Archive for February, 2010

Email notification on root SSH login

February 26th, 2010

If you are looking to add a little more security to SSH on your server, one thing you can do is setup an email notification on any root login onto your server.

To do this you will need to log in as root on SSH and then run the list command:
ls

You should see a list that includes several bash files like .bash_history, .bash_logout and .bash_profile. To add this notification alert, we are going to add a bash script to .bash_profile.

However, the file cannot be saved to as is as you will receive the following error “[ Error writing .bash_profile: Permission denied ].” This error is because the file is immutable. To resolve this we will run the following command before opening up .bash_profile:
chattr -i .bash_profile

Next we will run this command so that we can add our little bash script:
pico .bash_profile

Here is the bash script you will add. You can change it to fit the message you went sent to your email address. At the end of it you see root. This is the email account that it will be sending to, so you should make sure you have an email account setup in WHM as this is where it will forward it to.

# Email admin when user logs in as root
rootalert() {
echo "Greetings,"
echo
echo "This email is an alert automatically created by your server telling you that someone, even if it is you$
echo
echo "The following information is currently who is logged in to your server right now."
echo
echo "Server: "`hostname`
echo "Time: "`date` echo printf "$(w)" echo echo echo "------" echo "Holdfire, LLC - Root Login Notifier" echo
}
rootalert | mail -s "SSH Root Login [Server: `hostname`][IP: `hostname -i`]" root

To save the file you will type in CTRL + X yes to save the changes and voila.

To set .bash_profile back to immutable you will run.
chattr +i .bash_profile

No comments »

Posted in Bash, Security

Tags:

Specifying allowable permissions of files and folders

February 26th, 2010

If you have setup suPHP/phpsuexec and it currently has accounts on it you will want to run the following:

In root you will run:
/scripts/postsuexecinstall
/scripts/chownpublichtmls

And from under your /home directory (or the directory you’ve specified for accounts)
find -perm 777 -exec chmod 755 {} \; -print
find -perm 666 -exec chmod 644 {} \; -print
/scripts/fixsuexeccgiscripts

No comments »

Posted in PHP, Scripts, cPanel

Tags:

cPanel shows License File Expired

February 26th, 2010

If you try to access WHM/cPanel one day but are shown an error message stating “License File Expired,” first you can go to cPanel’s License Verification page and enter in the IP address that is attached to your cPanel license. If it shows as valid then you can run the following command under root:

/usr/local/cpanel/cpkeyclt.

If that does not work and the error still persists, you will need to open a support ticket with cPanel to have them look into the issue.

No comments »

Posted in cPanel

Tags:

Log users sending mail through “nobody”

February 26th, 2010

Under Tweak Settings, you may have stumbled across the option to disable the following “Prevent the user “nobody” from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.)” However, if you would rather pinpoint users that are sending mail through root@host.domain.com, then you can setup EXIM to log any outgoing attempts made so you can resolve it issue by issue.

To do so you will need to go to WHM > Server Configuration > EXIM Configuration and then go to “Advanced Options.” In the first field you will add the following and then save:

log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject

Once you’ve saved that to access the EXIM logs for nobody senders you can go into SSH and use the following command:
grep cwd=/home /var/log/exim_mainlog

That command you will you the path for every user that is sending mail via sendmail through exim. While it will not give you the filename, you will have the username and directory name. From there you can resolve the issue.

No comments »

Posted in EXIM

Tags:

Fix Quotas for cPanel accounts

February 26th, 2010

If your accounts are showing as using 0 disk space ensure that you have enabled quotas within cPanel. This should have been selected while you were going through your initial cPanel setup however if you did not enable this setting you can go to WHM > Server Configuration > Initial Quota Setup.

Once you’ve got your quotas all set, you’ll need to log into SSH to run the following command:
/scripts/fixquotas

No comments »

Posted in cPanel

Tags:

Install DomainKeys and SPF Records for All Users

February 26th, 2010

cd /var/cpanel/users
for user in * ; do /usr/local/cpanel/bin/domain_keys_installer $user ; done
for user in * ; do /usr/local/cpanel/bin/spf_installer $user ; done

No comments »

Posted in DNS

Tags:

Hello world!

February 26th, 2010

I manage many cPanel-based servers and often times there are certain issues that arise on them that usually I need to refer to again in the future. I tend to either bookmark the site or forget about the command or any tips to fix it. Even some of those bookmarked sites have either gone down or their owners let the domains expire.. rendering the help useless again!

I decided to setup cpanelnotes.com as a place where I can store my own little notes on tips for cPanel based servers. Hope you find this useful!

No comments »

Posted in Updates