo $zones<br /> }<br /> <br /> findoffs () {<br /> fl=$1<br /> a=()<br /> #echo "File: " $fl<br /> #cat $fl | while read line<br /> #do<br /> while read -r line<br /> do<br /> #echo "line: "$line<br /> <nowiki> if [[ "${line:0:1}" == ";" ]] && [[ $line == *"IN A"* ]] ; then</nowiki><br /> addr=$(echo $line|awk '{print $4}')<br /> #echo "adr:" $addr<br /> checkip $addr<br /> #echo done<br /> changed+=($res)<br /> fi<br /> done < <(cat $fl)<br /> #done<br /> }<br /> <br /> checkip () {<br /> ipad=$1<br /> #echo $ipad<br /> if [[ "${iparr[@]}" =~ "i${ipad}i" ]]; then<br /> #if [[ "${iparr[@]}" == "${ipad}" ]]; then<br /> #echo "Found: " $ipad<br /> return 0<br /> elif [[ "${ipbad[@]}" =~ "i${ipad}i" ]]; then<br /> #echo "found bad: " $ipad<br /> return 1<br /> else<br /> #echo "Not found: " $ipad<br /> timeout 2 ping -c 1 $addr > /dev/null<br /> res=$?<br /> ii="i"$ipad"i"<br /> if [[ $res == 0 ]]; then<br /> #echo $ii<br /> #iparr+=($ipad)<br /> iparr+=($ii)<br /> #echo "add to good: "$ii<br /> return 0<br /> else<br /> ipbad+=($ii)<br /> #echo "add to bad: "$ii ", old: "${ipbad[@]}<br /> return 1<br /> fi<br /> #echo "no"<br /> fi<br /> }<br /> <br /> parsezone () {<br /> zone=$1<br /> #echo "Zone: " $zone<br /> fname="/var/named/$1.db"<br /> #echo "Name: " $fname<br /> parsed=($(named-checkzone -q -i none -s full -D $1 /var/named/$1.db | egrep "IN SOA|IN A"))<br /> #for i in `named-checkzone -q -i none -s full -D $1 /var/named/$1.db | egrep "IN SOA|IN A"`<br /> #do<br /> # echo "u: " $i<br /> #done<br /> <br /> <br /> #echo "Parsed: " $parsed<br /> for i in ${parsed[@]}<br /> do<br /> #echo "z: " $zone "i: " $i<br /> if [[ $i == *"SOA"* ]]; then<br /> ser=$(echo $i|awk '{print $7}')<br /> #echo "Ser: " $ser<br /> elif [[ $i == *"IN A"* ]]; then<br /> host=$(echo $i|awk '{print $1}')<br /> addr=$(echo $i|awk '{print $5}')<br /> #echo "Pinging: *"$addr"*"<br /> #timeout 3 ping -c 1 $addr #> /dev/null<br /> checkip $addr<br /> res=$?<br /> let changed+=($res)<br /> if [[ $res > 0 ]]; then<br /> toblock+=($addr)<br /> fi<br /> #echo "Host: " $host "Addr: " $addr "Res: " $res<br /> fi<br /> done<br /> #echo "Block: " $toblock<br /> #echo "Parsed: " ${parsed[@]}<br /> #sers=$(echo $parsed|grep SOA|awk '{print $7}')<br /> #sers=$(echo $parsed|grep SOA)<br /> #arec=$(echo $parsed|grep "IN A")<br /> #echo "ser: " $sers<br /> #echo ${arec[@]}<br /> #for i in "${arec[@]}"<br /> #do<br /> # echo "As: " $i<br /> #done<br /> }<br /> <br /> updatezone () {<br /> uzone=$1<br /> zname=$2<br /> newser=$((ser+1))<br /> #echo "old ser" $ser<br /> #echo "new ser" $newser<br /> cp $zname /root/scripts/<br /> <br /> sed -i "s/$ser/$newser/" $zname # update serial<br /> infile=$(cat $zname)<br /> #outfile="z.z"<br /> outfile=tempfile<br /> > $outfile<br /> #echo $infile<br /> for f1 in $infile<br /> do<br /> #echo " - "$f1<br /> newline=$f1<br /> if [[ "${f1:0:1}" == ";" ]] && [[ $f1 == *"IN A"* ]] ; then<br /> fip=$(echo $f1|awk '{print $4}')<br /> #echo "add: "$fip<br /> if ! [[ "${ipbad[@]}" =~ "i${fip}i" ]]; then<br /> #echo "remove from bad" $fip<br /> newline=$(echo $f1|sed -r 's/^.{1}//')<br /> #echo "new: "$newline<br /> fi<br /> elif [[ $f1 == *"IN A"* ]]; then<br /> fip=$(echo $f1|awk '{print $4}')<br /> #echo "add: "$fip<br /> if ! [[ "${iparr[@]}" =~ "i${fip}i" ]]; then<br /> #echo "remove from good" $fip<br /> newline=";"$f1<br /> #echo "new: "$newline<br /> fi<br /> fi<br /> echo $newline >> $outfile<br /> done<br /> cat $outfile > $zname<br /> }<br /> <br /> IFS='<br /> '<br /> <br /> #zone="eye-t.co.il"<br /> getzones<br /> #echo $zones<br /> <br /> #if [ ! -d $backupdir ]; then<br /> # echo "nofolder"<br /> # mkdir $backupdir<br /> #fi<br /> <br /> curdate=$(date +"%Y%m%d-%H%M%S")<br /> <br /> #echo $curdate<br /> <br /> for zone in "${zones[@]}"<br /> do<br /> changed=0<br /> toblock=()<br /> toallow=()<br /> <br /> parsezone $zone<br /> #echo $fname<br /> findoffs $fname<br /> #echo "change: " $changed<br /> #echo "good: " ${iparr[@]}<br /> #echo "bad: " ${ipbad[@]}<br /> if [[ $changed > 0 ]]; then<br /> if [ ! -d $backupdir/$curdate ]; then<br /> mkdir $backupdir/$curdate -p<br /> fi<br /> echo "zone: " $zone "changed!!!"<br /> cp $fname $backupdir/$curdate/<br /> updatezone $zone $fname<br /> fi<br /> done<br /> <br /> <br /> <br /> == Get all CFS users ==<br /> <br /> After login, save the cookie.<br /> <br /> Get all organizations:<br /> curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/groups?size=500&sortBy=name&sortAsc=true&filter=&from="|jq -r '(map(values))[]'|grep "\"id"|cut -d"\"" -f4<br /> <br /> Get users of an organization:<br /> curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/group/$i"|jq -r '(map(values))[]'|grep "email"|cut -d"\"" -f4<br /> <br /> Get full list of all users:<br /> IFS=$'\n' ; for i in `curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/groups?size=500&sortBy=name&sortAsc=true&filter=&from="|jq -r '(map(values))[]'|grep "\"id"|cut -d"\"" -f4`; do z=$(echo $i|sed 's/ /%20/g') ; curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/group/$z"|jq -r '(map(values))[]'|grep "email"|cut -d"\"" -f4;done<br /> <br /> <br /> <br /> <br /> == Clone servers ==<br /> <br /> #!/bin/bash<br /> ########################################### README ###########################################################################<br /> ## make sure to use followin jq binary: https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 <br /> ## before running the script change, parameters in settings and copy ssh key to all haproxies<br /> ## made for web servers only , modify the function if you wish to use for different balancing modes<br /> #####################################################################################################################################<br /> <br /> while [ -z $numbers ];do<br /> <br /> read -p "How many servers you want to clone?: " numbers<br /> <br /> done<br /> <br /> cloneServer () {<br /> <br /> ################ Settings ################<br /> src="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"<br /> clientId="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"<br /> secret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"<br /> haproxy1="xxx.xxx.xx.xx"<br /> haproxy2="xxx.xxx.xxx.xx"<br /> prefix="web"<br /> domainsuff="example.com"<br /> dc="IL"<br /> cpu="1D"<br /> billing="hourly"<br /> power="on"<br /> port="80" <br /> ############### END SETTINGS #############<br /> <br /> NC='\033[0m'<br /> GREEN='\033[0;32m'<br /> YELLOW='\033[0;33m'<br /> <br /> last=$(curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" "https://api.cloudwm.com/service/servers" | jq '.[] | select( .datacenter | contains("'"${dc}"'"))' | jq '. | select( .name | startswith("'"${prefix}"'")) | .name' | cut -d'_' -f1 | grep -Eo '[0-9]{1,9}' | tail -1)<br /> <br /> name="${prefix}$((last+1)).${domainsuff}"<br /> <br /> lastname="${prefix}${last}.${domainsuff}"<br /> <br /> <br /> curl -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" -X POST -d "source=${src}&name=${name}&cpu=${cpu}&billing=${billing}&power=${power}" "https://console.clubvps.com/service/server"<br /> <br /> echo ""<br /> <br /> while [ -z "$newserverid" ] ;do<br /> <br /> newserverid=$(curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" "https://api.cloudwm.com/service/servers" | jq '.[] | select( .datacenter | contains("'"${dc}"'"))' | jq '. | select( .name | startswith("'"${name}"'")) | .id' | cut -d'"' -f2 | tail -1)<br /> <br /> sleep 5<br /> <br /> echo -e ${YELLOW}Waiting for new server named: ${GREEN}${name}${NC} ${YELLOW}to clone${NC}<br /> <br /> done<br /> <br /> newserverip=`curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" "https://api.cloudwm.com/service/server/${newserverid}" | jq '.networks[].ips[]' | cut -d'"' -f2`<br /> <br /> echo -e created new server named: ${GREEN}${name}${NC} with the ip: ${GREEN}${newserverip}${NC}<br /> <br /> echo -e ${GREEN}updating haproxies${NC}<br /> <br /> <br /> ssh root@${haproxy1} 'export '"lastname=$lastname"' && lastad=$(cat /etc/haproxy/haproxy.cfg | grep -e $lastname) && echo sed -i \"/${lastad}/a server '"${name}"' '"${newserverip}"':'"${port}"' check\" /etc/haproxy/haproxy.cfg > cmd.txt | cat cmd.txt|bash && service haproxy reload'<br /> ssh root@${haproxy1} 'export '"lastname=$lastname"' && lastad=$(cat /etc/haproxy/haproxy.cfg | grep -e $lastname) && echo sed -i \"/${lastad}/a server '"${name}"' '"${newserverip}"':'"${port}"' check\" /etc/haproxy/haproxy.cfg > cmd.txt | cat cmd.txt|bash && service haproxy reload'<br /> <br /> sleep 5<br /> echo -e ${GREEN}done${NC}<br /> <br /> <br /> <br /> }<br /> <br /> while [ $numbers -gt 0 ];<br /> do<br /> <br /> cloneServer;<br /> <br /> numbers=$(($numbers-1))<br /> <br /> done</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Windows&diff=53 Windows 2018-06-04T09:34:49Z

<p>Meadmin: </p> <hr /> <div>== Delete HX user ==<br /> <br /> <br /> $domain = "Domain_name.com"<br /> Get-AddressBookPolicy $domain* | Remove-AddressBookPolicy -Confirm:$false<br /> Get-AddressList $domain* | Remove-AddressList -Confirm:$false<br /> Get-GlobalAddressList $domain* | Remove-GlobalAddressList -Confirm:$false<br /> Get-OfflineAddressBook $domain* | Remove-OfflineAddressBook -Confirm:$false<br /> <br /> <br /> == Identify Worker Process in IIS 7.0 ==<br /> <br /> * From IIS 7.0 you need you to run IIS Command Tool ( appcmd ) .<br /> <br /> * Start > Run > Cmd<br /> * Go To Windows > System32 > Inetsrv<br /> * Run appcmd list wp<br /> <br /> <br /> <br /> == Installing terminal licenses server 2012 2008 R2 ==<br /> <br /> * In powershell enter the following commands:<br /> <br /> $obj = gwmi -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting<br /> $obj.ChangeMode(4)<br /> $obj.SetSpecifiedLicenseServerList("$env:computername")<br /> $obj.GetSpecifiedLicenseServerList()<br /> <br /> <br /> == Remote control windows server 2012 ==<br /> <br /> qwinsta<br /> mstsc.exe /shadow:sessionID /control /noConsentPrompt<br /> <br /> <br /> == Export IIS bindings ==<br /> <br /> %windir%\system32\inetsrv\appcmd list site > c:\sites-list.txt<br /> <br /> <br /> == Fix DCOM permissions error ==<br /> https://www.tenforums.com/general-support/69270-dcom-error-10016-re-appid-f72671a9-012c-4725-9d2f-2a4d32d65169.html<br /> <br /> Run regedit and let it search for the first Hive Key.<br /> Right click it and select "Permissions" A box will pop up. Tick "Advanced" <br /> Another box appears and you will see that the Hive Key is owned by "Trusted Installer"<br /> <br /> Click on "Change" and type "Administrators" (without the quotation marks). Click apply and OK until your back into the first panel. Select Administrators from the list there and click on the "Full Control" check box.<br /> <br /> Now do the same for the next Hive Key.<br /> <br /> Leave Regedit open and run dcomcnfg. Click on the right hand side object until you see dcomconfig. Double click it and scroll down to the object named:<br /> <br /> {F72671A9-012C-4725-9D2F-2A4D32D65169}<br /> <br /> Right click that and select "Properties". Under "Launch and Activation" click on "Edit" . Add User "SYSTEM" (no quotes),<br /> Click OK. Back in the first panel select "SYSTEM" and click on the local permissions. <br /> <br /> Close dcomcnfg and go back to regedit. In there you need to grant back ownership to the original owners.<br /> In this case one Hive Key was owned by "SYSTEM" the other by "TrustedInstaller" (type: NT SERVICE\TrustedInstaller)<br /> <br /> <br /> == Links ==<br /> <br /> IIS 8.5 A+ SSL Labs [https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12]</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Scripts&diff=52 Scripts 2018-05-22T13:24:01Z

<p>Meadmin: </p> <hr /> <div><br /> == Flying replication ==<br /> <br /> rsync -avz 192.168.1.122:/usr/local/apache/conf/ /usr/local/apache/conf/ --delete<br /> rsync -avz 192.168.1.122:/var/named/ /var/named/ --delete<br /> rsync -avz 192.168.1.122:/usr/local/cpanel/ /usr/local/cpanel/ --delete<br /> rsync -avz 192.168.1.122:/var/cpanel/ /var/cpanel --delete<br /> <br /> for x in `cat /etc/trueuserowners|grep -v "#"|cut -d: -f1`;do /usr/local/cpanel/bin/setsiteip -u $x `hostname -i` ;done; <br /> <br /> /scripts/rebuildhttpdconf<br /> <br /> <br /> <br /> == WHM replication to clean server ==<br /> <br /> #!/bin/bash<br /> rsync -avz 192.168.1.21:/etc/apache2/conf/ /etc/httpd/conf/<br /> rsync -avz 192.168.1.21:/var/cpanel/ssl/installed/ /etc/ssl/certs/<br /> rsync -avz 192.168.1.21:/etc/apache2/conf.d/includes/ /etc/httpd/conf.d/includes/<br /> rsync -avz 192.168.1.21:/var/cpanel/ssl/cpanel/ /etc/ssl/certs/cpanel/<br /> sed -i "s/192.168.1.21/`hostname -i`/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/var\/cpanel\/ssl\/installed\//\/etc\/ssl\/certs\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/etc\/apache2\//\/etc\/httpd\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/RewriteMap LeechProtect/\#RewriteMap LeechProtect/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/Mutex file:\/run\/apache2/\#Mutex file:\/run\/apache2/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/apache2/httpd/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/var\/cpanel\/ssl\/cpanel\//\/etc\/ssl\/certs\/cpanel\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/Listen \[\:\:\]\:80/\#Listen \[\:\:\]\:80/g" /etc/httpd/conf/httpd.conf<br /> <br /> rsync -avz 192.168.1.21:/opt/cpanel/ea-php55/root/etc/php.ini /etc/<br /> rsync -avz 192.168.1.21:/etc/passwd /tmp/passwd<br /> rsync -avz 192.168.1.21:/etc/group /tmp/group<br /> <br /> var1=`cat /etc/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> var2=`cat /tmp/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> <br /> c1=`cat /etc/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> c2=`cat /tmp/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> <br /> if [ $c2 -gt $c1 ]; then<br /> newone=`comm --nocheck-order -13 <(echo $var1) <(echo $var2)`<br /> echo $newone >> /etc/passwd<br /> fi<br /> <br /> var1=`cat /etc/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> var2=`cat /tmp/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> <br /> c1=`cat /etc/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> c2=`cat /tmp/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> <br /> if [ $c2 -gt $c1 ]; then<br /> newone=`comm --nocheck-order -13 <(echo $var1) <(echo $var2)`<br /> echo $newone >> /etc/group<br /> fi<br /> <br /> == WHM replicate suphp to clean server ==<br /> <br /> scp /usr/lib64/httpd/modules/mod_suphp.so 172.18.0.6:/usr/lib64/httpd/modules/<br /> scp /etc/httpd/conf.modules.d/90-suphp.conf 172.18.0.6:/etc/httpd/conf.modules.d/<br /> scp /usr/lib64/httpd/modules/mod_suphp.so 172.18.0.6:/usr/lib64/httpd/modules/<br /> scp /usr/sbin/suphp 172.18.0.6:/usr/sbin/<br /> scp /etc/suphp.conf 172.18.0.6:/etc/<br /> scp /etc/httpd/conf.d/php.conf 172.18.0.6:/etc/httpd/conf.d/<br /> scp /etc/httpd/conf.modules.d/10-php.conf 172.18.0.6:/etc/httpd/conf.modules.d/<br /> <br /> chown root.nobody /usr/sbin/suphp<br /> chmod 4750 /usr/sbin/suphp<br /> <br /> <br /> == Sync nginx conf ==<br /> <br /> #!/bin/bash<br /> <br /> servs=(192.168.0.11 192.168.0.12 192.168.0.15 192.168.0.16 192.168.0.17 192.168.0.19 192.168.0.20 192.168.0.21 192.168.0.22 192.168.0.23 192.168.0.24 192.168.0.26 192.168.0.115 192.168.0.116 192.168.0.117 192.168.0.118 192.168.0.29 192.168.0.30)<br /> <br /> for i in "${servs[@]}"<br /> do<br /> echo $i<br /> scp nginx_conf/nginx.conf $i:/etc/nginx/<br /> scp nginx_conf/.htpasswd $i:/etc/nginx/<br /> scp -r nginx_conf/conf.d $i:/etc/nginx/<br /> ssh $i 'sed -i "s/Lxxx/`echo L\`hostname|cut -d "-" -f1|sed "s/web//"\``/g" /etc/nginx/conf.d/* && service nginx restart'<br /> done<br /> <br /> == Manage CWM auto start and stop server ==<br /> <br /> #!/bin/bash<br /> . keys.sh<br /> <br /> <br /> minservs=4<br /> maxservs=8<br /> locon=2500<br /> hicon=8000<br /> <br /> servs=($serv_01 $serv_02 $serv_03 $serv_04 $serv_05 $serv_06 $serv_07 $serv_08)<br /> onservs=0<br /> conns=0<br /> #echo ${servs[@]}<br /> <br /> for i in "${servs[@]}"<br /> do<br /> readarray -t values < <(curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" "https://console.cloudwm.com/service/server/${i}"|/root/api/jq -r '(map(values))[]') # | egrep "power|ip"<br /> #echo ${values[6]} ##power<br /> #echo ${values[14]} |sed 's/\"//g' ##ips<br /> if [ ${values[6]} == 'on' ]; then <br /> #onservs=$((onservs+1))<br /> ((onservs++))<br /> ip=$(echo ${values[14]} |tr -d \"\'\",\") ##ips<br /> curcon=$(ssh $ip "netstat -ant | grep :80 | wc -l")<br /> #echo $ip , $curcon<br /> conns=$((conns+curcon))<br /> fi<br /> #declare -p values<br /> done<br /> <br /> #echo "On servers: " $onservs<br /> #echo "Connections: " $conns<br /> <br /> mid=$((conns/onservs))<br /> #echo "mid: " $mid<br /> <br /> if [[ $mid > $hicon ]] && [[ $onservs < $maxservs ]]; then ## power on +1<br /> #echo "hi"<br /> srv=${servs[onservs]}<br /> #echo $srv<br /> curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" -X PUT -d "power=on" "https://console.cloudwm.com/service/server/${srv}/power"<br /> <br /> elif [[ $mid < $locon ]] && [[ $onservs > $minservs ]]; then ## power off -1<br /> #echo "lo" $onservs<br /> srv=${servs[onservs-1]}<br /> #echo $srv<br /> curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" -X PUT -d "power=off" "https://console.cloudwm.com/service/server/${srv}/power"<br /> fi<br /> <br /> == SQL dump ==<br /> <br /> <br /> #!/bin/bash<br /> <br /> retain=7 ## days to keep<br /> logdir="/var/www/html/sqlbackups/" ## dumps folder<br /> prename="db_Backup" ## name prefix<br /> postname=".sql.gz" ## name suffix<br /> mailaddr="eitani@gmail.com"<br /> <br /> dumpcmd="mysqldump --all-databases"<br /> date=`date +"%d%b%y"`<br /> tmst='date +%Y%m%d-%H%M%S.%N'<br /> outstr="[`$tmst`]: Dump started\n"<br /> <br /> fullname=$logdir$prename"_"$date$postname<br /> <br /> if [ -z "$logdir" ]; then<br /> outstr=$outstr"[`$tmst`]: Log directory not set\n"<br /> out=1<br /> else<br /> outstr=$outstr"[`$tmst`]: Running dump $dumpcmd | gzip -c > $fullname\n"<br /> $dumpcmd | gzip -c > $fullname<br /> out=$?<br /> fi<br /> <br /> if <nowiki>[[ $out = 0 ]]; then </nowiki><br /> outstr=$outstr"[`$tmst`]: Dump done, file: $fullname\n"<br /> outstr=$outstr"[`$tmst`]: Deleting old backups (older than $retain days) from folder: $logdir\n"<br /> outstr=$outstr"[`$tmst`]: Files to be deleted: `find $logdir -type f -mtime +$retain `\n"<br /> `find $logdir -type f -mtime +$retain -exec rm {} \;`<br /> else<br /> outstr=$outstr"[`$tmst`]: Dump failed\n"<br /> fi<br /> <br /> outstr=$outstr"[`$tmst`]: Script done\n"<br /> <br /> #echo -e $outstr<br /> <br /> mailtxt="Subject: SQLdump on webbit server\nFrom: script@webbit.web\nTo: $mailaddr\n\n$outstr"<br /> echo -e $mailtxt | sendmail -t<br /> <br /> <br /> == Check DNS zones ==<br /> <br /> #!/bin/bash<br /> <br /> iparr=()<br /> ipbad=()<br /> <br /> tempfile="/tmp/zonetempfile.db"<br /> backupdir="/root/oldzones"<br /> <br /> getzones () {<br /> zones=($(find /var/named/*.db -printf '%f\n'|sed 's/\.db//g'))<br /> #echo $zones<br /> }<br /> <br /> findoffs () {<br /> fl=$1<br /> a=()<br /> #echo "File: " $fl<br /> #cat $fl | while read line<br /> #do<br /> while read -r line<br /> do<br /> #echo "line: "$line<br /> <nowiki> if [[ "${line:0:1}" == ";" ]] && [[ $line == *"IN A"* ]] ; then</nowiki><br /> addr=$(echo $line|awk '{print $4}')<br /> #echo "adr:" $addr<br /> checkip $addr<br /> #echo done<br /> changed+=($res)<br /> fi<br /> done < <(cat $fl)<br /> #done<br /> }<br /> <br /> checkip () {<br /> ipad=$1<br /> #echo $ipad<br /> if [[ "${iparr[@]}" =~ "i${ipad}i" ]]; then<br /> #if [[ "${iparr[@]}" == "${ipad}" ]]; then<br /> #echo "Found: " $ipad<br /> return 0<br /> elif [[ "${ipbad[@]}" =~ "i${ipad}i" ]]; then<br /> #echo "found bad: " $ipad<br /> return 1<br /> else<br /> #echo "Not found: " $ipad<br /> timeout 2 ping -c 1 $addr > /dev/null<br /> res=$?<br /> ii="i"$ipad"i"<br /> if [[ $res == 0 ]]; then<br /> #echo $ii<br /> #iparr+=($ipad)<br /> iparr+=($ii)<br /> #echo "add to good: "$ii<br /> return 0<br /> else<br /> ipbad+=($ii)<br /> #echo "add to bad: "$ii ", old: "${ipbad[@]}<br /> return 1<br /> fi<br /> #echo "no"<br /> fi<br /> }<br /> <br /> parsezone () {<br /> zone=$1<br /> #echo "Zone: " $zone<br /> fname="/var/named/$1.db"<br /> #echo "Name: " $fname<br /> parsed=($(named-checkzone -q -i none -s full -D $1 /var/named/$1.db | egrep "IN SOA|IN A"))<br /> #for i in `named-checkzone -q -i none -s full -D $1 /var/named/$1.db | egrep "IN SOA|IN A"`<br /> #do<br /> # echo "u: " $i<br /> #done<br /> <br /> <br /> #echo "Parsed: " $parsed<br /> for i in ${parsed[@]}<br /> do<br /> #echo "z: " $zone "i: " $i<br /> if [[ $i == *"SOA"* ]]; then<br /> ser=$(echo $i|awk '{print $7}')<br /> #echo "Ser: " $ser<br /> elif [[ $i == *"IN A"* ]]; then<br /> host=$(echo $i|awk '{print $1}')<br /> addr=$(echo $i|awk '{print $5}')<br /> #echo "Pinging: *"$addr"*"<br /> #timeout 3 ping -c 1 $addr #> /dev/null<br /> checkip $addr<br /> res=$?<br /> let changed+=($res)<br /> if [[ $res > 0 ]]; then<br /> toblock+=($addr)<br /> fi<br /> #echo "Host: " $host "Addr: " $addr "Res: " $res<br /> fi<br /> done<br /> #echo "Block: " $toblock<br /> #echo "Parsed: " ${parsed[@]}<br /> #sers=$(echo $parsed|grep SOA|awk '{print $7}')<br /> #sers=$(echo $parsed|grep SOA)<br /> #arec=$(echo $parsed|grep "IN A")<br /> #echo "ser: " $sers<br /> #echo ${arec[@]}<br /> #for i in "${arec[@]}"<br /> #do<br /> # echo "As: " $i<br /> #done<br /> }<br /> <br /> updatezone () {<br /> uzone=$1<br /> zname=$2<br /> newser=$((ser+1))<br /> #echo "old ser" $ser<br /> #echo "new ser" $newser<br /> cp $zname /root/scripts/<br /> <br /> sed -i "s/$ser/$newser/" $zname # update serial<br /> infile=$(cat $zname)<br /> #outfile="z.z"<br /> outfile=tempfile<br /> > $outfile<br /> #echo $infile<br /> for f1 in $infile<br /> do<br /> #echo " - "$f1<br /> newline=$f1<br /> if [[ "${f1:0:1}" == ";" ]] && [[ $f1 == *"IN A"* ]] ; then<br /> fip=$(echo $f1|awk '{print $4}')<br /> #echo "add: "$fip<br /> if ! [[ "${ipbad[@]}" =~ "i${fip}i" ]]; then<br /> #echo "remove from bad" $fip<br /> newline=$(echo $f1|sed -r 's/^.{1}//')<br /> #echo "new: "$newline<br /> fi<br /> elif [[ $f1 == *"IN A"* ]]; then<br /> fip=$(echo $f1|awk '{print $4}')<br /> #echo "add: "$fip<br /> if ! [[ "${iparr[@]}" =~ "i${fip}i" ]]; then<br /> #echo "remove from good" $fip<br /> newline=";"$f1<br /> #echo "new: "$newline<br /> fi<br /> fi<br /> echo $newline >> $outfile<br /> done<br /> cat $outfile > $zname<br /> }<br /> <br /> IFS='<br /> '<br /> <br /> #zone="eye-t.co.il"<br /> getzones<br /> #echo $zones<br /> <br /> #if [ ! -d $backupdir ]; then<br /> # echo "nofolder"<br /> # mkdir $backupdir<br /> #fi<br /> <br /> curdate=$(date +"%Y%m%d-%H%M%S")<br /> <br /> #echo $curdate<br /> <br /> for zone in "${zones[@]}"<br /> do<br /> changed=0<br /> toblock=()<br /> toallow=()<br /> <br /> parsezone $zone<br /> #echo $fname<br /> findoffs $fname<br /> #echo "change: " $changed<br /> #echo "good: " ${iparr[@]}<br /> #echo "bad: " ${ipbad[@]}<br /> if [[ $changed > 0 ]]; then<br /> if [ ! -d $backupdir/$curdate ]; then<br /> mkdir $backupdir/$curdate -p<br /> fi<br /> echo "zone: " $zone "changed!!!"<br /> cp $fname $backupdir/$curdate/<br /> updatezone $zone $fname<br /> fi<br /> done<br /> <br /> <br /> <br /> == Get all CFS users ==<br /> <br /> After login, save the cookie.<br /> <br /> Get all organizations:<br /> curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/groups?size=500&sortBy=name&sortAsc=true&filter=&from="|jq -r '(map(values))[]'|grep "\"id"|cut -d"\"" -f4<br /> <br /> Get users of an organization:<br /> curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/group/$i"|jq -r '(map(values))[]'|grep "email"|cut -d"\"" -f4<br /> <br /> Get full list of all users:<br /> IFS=$'\n' ; for i in `curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/groups?size=500&sortBy=name&sortAsc=true&filter=&from="|jq -r '(map(values))[]'|grep "\"id"|cut -d"\"" -f4`; do z=$(echo $i|sed 's/ /%20/g') ; curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/group/$z"|jq -r '(map(values))[]'|grep "email"|cut -d"\"" -f4;done</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Scripts&diff=51 Scripts 2018-05-22T13:15:49Z

<p>Meadmin: </p> <hr /> <div><br /> == Flying replication ==<br /> <br /> rsync -avz 192.168.1.122:/usr/local/apache/conf/ /usr/local/apache/conf/ --delete<br /> rsync -avz 192.168.1.122:/var/named/ /var/named/ --delete<br /> rsync -avz 192.168.1.122:/usr/local/cpanel/ /usr/local/cpanel/ --delete<br /> rsync -avz 192.168.1.122:/var/cpanel/ /var/cpanel --delete<br /> <br /> for x in `cat /etc/trueuserowners|grep -v "#"|cut -d: -f1`;do /usr/local/cpanel/bin/setsiteip -u $x `hostname -i` ;done; <br /> <br /> /scripts/rebuildhttpdconf<br /> <br /> <br /> <br /> == WHM replication to clean server ==<br /> <br /> #!/bin/bash<br /> rsync -avz 192.168.1.21:/etc/apache2/conf/ /etc/httpd/conf/<br /> rsync -avz 192.168.1.21:/var/cpanel/ssl/installed/ /etc/ssl/certs/<br /> rsync -avz 192.168.1.21:/etc/apache2/conf.d/includes/ /etc/httpd/conf.d/includes/<br /> rsync -avz 192.168.1.21:/var/cpanel/ssl/cpanel/ /etc/ssl/certs/cpanel/<br /> sed -i "s/192.168.1.21/`hostname -i`/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/var\/cpanel\/ssl\/installed\//\/etc\/ssl\/certs\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/etc\/apache2\//\/etc\/httpd\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/RewriteMap LeechProtect/\#RewriteMap LeechProtect/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/Mutex file:\/run\/apache2/\#Mutex file:\/run\/apache2/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/apache2/httpd/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/var\/cpanel\/ssl\/cpanel\//\/etc\/ssl\/certs\/cpanel\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/Listen \[\:\:\]\:80/\#Listen \[\:\:\]\:80/g" /etc/httpd/conf/httpd.conf<br /> <br /> rsync -avz 192.168.1.21:/opt/cpanel/ea-php55/root/etc/php.ini /etc/<br /> rsync -avz 192.168.1.21:/etc/passwd /tmp/passwd<br /> rsync -avz 192.168.1.21:/etc/group /tmp/group<br /> <br /> var1=`cat /etc/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> var2=`cat /tmp/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> <br /> c1=`cat /etc/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> c2=`cat /tmp/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> <br /> if [ $c2 -gt $c1 ]; then<br /> newone=`comm --nocheck-order -13 <(echo $var1) <(echo $var2)`<br /> echo $newone >> /etc/passwd<br /> fi<br /> <br /> var1=`cat /etc/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> var2=`cat /tmp/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> <br /> c1=`cat /etc/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> c2=`cat /tmp/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> <br /> if [ $c2 -gt $c1 ]; then<br /> newone=`comm --nocheck-order -13 <(echo $var1) <(echo $var2)`<br /> echo $newone >> /etc/group<br /> fi<br /> <br /> == WHM replicate suphp to clean server ==<br /> <br /> scp /usr/lib64/httpd/modules/mod_suphp.so 172.18.0.6:/usr/lib64/httpd/modules/<br /> scp /etc/httpd/conf.modules.d/90-suphp.conf 172.18.0.6:/etc/httpd/conf.modules.d/<br /> scp /usr/lib64/httpd/modules/mod_suphp.so 172.18.0.6:/usr/lib64/httpd/modules/<br /> scp /usr/sbin/suphp 172.18.0.6:/usr/sbin/<br /> scp /etc/suphp.conf 172.18.0.6:/etc/<br /> scp /etc/httpd/conf.d/php.conf 172.18.0.6:/etc/httpd/conf.d/<br /> scp /etc/httpd/conf.modules.d/10-php.conf 172.18.0.6:/etc/httpd/conf.modules.d/<br /> <br /> chown root.nobody /usr/sbin/suphp<br /> chmod 4750 /usr/sbin/suphp<br /> <br /> <br /> == Sync nginx conf ==<br /> <br /> #!/bin/bash<br /> <br /> servs=(192.168.0.11 192.168.0.12 192.168.0.15 192.168.0.16 192.168.0.17 192.168.0.19 192.168.0.20 192.168.0.21 192.168.0.22 192.168.0.23 192.168.0.24 192.168.0.26 192.168.0.115 192.168.0.116 192.168.0.117 192.168.0.118 192.168.0.29 192.168.0.30)<br /> <br /> for i in "${servs[@]}"<br /> do<br /> echo $i<br /> scp nginx_conf/nginx.conf $i:/etc/nginx/<br /> scp nginx_conf/.htpasswd $i:/etc/nginx/<br /> scp -r nginx_conf/conf.d $i:/etc/nginx/<br /> ssh $i 'sed -i "s/Lxxx/`echo L\`hostname|cut -d "-" -f1|sed "s/web//"\``/g" /etc/nginx/conf.d/* && service nginx restart'<br /> done<br /> <br /> == Manage CWM auto start and stop server ==<br /> <br /> #!/bin/bash<br /> . keys.sh<br /> <br /> <br /> minservs=4<br /> maxservs=8<br /> locon=2500<br /> hicon=8000<br /> <br /> servs=($serv_01 $serv_02 $serv_03 $serv_04 $serv_05 $serv_06 $serv_07 $serv_08)<br /> onservs=0<br /> conns=0<br /> #echo ${servs[@]}<br /> <br /> for i in "${servs[@]}"<br /> do<br /> readarray -t values < <(curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" "https://console.cloudwm.com/service/server/${i}"|/root/api/jq -r '(map(values))[]') # | egrep "power|ip"<br /> #echo ${values[6]} ##power<br /> #echo ${values[14]} |sed 's/\"//g' ##ips<br /> if [ ${values[6]} == 'on' ]; then <br /> #onservs=$((onservs+1))<br /> ((onservs++))<br /> ip=$(echo ${values[14]} |tr -d \"\'\",\") ##ips<br /> curcon=$(ssh $ip "netstat -ant | grep :80 | wc -l")<br /> #echo $ip , $curcon<br /> conns=$((conns+curcon))<br /> fi<br /> #declare -p values<br /> done<br /> <br /> #echo "On servers: " $onservs<br /> #echo "Connections: " $conns<br /> <br /> mid=$((conns/onservs))<br /> #echo "mid: " $mid<br /> <br /> if [[ $mid > $hicon ]] && [[ $onservs < $maxservs ]]; then ## power on +1<br /> #echo "hi"<br /> srv=${servs[onservs]}<br /> #echo $srv<br /> curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" -X PUT -d "power=on" "https://console.cloudwm.com/service/server/${srv}/power"<br /> <br /> elif [[ $mid < $locon ]] && [[ $onservs > $minservs ]]; then ## power off -1<br /> #echo "lo" $onservs<br /> srv=${servs[onservs-1]}<br /> #echo $srv<br /> curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" -X PUT -d "power=off" "https://console.cloudwm.com/service/server/${srv}/power"<br /> fi<br /> <br /> == SQL dump ==<br /> <br /> <br /> #!/bin/bash<br /> <br /> retain=7 ## days to keep<br /> logdir="/var/www/html/sqlbackups/" ## dumps folder<br /> prename="db_Backup" ## name prefix<br /> postname=".sql.gz" ## name suffix<br /> mailaddr="eitani@gmail.com"<br /> <br /> dumpcmd="mysqldump --all-databases"<br /> date=`date +"%d%b%y"`<br /> tmst='date +%Y%m%d-%H%M%S.%N'<br /> outstr="[`$tmst`]: Dump started\n"<br /> <br /> fullname=$logdir$prename"_"$date$postname<br /> <br /> if [ -z "$logdir" ]; then<br /> outstr=$outstr"[`$tmst`]: Log directory not set\n"<br /> out=1<br /> else<br /> outstr=$outstr"[`$tmst`]: Running dump $dumpcmd | gzip -c > $fullname\n"<br /> $dumpcmd | gzip -c > $fullname<br /> out=$?<br /> fi<br /> <br /> if <nowiki>[[ $out = 0 ]]; then </nowiki><br /> outstr=$outstr"[`$tmst`]: Dump done, file: $fullname\n"<br /> outstr=$outstr"[`$tmst`]: Deleting old backups (older than $retain days) from folder: $logdir\n"<br /> outstr=$outstr"[`$tmst`]: Files to be deleted: `find $logdir -type f -mtime +$retain `\n"<br /> `find $logdir -type f -mtime +$retain -exec rm {} \;`<br /> else<br /> outstr=$outstr"[`$tmst`]: Dump failed\n"<br /> fi<br /> <br /> outstr=$outstr"[`$tmst`]: Script done\n"<br /> <br /> #echo -e $outstr<br /> <br /> mailtxt="Subject: SQLdump on webbit server\nFrom: script@webbit.web\nTo: $mailaddr\n\n$outstr"<br /> echo -e $mailtxt | sendmail -t<br /> <br /> <br /> == Check DNS zones ==<br /> <br /> #!/bin/bash<br /> <br /> iparr=()<br /> ipbad=()<br /> <br /> tempfile="/tmp/zonetempfile.db"<br /> backupdir="/root/oldzones"<br /> <br /> getzones () {<br /> zones=($(find /var/named/*.db -printf '%f\n'|sed 's/\.db//g'))<br /> #echo $zones<br /> }<br /> <br /> findoffs () {<br /> fl=$1<br /> a=()<br /> #echo "File: " $fl<br /> #cat $fl | while read line<br /> #do<br /> while read -r line<br /> do<br /> #echo "line: "$line<br /> <nowiki> if [[ "${line:0:1}" == ";" ]] && [[ $line == *"IN A"* ]] ; then</nowiki><br /> addr=$(echo $line|awk '{print $4}')<br /> #echo "adr:" $addr<br /> checkip $addr<br /> #echo done<br /> changed+=($res)<br /> fi<br /> done < <(cat $fl)<br /> #done<br /> }<br /> <br /> checkip () {<br /> ipad=$1<br /> #echo $ipad<br /> if [[ "${iparr[@]}" =~ "i${ipad}i" ]]; then<br /> #if [[ "${iparr[@]}" == "${ipad}" ]]; then<br /> #echo "Found: " $ipad<br /> return 0<br /> elif [[ "${ipbad[@]}" =~ "i${ipad}i" ]]; then<br /> #echo "found bad: " $ipad<br /> return 1<br /> else<br /> #echo "Not found: " $ipad<br /> timeout 2 ping -c 1 $addr > /dev/null<br /> res=$?<br /> ii="i"$ipad"i"<br /> if [[ $res == 0 ]]; then<br /> #echo $ii<br /> #iparr+=($ipad)<br /> iparr+=($ii)<br /> #echo "add to good: "$ii<br /> return 0<br /> else<br /> ipbad+=($ii)<br /> #echo "add to bad: "$ii ", old: "${ipbad[@]}<br /> return 1<br /> fi<br /> #echo "no"<br /> fi<br /> }<br /> <br /> parsezone () {<br /> zone=$1<br /> #echo "Zone: " $zone<br /> fname="/var/named/$1.db"<br /> #echo "Name: " $fname<br /> parsed=($(named-checkzone -q -i none -s full -D $1 /var/named/$1.db | egrep "IN SOA|IN A"))<br /> #for i in `named-checkzone -q -i none -s full -D $1 /var/named/$1.db | egrep "IN SOA|IN A"`<br /> #do<br /> # echo "u: " $i<br /> #done<br /> <br /> <br /> #echo "Parsed: " $parsed<br /> for i in ${parsed[@]}<br /> do<br /> #echo "z: " $zone "i: " $i<br /> if [[ $i == *"SOA"* ]]; then<br /> ser=$(echo $i|awk '{print $7}')<br /> #echo "Ser: " $ser<br /> elif [[ $i == *"IN A"* ]]; then<br /> host=$(echo $i|awk '{print $1}')<br /> addr=$(echo $i|awk '{print $5}')<br /> #echo "Pinging: *"$addr"*"<br /> #timeout 3 ping -c 1 $addr #> /dev/null<br /> checkip $addr<br /> res=$?<br /> let changed+=($res)<br /> if [[ $res > 0 ]]; then<br /> toblock+=($addr)<br /> fi<br /> #echo "Host: " $host "Addr: " $addr "Res: " $res<br /> fi<br /> done<br /> #echo "Block: " $toblock<br /> #echo "Parsed: " ${parsed[@]}<br /> #sers=$(echo $parsed|grep SOA|awk '{print $7}')<br /> #sers=$(echo $parsed|grep SOA)<br /> #arec=$(echo $parsed|grep "IN A")<br /> #echo "ser: " $sers<br /> #echo ${arec[@]}<br /> #for i in "${arec[@]}"<br /> #do<br /> # echo "As: " $i<br /> #done<br /> }<br /> <br /> updatezone () {<br /> uzone=$1<br /> zname=$2<br /> newser=$((ser+1))<br /> #echo "old ser" $ser<br /> #echo "new ser" $newser<br /> cp $zname /root/scripts/<br /> <br /> sed -i "s/$ser/$newser/" $zname # update serial<br /> infile=$(cat $zname)<br /> #outfile="z.z"<br /> outfile=tempfile<br /> > $outfile<br /> #echo $infile<br /> for f1 in $infile<br /> do<br /> #echo " - "$f1<br /> newline=$f1<br /> if [[ "${f1:0:1}" == ";" ]] && [[ $f1 == *"IN A"* ]] ; then<br /> fip=$(echo $f1|awk '{print $4}')<br /> #echo "add: "$fip<br /> if ! [[ "${ipbad[@]}" =~ "i${fip}i" ]]; then<br /> #echo "remove from bad" $fip<br /> newline=$(echo $f1|sed -r 's/^.{1}//')<br /> #echo "new: "$newline<br /> fi<br /> elif [[ $f1 == *"IN A"* ]]; then<br /> fip=$(echo $f1|awk '{print $4}')<br /> #echo "add: "$fip<br /> if ! [[ "${iparr[@]}" =~ "i${fip}i" ]]; then<br /> #echo "remove from good" $fip<br /> newline=";"$f1<br /> #echo "new: "$newline<br /> fi<br /> fi<br /> echo $newline >> $outfile<br /> done<br /> cat $outfile > $zname<br /> }<br /> <br /> IFS='<br /> '<br /> <br /> #zone="eye-t.co.il"<br /> getzones<br /> #echo $zones<br /> <br /> #if [ ! -d $backupdir ]; then<br /> # echo "nofolder"<br /> # mkdir $backupdir<br /> #fi<br /> <br /> curdate=$(date +"%Y%m%d-%H%M%S")<br /> <br /> #echo $curdate<br /> <br /> for zone in "${zones[@]}"<br /> do<br /> changed=0<br /> toblock=()<br /> toallow=()<br /> <br /> parsezone $zone<br /> #echo $fname<br /> findoffs $fname<br /> #echo "change: " $changed<br /> #echo "good: " ${iparr[@]}<br /> #echo "bad: " ${ipbad[@]}<br /> if [[ $changed > 0 ]]; then<br /> if [ ! -d $backupdir/$curdate ]; then<br /> mkdir $backupdir/$curdate -p<br /> fi<br /> echo "zone: " $zone "changed!!!"<br /> cp $fname $backupdir/$curdate/<br /> updatezone $zone $fname<br /> fi<br /> done<br /> <br /> <br /> <br /> == Get all CFS users ==<br /> <br /> After login, save the cookie.<br /> <br /> Get all organizations:<br /> curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/groups?size=500&sortBy=name&sortAsc=true&filter=&from="|jq -r '(map(values))[]'|grep "\"id"|cut -d"\"" -f4<br /> <br /> Get users of an organization:<br /> curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/group/$i"|jq -r '(map(values))[]'|grep "email"|cut -d"\"" -f4<br /> <br /> Get full list of all users:<br /> for i in `curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/groups?size=500&sortBy=name&sortAsc=true&filter=&from="|jq -r '(map(values))[]'|grep "\"id"|cut -d"\"" -f4`; do curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/group/$i"|jq -r '(map(values))[]'|grep "email"|cut -d"\"" -f4;done</div>

Meadmin https://mywiki.romanost.co.il/index.php?title=Scripts&diff=50 Scripts 2018-05-22T11:54:01Z

<p>Meadmin: </p> <hr /> <div><br /> == Flying replication ==<br /> <br /> rsync -avz 192.168.1.122:/usr/local/apache/conf/ /usr/local/apache/conf/ --delete<br /> rsync -avz 192.168.1.122:/var/named/ /var/named/ --delete<br /> rsync -avz 192.168.1.122:/usr/local/cpanel/ /usr/local/cpanel/ --delete<br /> rsync -avz 192.168.1.122:/var/cpanel/ /var/cpanel --delete<br /> <br /> for x in `cat /etc/trueuserowners|grep -v "#"|cut -d: -f1`;do /usr/local/cpanel/bin/setsiteip -u $x `hostname -i` ;done; <br /> <br /> /scripts/rebuildhttpdconf<br /> <br /> <br /> <br /> == WHM replication to clean server ==<br /> <br /> #!/bin/bash<br /> rsync -avz 192.168.1.21:/etc/apache2/conf/ /etc/httpd/conf/<br /> rsync -avz 192.168.1.21:/var/cpanel/ssl/installed/ /etc/ssl/certs/<br /> rsync -avz 192.168.1.21:/etc/apache2/conf.d/includes/ /etc/httpd/conf.d/includes/<br /> rsync -avz 192.168.1.21:/var/cpanel/ssl/cpanel/ /etc/ssl/certs/cpanel/<br /> sed -i "s/192.168.1.21/`hostname -i`/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/var\/cpanel\/ssl\/installed\//\/etc\/ssl\/certs\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/etc\/apache2\//\/etc\/httpd\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/RewriteMap LeechProtect/\#RewriteMap LeechProtect/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/Mutex file:\/run\/apache2/\#Mutex file:\/run\/apache2/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/apache2/httpd/g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/\/var\/cpanel\/ssl\/cpanel\//\/etc\/ssl\/certs\/cpanel\//g" /etc/httpd/conf/httpd.conf<br /> sed -i "s/Listen \[\:\:\]\:80/\#Listen \[\:\:\]\:80/g" /etc/httpd/conf/httpd.conf<br /> <br /> rsync -avz 192.168.1.21:/opt/cpanel/ea-php55/root/etc/php.ini /etc/<br /> rsync -avz 192.168.1.21:/etc/passwd /tmp/passwd<br /> rsync -avz 192.168.1.21:/etc/group /tmp/group<br /> <br /> var1=`cat /etc/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> var2=`cat /tmp/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> <br /> c1=`cat /etc/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> c2=`cat /tmp/passwd |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> <br /> if [ $c2 -gt $c1 ]; then<br /> newone=`comm --nocheck-order -13 <(echo $var1) <(echo $var2)`<br /> echo $newone >> /etc/passwd<br /> fi<br /> <br /> var1=`cat /etc/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> var2=`cat /tmp/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'`<br /> <br /> c1=`cat /etc/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> c2=`cat /tmp/group |awk -F ':' '$3 > 1000 && $3 < 2000 {print $0}'|wc -l`<br /> <br /> if [ $c2 -gt $c1 ]; then<br /> newone=`comm --nocheck-order -13 <(echo $var1) <(echo $var2)`<br /> echo $newone >> /etc/group<br /> fi<br /> <br /> == WHM replicate suphp to clean server ==<br /> <br /> scp /usr/lib64/httpd/modules/mod_suphp.so 172.18.0.6:/usr/lib64/httpd/modules/<br /> scp /etc/httpd/conf.modules.d/90-suphp.conf 172.18.0.6:/etc/httpd/conf.modules.d/<br /> scp /usr/lib64/httpd/modules/mod_suphp.so 172.18.0.6:/usr/lib64/httpd/modules/<br /> scp /usr/sbin/suphp 172.18.0.6:/usr/sbin/<br /> scp /etc/suphp.conf 172.18.0.6:/etc/<br /> scp /etc/httpd/conf.d/php.conf 172.18.0.6:/etc/httpd/conf.d/<br /> scp /etc/httpd/conf.modules.d/10-php.conf 172.18.0.6:/etc/httpd/conf.modules.d/<br /> <br /> chown root.nobody /usr/sbin/suphp<br /> chmod 4750 /usr/sbin/suphp<br /> <br /> <br /> == Sync nginx conf ==<br /> <br /> #!/bin/bash<br /> <br /> servs=(192.168.0.11 192.168.0.12 192.168.0.15 192.168.0.16 192.168.0.17 192.168.0.19 192.168.0.20 192.168.0.21 192.168.0.22 192.168.0.23 192.168.0.24 192.168.0.26 192.168.0.115 192.168.0.116 192.168.0.117 192.168.0.118 192.168.0.29 192.168.0.30)<br /> <br /> for i in "${servs[@]}"<br /> do<br /> echo $i<br /> scp nginx_conf/nginx.conf $i:/etc/nginx/<br /> scp nginx_conf/.htpasswd $i:/etc/nginx/<br /> scp -r nginx_conf/conf.d $i:/etc/nginx/<br /> ssh $i 'sed -i "s/Lxxx/`echo L\`hostname|cut -d "-" -f1|sed "s/web//"\``/g" /etc/nginx/conf.d/* && service nginx restart'<br /> done<br /> <br /> == Manage CWM auto start and stop server ==<br /> <br /> #!/bin/bash<br /> . keys.sh<br /> <br /> <br /> minservs=4<br /> maxservs=8<br /> locon=2500<br /> hicon=8000<br /> <br /> servs=($serv_01 $serv_02 $serv_03 $serv_04 $serv_05 $serv_06 $serv_07 $serv_08)<br /> onservs=0<br /> conns=0<br /> #echo ${servs[@]}<br /> <br /> for i in "${servs[@]}"<br /> do<br /> readarray -t values < <(curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" "https://console.cloudwm.com/service/server/${i}"|/root/api/jq -r '(map(values))[]') # | egrep "power|ip"<br /> #echo ${values[6]} ##power<br /> #echo ${values[14]} |sed 's/\"//g' ##ips<br /> if [ ${values[6]} == 'on' ]; then <br /> #onservs=$((onservs+1))<br /> ((onservs++))<br /> ip=$(echo ${values[14]} |tr -d \"\'\",\") ##ips<br /> curcon=$(ssh $ip "netstat -ant | grep :80 | wc -l")<br /> #echo $ip , $curcon<br /> conns=$((conns+curcon))<br /> fi<br /> #declare -p values<br /> done<br /> <br /> #echo "On servers: " $onservs<br /> #echo "Connections: " $conns<br /> <br /> mid=$((conns/onservs))<br /> #echo "mid: " $mid<br /> <br /> if [[ $mid > $hicon ]] && [[ $onservs < $maxservs ]]; then ## power on +1<br /> #echo "hi"<br /> srv=${servs[onservs]}<br /> #echo $srv<br /> curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" -X PUT -d "power=on" "https://console.cloudwm.com/service/server/${srv}/power"<br /> <br /> elif [[ $mid < $locon ]] && [[ $onservs > $minservs ]]; then ## power off -1<br /> #echo "lo" $onservs<br /> srv=${servs[onservs-1]}<br /> #echo $srv<br /> curl -s -H "AuthClientId: ${clientId}" -H "AuthSecret: ${secret}" -X PUT -d "power=off" "https://console.cloudwm.com/service/server/${srv}/power"<br /> fi<br /> <br /> == SQL dump ==<br /> <br /> <br /> #!/bin/bash<br /> <br /> retain=7 ## days to keep<br /> logdir="/var/www/html/sqlbackups/" ## dumps folder<br /> prename="db_Backup" ## name prefix<br /> postname=".sql.gz" ## name suffix<br /> mailaddr="eitani@gmail.com"<br /> <br /> dumpcmd="mysqldump --all-databases"<br /> date=`date +"%d%b%y"`<br /> tmst='date +%Y%m%d-%H%M%S.%N'<br /> outstr="[`$tmst`]: Dump started\n"<br /> <br /> fullname=$logdir$prename"_"$date$postname<br /> <br /> if [ -z "$logdir" ]; then<br /> outstr=$outstr"[`$tmst`]: Log directory not set\n"<br /> out=1<br /> else<br /> outstr=$outstr"[`$tmst`]: Running dump $dumpcmd | gzip -c > $fullname\n"<br /> $dumpcmd | gzip -c > $fullname<br /> out=$?<br /> fi<br /> <br /> if <nowiki>[[ $out = 0 ]]; then </nowiki><br /> outstr=$outstr"[`$tmst`]: Dump done, file: $fullname\n"<br /> outstr=$outstr"[`$tmst`]: Deleting old backups (older than $retain days) from folder: $logdir\n"<br /> outstr=$outstr"[`$tmst`]: Files to be deleted: `find $logdir -type f -mtime +$retain `\n"<br /> `find $logdir -type f -mtime +$retain -exec rm {} \;`<br /> else<br /> outstr=$outstr"[`$tmst`]: Dump failed\n"<br /> fi<br /> <br /> outstr=$outstr"[`$tmst`]: Script done\n"<br /> <br /> #echo -e $outstr<br /> <br /> mailtxt="Subject: SQLdump on webbit server\nFrom: script@webbit.web\nTo: $mailaddr\n\n$outstr"<br /> echo -e $mailtxt | sendmail -t<br /> <br /> <br /> == Check DNS zones ==<br /> <br /> #!/bin/bash<br /> <br /> iparr=()<br /> ipbad=()<br /> <br /> tempfile="/tmp/zonetempfile.db"<br /> backupdir="/root/oldzones"<br /> <br /> getzones () {<br /> zones=($(find /var/named/*.db -printf '%f\n'|sed 's/\.db//g'))<br /> #echo $zones<br /> }<br /> <br /> findoffs () {<br /> fl=$1<br /> a=()<br /> #echo "File: " $fl<br /> #cat $fl | while read line<br /> #do<br /> while read -r line<br /> do<br /> #echo "line: "$line<br /> <nowiki> if [[ "${line:0:1}" == ";" ]] && [[ $line == *"IN A"* ]] ; then</nowiki><br /> addr=$(echo $line|awk '{print $4}')<br /> #echo "adr:" $addr<br /> checkip $addr<br /> #echo done<br /> changed+=($res)<br /> fi<br /> done < <(cat $fl)<br /> #done<br /> }<br /> <br /> checkip () {<br /> ipad=$1<br /> #echo $ipad<br /> if [[ "${iparr[@]}" =~ "i${ipad}i" ]]; then<br /> #if [[ "${iparr[@]}" == "${ipad}" ]]; then<br /> #echo "Found: " $ipad<br /> return 0<br /> elif [[ "${ipbad[@]}" =~ "i${ipad}i" ]]; then<br /> #echo "found bad: " $ipad<br /> return 1<br /> else<br /> #echo "Not found: " $ipad<br /> timeout 2 ping -c 1 $addr > /dev/null<br /> res=$?<br /> ii="i"$ipad"i"<br /> if [[ $res == 0 ]]; then<br /> #echo $ii<br /> #iparr+=($ipad)<br /> iparr+=($ii)<br /> #echo "add to good: "$ii<br /> return 0<br /> else<br /> ipbad+=($ii)<br /> #echo "add to bad: "$ii ", old: "${ipbad[@]}<br /> return 1<br /> fi<br /> #echo "no"<br /> fi<br /> }<br /> <br /> parsezone () {<br /> zone=$1<br /> #echo "Zone: " $zone<br /> fname="/var/named/$1.db"<br /> #echo "Name: " $fname<br /> parsed=($(named-checkzone -q -i none -s full -D $1 /var/named/$1.db | egrep "IN SOA|IN A"))<br /> #for i in `named-checkzone -q -i none -s full -D $1 /var/named/$1.db | egrep "IN SOA|IN A"`<br /> #do<br /> # echo "u: " $i<br /> #done<br /> <br /> <br /> #echo "Parsed: " $parsed<br /> for i in ${parsed[@]}<br /> do<br /> #echo "z: " $zone "i: " $i<br /> if [[ $i == *"SOA"* ]]; then<br /> ser=$(echo $i|awk '{print $7}')<br /> #echo "Ser: " $ser<br /> elif [[ $i == *"IN A"* ]]; then<br /> host=$(echo $i|awk '{print $1}')<br /> addr=$(echo $i|awk '{print $5}')<br /> #echo "Pinging: *"$addr"*"<br /> #timeout 3 ping -c 1 $addr #> /dev/null<br /> checkip $addr<br /> res=$?<br /> let changed+=($res)<br /> if [[ $res > 0 ]]; then<br /> toblock+=($addr)<br /> fi<br /> #echo "Host: " $host "Addr: " $addr "Res: " $res<br /> fi<br /> done<br /> #echo "Block: " $toblock<br /> #echo "Parsed: " ${parsed[@]}<br /> #sers=$(echo $parsed|grep SOA|awk '{print $7}')<br /> #sers=$(echo $parsed|grep SOA)<br /> #arec=$(echo $parsed|grep "IN A")<br /> #echo "ser: " $sers<br /> #echo ${arec[@]}<br /> #for i in "${arec[@]}"<br /> #do<br /> # echo "As: " $i<br /> #done<br /> }<br /> <br /> updatezone () {<br /> uzone=$1<br /> zname=$2<br /> newser=$((ser+1))<br /> #echo "old ser" $ser<br /> #echo "new ser" $newser<br /> cp $zname /root/scripts/<br /> <br /> sed -i "s/$ser/$newser/" $zname # update serial<br /> infile=$(cat $zname)<br /> #outfile="z.z"<br /> outfile=tempfile<br /> > $outfile<br /> #echo $infile<br /> for f1 in $infile<br /> do<br /> #echo " - "$f1<br /> newline=$f1<br /> if [[ "${f1:0:1}" == ";" ]] && [[ $f1 == *"IN A"* ]] ; then<br /> fip=$(echo $f1|awk '{print $4}')<br /> #echo "add: "$fip<br /> if ! [[ "${ipbad[@]}" =~ "i${fip}i" ]]; then<br /> #echo "remove from bad" $fip<br /> newline=$(echo $f1|sed -r 's/^.{1}//')<br /> #echo "new: "$newline<br /> fi<br /> elif [[ $f1 == *"IN A"* ]]; then<br /> fip=$(echo $f1|awk '{print $4}')<br /> #echo "add: "$fip<br /> if ! [[ "${iparr[@]}" =~ "i${fip}i" ]]; then<br /> #echo "remove from good" $fip<br /> newline=";"$f1<br /> #echo "new: "$newline<br /> fi<br /> fi<br /> echo $newline >> $outfile<br /> done<br /> cat $outfile > $zname<br /> }<br /> <br /> IFS='<br /> '<br /> <br /> #zone="eye-t.co.il"<br /> getzones<br /> #echo $zones<br /> <br /> #if [ ! -d $backupdir ]; then<br /> # echo "nofolder"<br /> # mkdir $backupdir<br /> #fi<br /> <br /> curdate=$(date +"%Y%m%d-%H%M%S")<br /> <br /> #echo $curdate<br /> <br /> for zone in "${zones[@]}"<br /> do<br /> changed=0<br /> toblock=()<br /> toallow=()<br /> <br /> parsezone $zone<br /> #echo $fname<br /> findoffs $fname<br /> #echo "change: " $changed<br /> #echo "good: " ${iparr[@]}<br /> #echo "bad: " ${ipbad[@]}<br /> if [[ $changed > 0 ]]; then<br /> if [ ! -d $backupdir/$curdate ]; then<br /> mkdir $backupdir/$curdate -p<br /> fi<br /> echo "zone: " $zone "changed!!!"<br /> cp $fname $backupdir/$curdate/<br /> updatezone $zone $fname<br /> fi<br /> done<br /> <br /> <br /> <br /> == Get all CFS users ==<br /> <br /> After login, save the cookie.<br /> <br /> Get all organizations:<br /> curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/groups?size=500&sortBy=name&sortAsc=true&filter=&from="|jq -r '(map(values))[]'|grep "\"id"|awk '{print $2}'|cut -d"\"" -f2<br /> <br /> Get users of an organization:<br /> curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/group/$i"|jq -r '(map(values))[]'|grep "email"|cut -d"\"" -f4<br /> <br /> Get full list of all users:<br /> for i in `curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/groups?size=500&sortBy=name&sortAsc=true&filter=&from="|jq -r '(map(values))[]'|grep "\"id"|awk '{print $2}'|cut -d"\"" -f2`; do curl --cookie "cwmid=001; PHPSESSID=xxx" "https://null.cloudwm.com/svc/fileserver/group/$i"|jq -r '(map(values))[]'|grep "email"|cut -d"\"" -f4;done</div>

Meadmin