Friday, July 29, 2011

How to test phpmail()

Create a php script as below.

root@cpanel [~]# cat test.mail
$to      = 'username@gmail.com';
$subject = 'testing phpmail';
$message = 'hello';
$headers = 'From:yourname' . "\r\n" .
    'Reply-To: yourname' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);
?>
root@cpanel [~]#
Now execute the command as below to send mail
root@cpanel [~]# php test.mail
Thats it. Check your inbox. If everything is it, it'll be delivered successfully.

preventing root user or account from ssh

This post explains how to prevent root user to ssh directly to a linux box. This is tested in redhat rhel5 system and works on almost other linux distros.

Open the ssh configuration file
# vi /etc/ssh/sshd_config
Changethe following line
PermitRootLogin yes
To
PermitRootLogin no

Now restart the ssh demon.
/etc/init.d/sshd restart

Thursday, July 28, 2011

Allowing root account to ssh

This post explains how to allow root user to ssh directly to a linux box. This is tested in redhat rhel5 system and works on almost other linux distros.

Open the ssh configuration file
# vi /etc/ssh/sshd_config

Changethe following line
PermitRootLogin no
To
PermitRootLogin yes

Now restart the ssh demon.
/etc/init.d/sshd restart

Wednesday, July 27, 2011

How to enable brute force attack on exim

This post explains how to disable brute force attack or multiple login attempts with wrong passwords on exim using csf / lfd

open csf.conf

vi /etc/csf/csf.conf


LF_TRIGGER = "0"
LF_POP3D = "10"
LF_IMAPD = "10"
LF_POP3D_PERM ="180"

Restart csf
#csf -r

How to enable brute force detection for directadmin

This post explains how to enable brute force detection for directadmin or how to prevent multiple login attempts with wrong passwords.

open directadmin.conf

#Brutforce detection is enabled and the count is set to 5.
bruteforce=1
brutecount=5

if more than 5 attempt is done, then the ip will be added to the black list file. It will never be cleared (unless manually).
/usr/local/directadmin/data/admin/ip_blacklist

Tuesday, July 26, 2011

How to change the password of the openvz vps

Here the steps to change the password of the openvz vps or virtual private server from the command line.


[root@test ~]# vzlist -a | grep 192.168.0.100
       462        245 running   192.168.0.100    abc.xyx.com

Always take back up of configuration file before you do anything
[root@test ~]# cp /etc/sysconfig/vz-scripts/462.conf{,bfchpass}

Syntax
vzctl set VE_ID --userpasswd root:[newpasswd] --save

[root@test ~]# vzctl set 462 --userpasswd root:abc123$ --save
Changing password for user root.
passwd: all authentication tokens updated successfully.
Saved parameters for CT 462
[root@test ~]#

Sunday, July 10, 2011

Error: Device 0 (vif) could not be connected. Hotplug scripts not working xen restart solved

You may get this error while restarting the xen vps or virtual server.
It wont start if you are restarting it from front end like solusvm.

So start form the backend.
[root@xen ~]# xm create /home/xen/vm130/vm130.cfg
Using config file "/home/xen/vm130/vm130.cfg".
Error: Device 0 (vif) could not be connected. Hotplug scripts not working.

If you get any hotplug error then check the hotplug error log.
[root@xen ~]#  tail /var/log/xen/xen-hotplug.log
Nothing to flush.

can't add vifvm130.0 to bridge eth0: Operation not supported
Nothing to flush.
can't add vifvm130.0 to bridge eth0: Operation not supported
Nothing to flush.
can't add vifvm130.0 to bridge eth0: Operation not supported
[root@xen ~]#

Now you know the error. Open the configuration file.
vi /home/xen/vm130/vm130.cfg

See the bridge device name was given
vif        = ['type=ioemu, ip=178.162.239.188, vifname=vifvm130.0, mac=00:16:3e:50:e1:8c, bridge=eth0']

Change it to as follows.
vif        = ['type=ioemu, ip=178.162.239.188, vifname=vifvm130.0, mac=00:16:3e:50:e1:8c']
Now it works. Have fun.

(network.c.336) SSL: error:00000000:lib(0):func(0):reason(0) Kloxo restart error solved

Error :
[root@test /]# /etc/init.d/kloxo restart
Stopping kloxo: Waiting for the process to die.....
Stopped kloxo
Starting kloxo: 11
2011-07-09 19:01:30: (network.c.336) SSL: error:00000000:lib(0):func(0):reason(0)
mysqld (pid 1557) is running...
Started kloxo
[root@test /]#

Solution

Remove the openssl with nodeps option

rpm -e --nodeps openssl

Download lower version
http://download.clearfoundation.com/clearos/enterprise/5.1/System/RPMS/openssl-0.9.8e-12.el5_4.1.i686.rpm
rpm -ivh openssl-0.9.8e-12.el5_4.1.i686.rpm

Now restart Kloxo
/etc/init.d/kloxo restart

[root@test /]# /etc/init.d/kloxo restart
Stopping kloxo: ../bin/common/function.sh: line 28:  7239 Terminated              $__path_server_exe $string >/dev/null 2>&1
Waiting for the process to die.....
Stopped kloxo
Starting kloxo: 11
mysqld (pid 1557) is running...
Started kloxo
[root@test /]#

Friday, July 8, 2011

How to enable user authentication in squid proxy

This post explains how to enable user authentication on a squid proxy. 

Suppose you have an ip 1.2.3.4 to be enabled for a user test_user 

Syntax :
acl acl_name proxy_auth username REQUIRED
tcp_outgoing_address ipaddress acl_name
http_access allow acl_name

eg:-
acl auth_user2 proxy_auth test_user REQUIRED
tcp_outgoing_address 1.2.3.4 auth_user2
http_access allow auth_user2

And also you can create passwords for the users by using the following command
#htpasswd passwordfile username
eg:-
#htpasswd /etc/squid/squidpasswd test_user
New password: *type the password here
Re-type new password: *retype the password here

Save the squid configuration file and restart the service. 

Tuesday, July 5, 2011

How to create a new vps or virtual server in openvz using vzctl

Here is the steps.


First go to the following directory which has the templates.
cd /vz/template/cache/

Now create the vps with VEID 10 with template for debian 64  bit ( you can choose the one you want )
vzctl create 10 --ostemplate debian-5.0-x86_64

Enabling onboot
vzctl set 10 --onboot yes --save

Adding the default ip
vzctl set 10 --ipadd IP_ADDRESS --save

Setting name servers
vzctl set 10 --nameserver 8.8.8.8 --save
vzctl set 10 --nameserver 8.8.4.4 --save

Setting the diskspace. Here 50Gb
vzctl set 10 --diskspace 50G --save

Setting the RAM and Bust RAM
vzctl set 10 --vmguarpages 4G:8G --save

Starting vps
vzctl start 10

Setting password for the root user of the vps
vzctl exec 10 passwd

Logging in
vzctl enter 10

How to allow only one ip accessing the server through ssh

This post explains how to block all ips except one accessing your system through ssh. Here we are using iptables firewall for blocking and allowing  ips. These rules are tested on Centos linux and will work with other linux distros like redhat, fedora, etc.

Suppose you have your main server with ip 192.168.1.10
And you want to allow access from 192.168.1.4 only

Here is the rules :
Initial state [all accept]

root@test [~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
root@test [~]#
See the rules below.

Now writing rules :

root@test [~]# iptables -I INPUT -p tcp -s 192.168.1.4 --dport 22 -j ACCEPT
root@test [~]# iptables -I OUTPUT -p tcp -d 192.168.1.4 --sport 22 -j ACCEPT
root@test [~]# iptables -P INPUT DROP
root@test [~]# iptables -P OUTPUT DROP
root@test [~]# iptables -P FORWARD DROP
root@test [~]# iptables -L

After :
root@cpaneltest [~]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  192.168.1.4          anywhere            tcp dpt:ssh
Chain FORWARD (policy DROP)
target     prot opt source               destination
Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             192.168.1.4         tcp spt:ssh

Thats it. now the server 192.168.1.10 will be only accessible through ssh from 192.168.1.4.