LinuxBabu ………..

When trying to restart named process after making modifications may end up in a corrupt rndc.key key and the error will show like this:

Sep 12 03:30:54 server named[23683]: /etc/rndc.key:1: configuring key ‘rndc-key’: bad base64 encoding
Sep 12 03:30:54 server named[23683]: loading configuration: bad base64 encoding
Sep 12 03:30:54 server named[23683]: exiting (due to fatal error)

A simple explanation to this is that the key got modified somehow might me some bug.
What to do about this? Well it is simple just check the /etc/rndc.conf file and copy the key from there(you will see the key in the first lines of the file) and replace the key that it is in /etc/rndc.key file and restart named process.

# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]

PHP and Apache has a history of not being able to track which users are sending out mail through the PHP mail function from the nobody user causing leaks in formmail scripts and malicious users to spam from your server without you knowing who or where. Watching your exim_mainlog doesn’t exactly help, you see th email going out but you can’t track from which user or script is sending it. This is a quick and dirty way to get around the nobody spam problem on your Linux server.

If you check out your PHP.ini file you’ll notice that your mail program is set to: /usr/sbin/sendmail and 99.99% of PHP scripts will just use the built in mail(); function for PHP – so everything will go through /usr/sbin/sendmail =)

Requirements:
We assume you’re using Apache 1.3x, PHP 4.3x and Exim. This may work on other systems but we’re only tested it on a Cpanel/WHM Red Hat Enterprise system.

Step 1)
Login to your server and su – to root.

Step 2)
Turn off exim while we do this so it doesn’t freak out.
/etc/init.d/exim stop

Step 3)
Backup your original /usr/sbin/sendmail file. On systems using Exim MTA, the sendmail file is just basically a pointer to Exim itself.
mv /usr/sbin/sendmail /usr/sbin/sendmail.hidden

Step 4)
Create the spam monitoring script for the new sendmail.
pico /usr/sbin/sendmail

Paste in the following:

#!/usr/local/bin/perl

# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, “>>/var/log/spam_log”) || die “Failed to open file ::$!”;
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO “$date – $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n”;
}
else {

print INFO “$date – $PWD -  @infon”;

}
my $mailprog = ‘/usr/sbin/sendmail.hidden’;
foreach  (@ARGV) {
$arg=”$arg” . ” $_”;
}

open (MAIL,”|$mailprog $arg”) || die “cannot open $mailprog: $!n”;
while (<STDIN> ) {
print MAIL;
}
close (INFO);
close (MAIL);

Step 5)
Change the new sendmail permissions
chmod +x /usr/sbin/sendmail

Step 6)
Create a new log file to keep a history of all mail going out of the server using web scripts
touch /var/log/spam_log

chmod 0777 /var/log/spam_log

Step 7)
Start Exim up again.
/etc/init.d/exim start

Step
Monitor your spam_log file for spam, try using any formmail or script that uses a mail function – a message board, a contact script.
tail – f /var/log/spam_log

Sample Log Output

Mon Apr 11 07:12:21 EDT 2005 – /home/username/public_html/directory/subdirectory -  nobody x 99 99   Nobody / /sbin/nologin

Log Rotation Details
Your spam_log file isn’t set to be rotated so it might get to be very large quickly. Keep an eye on it and consider adding it to your logrotation.

pico /etc/logrotate.conf

FIND:
# no packages own wtmp — we’ll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}

ADD BELOW:

# SPAM LOG rotation
/var/log/spam_log {
monthly
create 0777 root root
rotate 1
}

Notes:
You may also want to chattr + i /usr/sbin/sendmail so it doesn’t get overwritten.

Q. How do I verify that my ISP or my own recursive resolvers are free from DNS cache poisoning bug that is promised full disclosure of the flaw by Dan on August 7 at the Black Hat conference? How do I test my dns server for DNS cache pollution or DNS Cache Poisoning bug?

A. DNS cache poisoning (also known as DNS cache pollution) is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources. It occur if DNS “spoofing attack” has been encountered. An attacker will send malicious data / non-secure data in response to a DNS query. For example dns query for www.linuxbabu.net can be redirected to www.redhat.com.

how do I find out if my DNS server is open to such attack or not?

Visit Dan Kaminsky java script page to check your DNS

You can also use following command dig command, enter:
$ dig +short @{name-server-ip} porttest.dns-oarc.net txt
$ dig +short @ns1.example.com porttest.dns-oarc.net txt
$ dig +short @208.67.222.222 porttest.dns-oarc.net txtSample output:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.67.222.222 is GOOD: 26 queries in 0.1 seconds from 26 ports with std dev 17746.18"

Another test,
$ dig +short @125.22.47.125 porttest.dns-oarc.net txtOutput:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"125.22.47.139 is POOR: 42 queries in 8.4 seconds from 1 ports with std dev 0.00"

FIX :

Run yum update
yum updateOpen named.conf file and comment out following two lines:
query-source port 53;
query-source-v6 port 53;Make sure recursion is limited to your LAN only. Set ACL. Restart bind to take effect:
rndc reload 


service named restart


If you have Perl /cgi or Php scripts and you want to make them available to all clients on your server , add an Alias in

/etc/httpd/conf/httpd.conf

file pointing to a shared directory owned by root:wheel. This is how the cPanel achieves this with their cgi-sys shared scripts in /usr/local/cpanel/cgi-sys/

RVSiteBuilder warning messages under WHM :

Solution :

Execute using root logins :

perl /var/cpanel/rvglobalsoft/rvsitebuilder/panelmenus/cpanel/scripts/autofixphpini.pl

Restart cPanel :

/usr/local/cpanel/startup

If again you see the warnings after cPanel restart, manually change the values for PHP under WHM >> Tweak Settings.

PHP
PHP max execution time for cPanel PHP execution in seconds (default 90)
PHP Max Post Size for cPanel PHP in Megabytes (default 55M)
cPanel PHP Register Globals (Off [unchecked] is recommended for security reasons)
PHP Max Upload Size for cPanel PHP in Megabytes (default 50M)
Loader to use for internal cPanel PHP (Use oldsourceguardian for version 1.x and 2.x)
none ioncube sourceguardian oldsourceguardian

This fixes your issue.

If you get the next problem on rvsitebuilder running on a cpanel server:

Not Found

The server was not able to find the document
(./3rdparty/rvsitebuilder/index.php/sitebuilder/sitebuilderhome) you
requested.
Please check the url and try again. You might also want to report this
error to your webhost.

It should fix the problem to you:

Log in as root on your cpanel server and run these commands:

# rm -f /var/cpanel/rvglobalsoft/rvsitebuilder/var/INSTALL_COMPLETE.php
# rm -f /var/cpanel/rvglobalsoft/rvsitebuilder/rvsitebuilderversion.txt
# perl /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/autoinstaller.cgi

OR

Simply run

perl /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/autoinstaller.cgi

Open your WHM on a web browser, https://serverip:2087

And go to root WHM -> Plugins -> RVSiteBuilder

Currently cPanel will start with eth0 and work through eth1 when you assign nameservers to your IPs via WHM. Unfortunately, this will automatically choose your management IP range first, which of course are non-routable. There are two work-arounds for this:

1: Create a fake nameserver record on your private IPs, and add an A record for that nameserver to your DNS. This is the fastest option, but not the best.

2: SSH to your server and edit /etc/nameserverips manually. An example file is blelow:

10.x.x.x=0
128.177.x.x1=ns1.my_cpanel_nameserver.com
128.177.x.x2=ns2.my_cpanel_nameserver.com
128.177.x.x3=0
128.177.x.x4=0
128.177.x.x5=0

Just replace the ’0′ after the ‘=’ with your nameserver name. In this example, the first IP (10.x.x.x) is the management IP, and not used for nameservers. The next two IPs are public and assigned to two nameservers. The last three are public and not in use.

Before setting up compression of your logs you will want to have cpanel run the stats as often as possible. This is so you do not miss any stats that would have been included were your logs not compressed before stats run.

To do this, login to WHM, and click on Tweak Settings under Server Configuration in the left menu. Scroll down to Stats and Logs, and then in the field next to “Number of days between processing log files and bandwidth usage (default 1, decimal values are ok):” enter ‘.5′.

This will cause your logs to be run twice a day, and should allow you to have up to date stats.

After doing this, we can begin to setup your domlogs compression. You will need to open an ssh shell to your server to complete this.

Change directories to /etc/logrotate.d/ and find the file named httpd. You will need to copy this file to a new file in the same directory:

root@cpdemo [/etc/logrotate.d]# cp httpd domlogs
root@cpdemo [/etc/logrotate.d]# ls -la domlogs
-rw-r–r– 1 root root 390 Nov 8 21:26 domlogs
root@cpdemo [/etc/logrotate.d]#

Now you will want to edit your new file to contain the following:

/usr/local/apache/logs/*.com /usr/local/apache/logs/*.org /usr/local/apache/logs/*.net {
missingok
notifempty
size=200M
rotate 2
compress
sharedscripts
postrotate
/bin/kill -HUP `cat /usr/local/apache/logs/httpd.pid 2>/dev/null` 2> /dev/null || true
endscript
}

Just save your new file and you are done. Most linux distributions come default with a logrotate cronjob running nightly that will work with this configuration.

There are many possible causes of this issue, however most relate to quotas being enabled on the filesystem itself.
Some ways to check the most common errors are:

Quotas enabled in the filesysem

By default, quoatas are enabled in the kernel on all SoftLayer Linux and FreeBSD kernels. If you’ve compiled/installed your own kernel, you’ll need to verify that quotas are enabled.

— FreeBSD systems will need to add “options QUOTA” to their kernel configuration and recompile. They will then need to add “enable_quotas=”YES”" to their /etc/rc.conf file.

— To enable quotas on a certain partition, one will need to modify the /etc/fstab file by adding usrquota (or grpquota if one desires the quota to pertain to an entire group rather than an individual user) to the options column (e.g. “LABEL=/home /home ext3 defaults,usrquota 0 0″).

— Once those entries are added, a reboot of the server should resolve the issue.

Run /scripts/fixquotas

Cpanel has it’s own tools to repair the quotas for it’s accounts. the command
#/scripts/fixquotas
run through ssh may resolve the issue.

Repquota

The command
#repquota -ua
will tell you if quotas are being reported for OS users at all.

Quotacheck

The command
#quotacheck -fv /home
will display the quotas for that filesystem, however the partition has to be unmounted first. It’s best to do this from Single User mode.