Archive for the ‘ cPanel / WHM ’ Category

Dns issue rndc: connect failed: 127.0.0.1#953: connection refused

[root@testserver ~]# /usr/local/cpanel/scripts/fixrndc
warn [fixrndc] /usr/sbin/rndc status failed: WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)rndc: connect failed: 127.0.0.1#953: connection refused

The problem was that you had portreserve reserving port 953 so named could not bind to the port. I moved the offending file out of the way, restarted portreserve & named and was able to resolve the error for you:

[root@testserver ~]# netstat -tplanu|grep :953|grep LIST
[root@ testserver  ~]# cat /etc/portreserve/named/rndc/tcp
[root@ testserver  ~]# mv /etc/portreserve/named /etc/portreserve/.named
[root@ testserver 1 ~]# /etc/init.d/portreserve restart
Stopping portreserve: [ OK ]
Starting portreserve: (not starting, no services registered)
[root@ testserver  ~]# /etc/init.d/named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@ testserver  ~]# netstat -tplanu|grep :953|grep LIST
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 26055/named
[root@ testserver  ~]# rndc reload
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
server reload successful

Now run this command,
[root@ testserver  ~]# /usr/local/cpanel/scripts/fixrndc

IMAPsync

imapsync – Imapsync is a program to synchronise two IMAP mailboxes, mailbox trees or servers.

We can use this tool for migrating emails from the server that we don’t have back-end access.

imapsync installation

perl -MCPAN -e "install Test::Inter"
perl -MCPAN -e "install Parse::RecDescent"
perl -MCPAN -e "install Getopt::Long"
perl -MCPAN -e "CPAN::Shell->force(qw(install Date::Manip));"
perl -MCPAN -e "CPAN::Shell->force(qw(install Mail::IMAPClient));"
perl -MCPAN -e "CPAN::Shell->force(qw(install Term::ReadKey));"

wget http://packages.sw.be/imapsync/imapsync-1.350-1.el5.rf.noarch.rpm
rpm -i --nodeps imapsync-1.350-1.el5.rf.noarch.rpm

Syntax:

imapsync --host1 <Source_Server> --user1  <source_server_username> --password1 <source_server_pass> --host2 <Desination_Server> --user2   <Destination_Server_username> --password2 <Destination_Server_pass>

Eg:

imapsync --host1 source.com --user1  user@source.com --password1 XXXXXXX --host2 localhost --user2  user@destination.com --password2 XXXXXX

Error: If you receive an error like auth [CRAM-MD5]: 2 NO [ALERT] Unsupported authentication mechanism then please add “–noauthmd5” to the above command.

imapsync --host1 source.com --user1 user@source.com --password1 XXXXXXX --host2 localhost --user2 user@destination.com --password2 XXXXXX --noauthmd5

 

RVSiteBuilder Not Showing in cPanel

Soultion 1: Check it's enabled in WHM feature Manager.

Soultion 2: Update RVSiteBuilder

perl /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/autoinstaller.cgi

Soultion 3: Try to register RVSiteBuilder plugin on cPanel, and see if there is any error in registering the pligin. 

I got a GD:Image perl module error in a particular case.

 # /usr/local/cpanel/bin/register_cpanelplugin /var/cpanel/rvglobalsoft/rvsitebuilder/panelmenus/cpanel/cpanelplugin/rvsitebuilder.cpanelplugin 

Install GD:Image using /scripts/perlinstaller  GD --force

2. If this command have fix please goto WHM (root) >> RVSkin Manager >> Config >> Package-Feature Manager 
to enable feature * 

RVSiteBuilder + PEAR Version Issue Error : PEAR version 1.9.2 to parse properly, we are version 1.7.2

PEAR installation problem.

You should not get this problem at all. If you got the “Cannot find pear on this server”, please follow instruction here.

If you run into the problem, please submit us support ticket including root access. Follow this instruction if you want to check it yourself.

1. Locate php_bin

[root@local ~]# /usr/local/bin/pear config-get php_bin
/usr/local/bin/php

2. Locate php_dir

[root@local ~]# /usr/local/bin/pear config-get php_dir
/usr/local/lib/php

3. Replace @PHP-BIN@ on the below commands with the result of 1. and @PHP-DIR@ with the result of 2. and run these commands.

@PHP-BIN@ -C -q -d disable_functions=” -d suhosin.executor.func.blacklist=” -d memory_limit=128M -d max_execution_time=3600 -d include_path=@PHP-DIR@ -d output_buffering=1 -d variables_order=EGPCS -d open_basedir= -d safe_mode=0 -d register_argc_argv=On -d auto_prepend_file= -d auto_append_file= @PHP-DIR@/pearcmd.php  install -f /var/cpanel/rvglobalsoft/rvsitebuilder/scripts/RVSeagullMod-1.0.1.tgz

@PHP-BIN@ -C -q -d disable_functions=” -d suhosin.executor.func.blacklist=” -d memory_limit=128M -d max_execution_time=3600 -d include_path=@PHP-DIR@ -d output_buffering=1 -d variables_order=EGPCS -d open_basedir= -d safe_mode=0 -d register_argc_argv=On -d auto_prepend_file= -d auto_append_file= @PHP-DIR@/pearcmd.php  upgrade -f /var/cpanel/rvglobalsoft/rvsitebuilder/scripts/RVSeagullMod-1.0.1.tgz

Above commands are 1 line command.

To Upgrade PEAR.

Pear upgrade PEAR

OR

Pear upgrade –force PEAR

OR

pear upgrade –force PEAR-1.9.2

Check the Version using pear -V

If you still seeing the old version then check the binary paths, you may have two binaries.

How to Secure your DNS Server

To secure your dns server all you need to do is just add the following lines to your /etc/named.conf file.

1. First you should know the 2 Ips of your dns server. Just open /etc/nameserverips and there you will get the 2 dns ips.

tail /etc/nameserverips

2. Open /etc/named.conf

Look for options { line and above it add these lines

acl “trusted” {
x.x.x.x;
y.y.y.y;
};

where x and y are your 2 dns ips in step (1).

3. Look for line

// query-source address * port 53;

below it , insert the following lines.

version “Bind”;
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

This will disable dns recursion (preventing your server to be open dns server), prevent zone transfers and notification all restricted to your DNS only and not to outside queries. The version will hide the bind version.

4. Prevent DNS Spoofing

If you are running bind 8.x or prior versions, then there is a possibility that your dns server is left unprotected from forged IPs. To prevent this from happening, add this one line in your options

Options {
use-id-pool yes;
}

Once all is complete, restart the named.

service named restart

For more added security, refer to this secure bind template

4. Once everything is done, you will need to check your dns server with online tools like dnsstuff for vulnerabilities.

http://www.pingability.com (free)
http://www.pweb.cz/en/dns-test/ (free)
http://www.intodns.com/ (free)
http://dnsstuff.com (paid)

Testing DNS server with Dig Commands

Dig command to test open dns server

dig @server http://www.example.com

If the server responds resolving the example.com and answers it with IP address, then it is open dns server and it responds to recursive dns queries. Remember this command should only be issued from a shell outside the network or perhaps from another different server.

Dig command to do Zone Transfer

dig domain.com axfr

If you are able to download zone records, then you must disable zone transfer.

Dig command to get version of Bind

Dont show the bind version and if you havent upgraded, it could be subjected to attacks.

dig @server -c CH -t txt version.bind

Secure cPanel Servers

Install Firewall

The very first first step on securing a server is installing a firewall (atleast IP tables based) to close all unused or unwanted ports. Once the firewall is installed it is often considered 50% of work done. You can install CSF firewall or APF firewall. Often BFD (brute force detection) utilities comes with firewall.

We will install CSF (Config security firewall) as it is easy to install with plenty of features and easily integrated to CPanel (if you are running)

wget http://www.configserver.com/free/csf.tgz
tar zxf csf.tar.gz
sh /csf/install.sh

Follow the installer and once installed, you can start the firewall.

csf -s
// start the firewall
csf -r
// restart the firewall
csf -f
// flush the rules or stop the firewall.

Harden SSH server

Very often you will see SSH attacks from various bots trying to get access to your server by connected to port 22 with unlimited number of login attempts to break in to your system. Imagine attacks coming from different IPs can put lot of load in you server. You can trace those failed attempts by checking your log file

cat /var/log/secure
cat /var/log/messages

To harden your SSH server,

  • Run SSH on other port rather than default port 22
  • Disable Root login
  • Use only protocol 2
  • Enable Public key authentication.

Disable Telnet & Other Unused Services

You may want to disable services like telnet, finger and other unwanted services running on your server with xinet.

nano /etc/xinetd.d/telnet
// OR
nano /etc/xinetd.d/krb5-telnet

look for lines disable=no and change to disable=yes

chkconfig telnet off

Hardening PHP for Security

PHP is the most popular scripting language for apache and mysql. You will need to disable system level functions in the php configuration file.

nano /usr/local/lib/php.ini

Look for the lines and make sure you have the lines as below..

disable_functions = exec,system,shell_exec,passthru
register_globals = Off
expose_php = Off
magic_quotes_gpc = On

It is best to keep magic_quotes to on as otherwise you forms using POST may be used for SQL injection attacks.

Disable Open DNS Recursion (DNS Server)

If you are running bind DNS server, then you might want to check your dns server statistics with dnstools.com. You dont want to allow recursive lookups to performed on your server other than local IP. It can also slowdown your server.

nano /etc/named.conf

Under Options { place a line

Options {
recursion no;
…..

Then restart the bind

service named restart

You will also need to restrict zone transfers and notifications

Install Mod_Security

ModSecurity is a free open source web application firewall which can help you to guard against LFI (local file inclusion attacks) and SQL injection vulnerabilities.

CPanel Installation:

Just go to Cpanel WHM > Plugins > Enable Mod_Security > Save

Source Installation:

That should install mod security in your cpanel. Under apache it should show under installed modules if you run test.php with phpinfo() in it. Try adding some mod security rules. Installing mod_security could be sometimes complicated. Dont use apxs for compiling mod_security as it causes number of problems.

Note: Mod_security needs libxml2 and http-devel libraries before it can be installed. It also requires mod_unique_id enabled in apache modules. To install mod_unique_id, you have to place

LoadModule unique_id_module modules/mod_unique_id.so

in your httpd.conf file.

yum install libxml2 libxml2-devel httpd-devel

Download the latest version of mod_security for apache2 from http://www.modsecurity.org

wget http://www.modsecurity.org/download/modsecurity-apache_2.1.7.tar.gz
tar zxf modsecurity-apache_2.5.4.tar.gz
cd modsecurity-apache_2.5.4
cd apache2

Then

If you cannot find ./configure then you will need to edit Makefile and make change to top_dir = /usr/lib/httpd (for centos)

make
make install

Next, copy the rule files depending on which you want (you can also select minimal rules file which comes with source). Make a directory named modsecurity under /etc/httpd/conf and copy all the modsecurity rules there. Finally include those files in the httpd.conf file

# /etc/httpd/conf/httpd.conf

LoadModule unique_id_module modules/mod_unique_id.so
LoadFile /usr/lib/libxml2.so
LoadModule security2_module modules/mod_security2.so
Include conf/modsecurity/*.conf

Then

/etc/init.d/httpd restart

Log Files

Watch for log files to detect any errors or intrusion activity

/var/log/httpd/modsec_audit
/var/log/httpd/error_log

If you get any errors, i have compiled a list of errors while compiling. see here

Install Mod_Evasive

ModEvasive module for apache offers protection against DDOS (denial of service attacks) in your server.

wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
tar zxf mode_evasive-1.10.1.tar.gz
cd mod_evasive

then run the following command for apache2…

> /usr/sbin/apxs -cia mod_evasive20.c

Once mod evasive is installed, place the following lines in your /etc/httpd/conf/httpd.conf

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>

Follow the instructions in the README for more tuning of mod_evasive. This will compile, install and activate the module in your server.

Install RkHunter (Rootkit)

RkHunter is a rootkit scanner scans for vulnerabilities, insecure files, backdoors in your system and reports it so that you can further harden the server. Installing RkHunter is very easy!

yum install rkhunter

To run checks in your system

rkhunter –checkall
OR
rkhunter -c

You can find what command options are available under rkhunter by issuing this help command

> rkhunter –help

Install PortsEntry

Portsentry is a tool to detect port scans and log it. Download the sorce package of portsentry from sourceforge.net

wget http://path/to/portsentry-1.2.tar.gz
tar zxf portsentry-1.2.tar.gz
make linux
make install

If you get errors like while compiling

make linux
SYSTYPE=linux
Making
gcc -O -Wall -DLINUX -DSUPPORT_STEALTH -o ./portsentry ./portsentry.c \
./portsentry_io.c ./portsentry_util.c
./portsentry.c: In function ‘PortSentryModeTCP’:
./portsentry.c:1187: warning: pointer targets in passing argument 3 of ‘accept’ differ in signedness
./portsentry.c: In function ‘PortSentryModeUDP’:
./portsentry.c:1384: warning: pointer targets in passing argument 6 of ‘recvfrom’ diffe r in signedness
./portsentry.c: In function ‘Usage’:
./portsentry.c:1584: error: missing terminating ” character
./portsentry.c:1585: error: ‘sourceforget’ undeclared (first use in this function)
./portsentry.c:1585: error: (Each undeclared identifier is reported only once
./portsentry.c:1585: error: for each function it appears in.)
./portsentry.c:1585: error: expected ‘)’ before ‘dot’
./portsentry.c:1585: error: stray ‘\’ in program
./portsentry.c:1585: error: missing terminating ” character
./portsentry.c:1595: error: expected ‘;’ before ‘}’ token
make: *** [linux] Error 1

To fix:

Open portsentry.c and look for the following line. There will be a extra carriage return breaking the line and you have to delete the carriage return and make single line. It should look like below.

printf (“Copyright 1997-2003 Craig H. Rowland <craigrowland at users dot sourceforget dot net>\n”);

Then run make and make install. That should fix it!

To launch portsentry

/usr/local/psionic/portsentry/portsentry -stcp
/usr/local/psionic/portsentry/portsentry -sudp

check the log files /var/log/secure on what portsentry is active or not.

Prevent IP Spoofing

IP spoofing is a security exploit and can be prevented from placing nospoof on in host.conf file. Edit the host.conf file and place the following lines. If you run dns bind, give it preference.

order bind,hosts
nospoof on

Install ClamAV

Antivirus protection is the last thing you need for your security to protect against worms and trojans invading your mailbox and files! Just install clamav (a free open source antivirus software for linux). More information can be found on clamav website

yum install clamav

Once you have installed clamav in your centos…here are some of the basic commands using the software..

1. To update the antivirus database

> freshclam

2. To run antivirus

clamav -r /home

3. Running as Cron Daily Job

To run antivirus as a cron job (automatically scan daily) just run crontab -e from your command line. Then add the following line and save the file.

02 1 * * * root clamscan -R /var/www

This will run the cron job daily @ 1.02 AM by scanning the public html. You can change the folder to whatever you want for mail etc.

How to clear eximstats DB

Use the following steps to clear the Eximstats warning.

mysqladmin drop eximstats

mysqladmin create eximstats

mysql eximstats < /usr/local/cpanel/etc/eximstats_db.sql