LinuxBabu ………..

Sometimes we may require to remove APF from the server. Here is a guide which shows how to remove APF completely from the server.

Stop the firewall first
service apf stop
/bin/rm -rfv /etc/apf
Remove the cron for APF
/bin/rm -fv /etc/cron.daily/fw
/bin/rm -fv /etc/init.d/apf
lastly disable at startup
chkconfig apf off

This should remove APF completely from the server as we removed the APF daemon, cron and files.

Q. How do I verify that my ISP or my own recursive resolvers are free from DNS cache poisoning bug that is promised full disclosure of the flaw by Dan on August 7 at the Black Hat conference? How do I test my dns server for DNS cache pollution or DNS Cache Poisoning bug?

A. DNS cache poisoning (also known as DNS cache pollution) is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources. It occur if DNS “spoofing attack” has been encountered. An attacker will send malicious data / non-secure data in response to a DNS query. For example dns query for www.linuxbabu.net can be redirected to www.redhat.com.

how do I find out if my DNS server is open to such attack or not?

Visit Dan Kaminsky java script page to check your DNS

You can also use following command dig command, enter:
$ dig +short @{name-server-ip} porttest.dns-oarc.net txt
$ dig +short @ns1.example.com porttest.dns-oarc.net txt
$ dig +short @208.67.222.222 porttest.dns-oarc.net txtSample output:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.67.222.222 is GOOD: 26 queries in 0.1 seconds from 26 ports with std dev 17746.18"

Another test,
$ dig +short @125.22.47.125 porttest.dns-oarc.net txtOutput:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"125.22.47.139 is POOR: 42 queries in 8.4 seconds from 1 ports with std dev 0.00"

FIX :

Run yum update
yum updateOpen named.conf file and comment out following two lines:
query-source port 53;
query-source-v6 port 53;Make sure recursion is limited to your LAN only. Set ACL. Restart bind to take effect:
rndc reload 


service named restart


If you want to add any extra modules to apache, they’ll need to be compiled in. Any module that needs to be compiled in will have a –with-module type flag which will need to be used. To add this flag, run the following:

cd /usr/local/directadmin/customapache
vi configure.apache_ssl

#add your –with-module line to the end of the file,
# and make sure the character exists at the end of all lines except the last one.

./build clean
./build apache_mod_ssl

Then restart apache:
RedHat:

/sbin/service httpd restart

FreeBSD:

/usr/local/etc/rc.d/httpd restart

If you run into problems, you may also need to recompile php as well:

./build php

Then restart apache again.

DirectAdmin is fully installed but we are unable to login and access the host.

Steps to try and resolve this problem.

Verify IP information bound to the host matches the data in /usr/local/directadmin/scripts/setup.txt

Confirm the date is correct.
# date
Sun Jan 4 03:14:22 CST 2004

If not then set the date with ‘rdate’ or ‘ntp’
# rdate -s time.nist.gov

Verify date is now correct.
# date
Thu Feb 3 17:44:23 CST 2005
Check and see if DA is now accessable.

If that does not work try the following.

cd /usr/local/directadmin/scripts
./getLicense.sh 123 1234
service directadmin restart

Where 123 and 1234 are your Client ID and License ID, respectively. If there are errrors extracting the update.tar.gz file, then run:
head -n 1 /usr/local/directadmin/conf/license.key

to search for an error. If there is an readable error inside the file, double check the IP you are using matches the IP in the license on our system.

Create an .htaccess file in your public_html directory with the following code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?domain.com.*$ [NC]
RewriteRule .(gif|jpg)$ – [F]

Where domain.com is your domain.

This relates to semaphores on your system (you’ve run out). Run the following to clear them out:

ipcs | grep apache | awk ‘{print $2}’ > sem.txt
for i in `cat sem.txt`; do { ipcrm -s $i; }; done;

For cPanel servers :

ipcs | grep nobody | awk ‘{print $2}’ > sem.txt
for i in `cat sem.txt`; do { ipcrm -s $i; }; done;

Finally restart Apache :

/etc/init.d/httpd restart

service httpd restart

Exim comes with a utility called ‘exiwhat’ which will display what each instance of exim is currently involved with. The output will look similar to this:

root@server [~]# exiwhat
2118 daemon: -q1h, listening for SMTP on port 25 (IPv4)
2130 daemon: no queue runs, listening for SMTPS on port 465 (IPv4)
31640 handling incoming connection from [1.2.3.4]

Also, to monitor the exim log in realtime, you may use the tail command thusly:

tail -f /var/log/exim_mainlg

If you need to go back to apache 1.3 after installing apache 2, you’ll need to do the following:

1) Restore the old httpd.conf file:

cp -f /etc/httpd/conf/httpd.conf.1.3.backup /etc/httpd/conf/httpd.conf

2) Get DirectAdmin to use the old httpd.conf files for the users. Edit the /usr/local/directadmin/conf/directadmin.conf file and change apache_ver=2.0 to apache_ver=1.3. Then type

echo “action=rewrite&value=ips” >> /usr/local/directadmin/data/task.queue

echo “action=rewrite&value=httpd” >> /usr/local/directadmin/data/task.queue

echo “action=directadmin&value=restart” >> /usr/local/directadmin/data/task.queue

3) Now you can recompile apache 1.3

rm -f /usr/lib/apache/*
cd /usr/local/directadmin/customapache
./build clean
./build all

4) Fix the modules link:

cd /etc/httpd

rm -f modules

ln -s /usr/lib/apache modules

5) Restore the old boot script:
FreeBSD:

cp -f /usr/local/directadmin/customapache/httpd_freebsd /usr/local/etc/rc.d/httpd

chmod 755 /usr/local/etc/rc.d/httpd

/usr/local/etc/rc.d/httpd restart

RedHat:

cp -f /usr/local/directadmin/customapache/httpd /etc/init.d/httpd
chmod 755 /etc/init.d/httpd
/etc/init.d/httpd restart

If you need to update your DirectAdmin license manually, you can do so by running the following commands:

cd /usr/local/directadmin/scripts

./getLicense.sh 123 1234

service directadmin restart

Where 123 and 1234 are your Client ID and License ID, respectively. If there are errrors extracting the update.tar.gz file, then run:

head -n 1 /usr/local/directadmin/conf/license.key

to search for an error. If there is an readable error inside the file, double check the IP you are using matches the IP in the license on our system. Also check that it’s active in our clients section. Failing that, you’ll need to contact sales@directadmin.com to get your license activated or updated.

If you have multiple IPs on your device and wget is binding to the incorrect one, you can specify the IP to bind to by adding it as the last argument:

cd /usr/local/directadmin/scripts
./getLicense.sh 123 1234 1.2.3.4
service directadmin restart

Php is setup is to limit memory usage per process. If you require more, this limit can be increased.
Edit

/usr/local/lib/php.ini

If you are unsure about the php.ini path, You can find your server php.ini using command :

php -i | grep php.ini

Configuration File (php.ini) Path => /usr/local/lib

Loaded Configuration File => /usr/local/lib/php.ini

and set:

memory_limit = 8M ; Maximum amount of memory a script may consume (8MB)

to a higher value, like 20M. Save, exit, then restart apache.