PVA troubleshooting.

Linux/Unix, Management Node:
PVA status: # pvamn status
PVA restart: # pvamn restart
PVA (Control Center) status: # pvacc status
PVA (Control Center) restart: # pvacc restart
Special config file: /opt/pva/mn/bin/pva.conf
[log_folder] – Location of log files, default: /var/log/pva
[etc_folder] – Location of config files, default: /var/opt/pva/mn/etc
To change log level, find vzagent.conf location in pva.conf and change , then restart pvamn
3 – INFO level
4 – DEBUG level
Installation logs: /var/log/pva/setup/
To collect PVA Report run: # /opt/pva/mn/bin/pvareport.sh
Linux/Unix, Slave node:
PVA status: # pvaagent status
PVA restart: # pvaagent restart
PVA (Power Panel) status: # pvapp status
PVA (Power Panel) restart: # pvapp restart
Special config file: /opt/pva/agent/bin/pva.conf
[log_folder] – Location of log files, default: /var/log/pva
[etc_folder] – Location of config files, default: /vz/pva/agent/etc
To change log level, find vzagent.conf location in pva.conf and change , then restart pvaagent
3 – INFO level
4 – DEBUG level
Installation logs: /var/log/pva/setup/
To collect PVA Report run: # /opt/pva/agent/bin/pvareport.sh

PhpMyAdmin Stuck at Login screen with no errors !

This is a possible issue when the path to save php_session is not correctly set :

The directory for storing session does not exists or php do not have sufficient rights to write to it.

To define the php_session directory simply add the following line to the php.ini :

session.save_path=”/tmp/php_session/”

And give write rights to the http server.

usually, the http server run as user daemon in group daemon. If it is the case, the following commands will make it :

chown -R :daemon /tmp/php_session

chmod -R g+wr /tmp/php_session

restart http server.

WHM locked out – cphulkd

cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services by guessing the login password for that service. BUT sometimes it becomes troublesome when you are accessing the cPanel with incorrect password and cPanel assuming you as attacker blocks you with below message :

—————————————————————————————
This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic.
—————————————————————————————

To get out of such situation you can disable cphulkd protection :

login via ssh and disable cphulkd using the command below.

# /usr/local/cpanel/bin/cphulk_pam_ctl –disable

This should allow you to login to WHM and double check your cphulk settings.

You can view IP addresses that have been blocked via the WHM interface: WHM -> Security -> Security Center -> cPHulk Brute Force Protection in the Brutes table. On that screen, you can also customize brute force protection settings.

Flush DB will remove all blocked IPs:

WHM >>  Security Center >> cPHulk Brute Force Protection >> Click on Flush DB

Well the other way to this is to remove the IP’s blocked by cPHulk from its database .

ssh to the server login as root and type the following at the prompt

[root@server:] mysql

mysql> use cphulkd;

mysql>BACKUP TABLE  brutes TO ‘/path/to/backup/directory’;

mysql> SELECT * FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;

mysql> DELETE FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;

mysql>quit

🙂

How to access Plesk database

APPLIES TO:

  • Plesk for Windows

Answer

Plesk Database can be accessed by following steps below depending on the database provider are configured in current Plesk installation.

For MSSQL provider:

Database can be accessed using the following CLI command:

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\osql –E

Or Microsoft SQL Server Management Studio Express utility can be used.

For MySQL DB provider:

Execute the following commands in command prompt:

cd %plesk_dir%\Databases\MySQL\bin


mysql -P8306 -uadmin -p psa

For MS Access DB provider (JET):

You can find and use any utility for viewing MS Access(.mdb) database files:

E.g.

http://www.alexnolan.net/software/mdb_viewer_plus.htm


http://www.softpedia.com/get/Internet/Servers/Database-Utils/MDB-View.shtml

Plesk Database file is located in %plesk_dir%\admin\db\psa.mdb

Named rndc.key error when starting

When trying to restart named process after making modifications may end up in a corrupt rndc.key key and the error will show like this:

Sep 12 03:30:54 server named[23683]: /etc/rndc.key:1: configuring key ‘rndc-key’: bad base64 encoding
Sep 12 03:30:54 server named[23683]: loading configuration: bad base64 encoding
Sep 12 03:30:54 server named[23683]: exiting (due to fatal error)

A simple explanation to this is that the key got modified somehow might me some bug.
What to do about this? Well it is simple just check the /etc/rndc.conf file and copy the key from there(you will see the key in the first lines of the file) and replace the key that it is in /etc/rndc.key file and restart named process.


# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]

Windows integration notes

Make program default editor for a file type

Shift-right-click on a file of a type; this forces the ‘open with’. Click ‘Choose program’, find it, and select the checkbox that tells windows to always open files of this type.

Change IE ‘view source’ program

Folder:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\View Source Editor\Editor Name

has a default key that is the path to a program, e.g.

C:\Program Files\Notepad2\Notepad2.exe

Add to context menu for all files

Run regedit. Create the key:

HKEY_CLASSES_ROOT\*\shell\

…if it doesn’t exist. Choose a name that doesn’t exist under it, e.g. Notepad2, and create that as key, and a key under it called ‘command’:

HKEY_CLASSES_ROOT\*\shell\Notepad2
HKEY_CLASSES_ROOT\*\shell\Notepad2\command

Make the default value under the first what you want to appear in the menu and the second what you want it to run, e.g.

“Edit with Notepad2”
and
“C:\Program Files\Notepad2\Notepad2.exe” “%1”

…respectively.

DNS Cache Poisoning Test


Q. How do I verify that my ISP or my own recursive resolvers are free from DNS cache poisoning bug that is promised full disclosure of the flaw by Dan on August 7 at the Black Hat conference? How do I test my dns server for DNS cache pollution or DNS Cache Poisoning bug?

A. DNS cache poisoning (also known as DNS cache pollution) is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources. It occur if DNS “spoofing attack” has been encountered. An attacker will send malicious data / non-secure data in response to a DNS query. For example dns query for www.linuxbabu.net can be redirected to www.redhat.com.

how do I find out if my DNS server is open to such attack or not?

Visit Dan Kaminsky java script page to check your DNS

You can also use following command dig command, enter:
$ dig +short @{name-server-ip} porttest.dns-oarc.net txt
$ dig +short @ns1.example.com porttest.dns-oarc.net txt
$ dig +short @208.67.222.222 porttest.dns-oarc.net txt
Sample output:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.67.222.222 is GOOD: 26 queries in 0.1 seconds from 26 ports with std dev 17746.18"

Another test,
$ dig +short @125.22.47.125 porttest.dns-oarc.net txtOutput:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"125.22.47.139 is POOR: 42 queries in 8.4 seconds from 1 ports with std dev 0.00"


FIX :

Run yum update
yum updateOpen named.conf file and comment out following two lines:
query-source port 53;
query-source-v6 port 53;
Make sure recursion is limited to your LAN only. Set ACL. Restart bind to take effect:
rndc reload 

service named restart


error: stat of /var/log/cron failed: No such file or directory

Hi guys… Today I faced a issue with a new VPS installed with EZ template Centos 5.2. I was preparing the VPS with logwatch, apf and other security and got cron error under roots mail.

Cron errors shows log errors :

/etc/cron.daily/logrotate:

error: stat of /var/log/boot.log failed: No such file or directory
error: stat of /var/log/cron failed: No such file or directory

OR

You do not find log files updating

This was due to the syslog daemon not running. Check if the service is running and restart. Your server may have syslogd daemon on rsyslogd depending on your OS.

I had rsyslogd on Centos 5.2

# /etc/init.d/rsyslog status
rsyslogd is stopped
rklogd is stopped

# /etc/init.d/rsyslog start
Starting system logger: [ OK ]
Starting kernel logger: [ OK ]

Check if the service is being started at the starup :

 

# chkconfig –list | grep rsyslog
rsyslog 0:off 1:off 2:off 3:off 4:off 5:off 6:off

Use Command to enable the daemon at startup

# chkconfig rsyslog on

The log files were not being created due to the daemons stopped, after restart all started generating.

Cheers!

🙂

cPanel / APF – Passive FTP issue

The following web site will redirect you to a very well written article, which will cover the basics of “Passive vs Active” mode functions.

Active FTP vs. Passive FTP, a Definitive Explanation

After FTP connection has been made, The FTP server will generally choose a random port within a certain range to use and tell the client to connect to, but when the firewall is setup to block this port, the connection can not be made and the client times out. Error example below :

[14:55:16] PASV
[14:55:16] 227 Entering Passive Mode (74,86,43,171,13,209)
[14:55:16] Opening data connection to 74.86.43.171 Port: 3537
[14:55:16] LIST -aL
[14:55:37] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

Opening the ports on APF

The first step was to tell APF to have a range of ports open for passive FTP connections. You can put in any range you want as long as it doesn’t conflict with another service. For this we’re going to use the range of 35000-35500.

Will be using vi in this How-To. Please see the Basic Guide to Vim

cd /etc/apf; vi conf.apf

Find IG_UDP_CPORTS   and add passive ports 35000-35500 to look like :

IG_TCP_CPORTS=”20,21,22,25,26,53,80,110,143,161,443,465,623,993,995,2082,2083,2086

,2087,2095,2096,3306,3389,6666,35000_35500

Save the file and restart APF with

/etc/init.d/apf restart

Setting up the FTP Server (Pure-FTPD):

Now you need to tell PureFTPd to use those ports for passive connections. Open up the file /etc/pure-ftpd.conf in your editor and look for the following.

# PassivePortRange 30000 50000

Two things to note. One, the setting is commented out and two the range doesn’t match what we opened in APF. So change it to the following.

PassivePortRange 35000 35500

Restart the PureFTP server with

/etc/init.d/pure-ftpd restart

Test the connections and your are done !

How to compile ‘QUOTA’ support for your FreeBSD server.

I need file system quota support for FreeBSD server.

Quick and Dirty How to compile ‘QUOTA’ support for your FreeBSD server.

Please see: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/quotas.html for more detailed instructions.

To complete the following you will need to have to ssh access to your host server along with full root access.

Login to the remote host via SSH and become root with ‘su -‘ then backup your current kernel and ‘/etc’ directory.

cp -Rp /boot/kernel /boot/kernel.good
cp -Rp /etc /etc.good

Now verify you have the correct source code for your server installed in ‘/usr/src’
cd /usr/src
ee UPDATING

Make sure the first displayed date matches your current ‘uname -a’ output.

Once you have confirmed you have the correct source code installed you can then create your custom kernel configuration file.

cd /usr/src/sys/i386/conf
cp GENERIC MYKERNELCONF
ee MYKERNELCONF

Add the line below to your kernel configuration file and then save the file.

## Example Entry for your Kernel Conf ##

options QUOTA # Provide Quota Support

##

Next you will need to build and install your custom kernel.( This step could take a few mins )

cd /usr/src/
make buildkernel KERNCONF=MYKERNELCONF
make installkernel KERNCONF=MYKERNELCONF

Now before you reboot you need to edit 2 files to enable QOUTA support for you file system.

The first is the ‘/etc/rc.conf’ which will we will edit to enable QUOTA support and to also check them on boot.

grep /etc/defaults/quota >> /etc/rc.conf
ee /etc/rc.conf

You will see the following entries at the bottom of the ‘/etc/rc.conf’ file.

enable_quotas=”NO” # turn on quotas on startup (or NO).
check_quotas=”YES” # Check quotas on startup (or NO).

Change both of the entries to “YES” and then save the file.

enable_quotas=”YES” # turn on quotas on startup (or NO).
check_quotas=”YES” # Check quotas on startup (or NO).

Now you need to modify your ‘/etc/fstab’ file to select which slices should have QUOTAS turned on.

Typical ‘/etc/fstab’ file with NO quota support enabled.

# Device Mountpoint FStype Options Dump Pass#
/dev/ad0s1b none swap sw 0 0
/dev/ad0s1a / ufs rw 1 1
/dev/ad0s1f /home ufs rw 2 2
/dev/ad0s1e /usr ufs rw 2 2
/dev/ad0s1d /var ufs rw 2 2

Typical ‘/etc/fstab’ with quota support enabled.

# Device Mountpoint FStype Options Dump Pass#
/dev/ad0s1b none swap sw 0 0
/dev/ad0s1a / ufs rw 1 1
/dev/ad0s1f /home ufs rw,userquota,groupquota 2 2
/dev/ad0s1e /usr ufs rw,userquota,groupquota 2 2
/dev/ad0s1d /var ufs rw 2 2

Now save the ‘/etc/fstab’ file and reboot the host to load the new kernel and remount your drives with full quota support enabled for your server.

reboot

If for some reason your server does not come back up after 2-10 mins from the reboot please contact your support team and let them know you just compiled a custom kernel and may need to have the server booted with the old backup kernel you made earlier. If the server reboots with no problems you should be all set and ready to go with full quota support for your control panel of choice.