FIND:
search file in server: find / -type f -name mysql*.cnf
List files with filename with 4 characters: find /sites/ -type f -name ‘????.php’
Find , skip finle name with wp and delete: find -maxdepth 2 -name “????????.php” | grep -v wp | xargs rm -rvf
Search text within multiple files: find ./ -type f -name “*.txt” -exec grep ‘Geek’ {} \;
find keywork from multiple files under folder: find /home/ -type f -exec grep -l “keyword” {} \; ->>> or find / -type f -exec grep -l -i “keyword” {} ;
files without permission: ! -perm 777
Executable files: -perm /a=x
run command on find result: -exec command {} \; ->>> or | xargs command ->>> replace “command” with the command to use
Find folders: -type d
find empty files: -empty
find hidden files: -name “.*”
find newer files: -newer msg.txt
find files of a particular user: -user username ->>> replace “username” with the actual username
find Last 50 Days Modified Files: -mtime 50
files which are modified more than 50 days back and less than 100 days: -mtime +50 –mtime -100
files which are changed in the last 1 hour: -cmin -60
files which are modified in the last 1 hour: -mmin -60
Find Size between 50MB – 100MB: -size +50M -size -100M ->>> (-size +1G for 1 GB or above)
directories larger than 20kb: find / -type d -size +20k
find filename not case sensitive: -iname instead of -name
Search for a file from multiple directories: find ./test ./numeric -name file22.txt -type f
Copy files to another folder: -exec cp {} ~/tmp/images ;
Delete files listed: -exec rm -f {} ; or | xargs rm -f –delete
Or condition: -name “*.cpp” -o -name “*.txt”
Remove large number of files script: for i in `cat a.txt`; do rm -rf $i; done
Gracefully reload NGINX web server: $ sudo systemctl reload nginx.
Fully restart NGINX web server: $ sudo systemctl restart nginx
==============================================
average memory used by the PHP-FPM process on the server
ps -eo size,pid,user,command –sort -size | awk ‘{ hr=$1/1024 ; printf(“%13.2f Mb “,hr) } { for ( x=4 ; x<=NF ; x++ ) { printf(“%s “,$x) } print “” }’ | grep php-fpm
moodle version: /opt/bitnami/apps/moodle/htdocs# cat version.php | grep release
mysqlcheck –force /var/lib/mysql/devbassc_forum_NEW/basscat_forum_postmeta.MYI
mysqlcheck –auto-repair devbassc_forum_NEW basscat_forum_postmeta
email queue check sender: exim -bp|grep “<“|awk {‘print $4’}|cut -d”<” -f2|cut -d”>” -f1|sort -n|uniq -c|sort -nr
how much memory, on average, your Apache processes use
ps -ylC httpd –sort:rss
Database creation date, time
select TABLE_SCHEMA,TABLE_NAME,CREATE_TIME from information_schema.tables where table_schema not in (‘information_schema’, ‘mysql’, ‘performance_schema’);
Load history: sar -q
ip hits: netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
Bandwidth hits: less /usr/local/apache/domlogs/domain_name/ | awk {‘print $1’} | sort -n | uniq -c | sort -n
Nginx error log: tail -f /var/log/nginx/error.log
Restart php-fpm: /scripts/restartsrv_apache_php_fpm
Modsec rules triggered: grep ModSecurity /usr/local/apache/logs/error_log | sed -e ‘s#^.[id “([0-9]).hostname “([a-z0-9-_.])”].uri “#\1 \2 #’ | cut -d\” -f1 | sort -n | uniq -c | sort -n | grep DOMAINNAME grep ModSecurity /usr/local/apache/logs/error_log | sed -e ‘s#^.[id “([0-9]).hostname “([a-z0-9-_.])”].uri “#\1 \2 #’ | cut -d\” -f1 | sort -n | uniq -c | sort -n | grep DOMAINNAME | awk ‘{ print $2 }’ | uniq
cat /etc/os-release
netstat -tulpn | grep LISTEN
lsof -i -P -n | grep LISTEN
netstat -an | grep 3306
iptables -L -v -n | more
==============================================
Commands
cat /etc/psa/.psa.shadow
Scan – sh ~shiyaska/maliciousScriptFinder.sh trinitya
xargs rm -rvf < var2.txt
for i in `cat a.txt`; do rm -rf $i; done
exim -bp|grep frozen|awk ‘{print $3}’ |xargs exim -Mrm
find ./* -name “smtphec.php” -delete
Filezilla – rdesktop 172.17.252.133 -u Bobsquad -p’Bobsquad@123′
grep POST access-logs/* | awk ‘{print $1}’ | cut -d: -f2 | sort | uniq -c | sort -nr | head
Mail queue – exim -bp|grep frozen|awk ‘{print $3}’ |xargs exim -Mrm
ps ahux –sort=-c | awk ‘{if($3>10.0)printf”%s %6d %s\n”,$3,$2,$11}’
ps ahux –sort=-c | awk ‘{if($3>10.0)printf”%s %6d %s\n”,$3,$2,$11}’
exim -bp|grep frozen|awk ‘{print $3}’ |xargs exim -Mrm
grep /usr/local/cpanel/logs/access_log | grep -i post | awk {‘print $1’} | sort | uniq -c | sort -nr
Load – vzlist -o laverage,ctid,hostname -s -laverage
netstat -plane | grep :25 | awk {‘print $5’} | cut -d “:” -f1 | sort | uniq -c | sort -nr| head
iptables -A INPUT -s [IP] -j DROP
for ((i=1; i<100 ; i++)) do killall -9 php-cgi ; done
du -hx –max-depth 1 | sort -hr
pkill httpd; for IPCS in `ipcs -a| grep nobody | awk ‘{print $2}’`; do echo $IPCS; ipcrm -s $IPCS; done; service httpd restart
find / -name “*log” -type f -maxdepth 10 -size +100M -exec du -sch {} \;
find /home -type f -size +100M -iname “error_log” ! -path ‘/home/virtfs*’ -exec ls -lh {} \; | awk ‘{ print $9 ” : ” $5 }’
echo “$(tail -n 1000 error_log)” > error_log
grep cwd=/ /var/log/exim_mainlog | cut -d = -f 2 | cut -d ” ” -f 1 | sort | uniq -c | sort -n
rsync -avz –progress -e “ssh -i /home/shiyaska/shiyaska -p1022 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null” –rsync-path=”sudo rsync” tony-sarno.tar.gz shiyaska@vmc148.myhostcenter.com:/home/shiyaska
grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F”cwd=” ‘{print $2}’ | awk ‘{print $1}’ | sort | uniq -c | sort -n
ls -ld /raid/rsnapshot/*/daily.*/backup/home/windysbl
scp -P 1022 -i /home/shiyaska/shiyaska -r mail shiyaska@vmcp136.myhostcenter.com:/home/shiyaska/
find /tmp -type f \( ! -user root \) -mtime +2 -delete
find /tmp -type f \( ! -user root \) -mtime +2 – to show the session files excluding root
less /proc/meminfo ——-> ram info
/var/cpanel/accounting.log ——–cpanel create/deletion logs.
/var/log/pslog ———–store the result of various commands
>> PHP error logs: Home folder of the domain >> logs >> PHP log
>> Apache error logs: /usr/local/apache/logs/error_log
/usr/local/cpanel/logs/login_log ————cpanel login logs
Access logs:
less /usr/local/cpanel/logs/access_log | grep 40.180.1.235
less /usr/local/apache/logs/domlogs/taxichoice.co.za | grep 40.180.1.235
telnet IP 587 —–Check telnet
domian history: cpacc domain
New tool to check domain history – cpacc
ips applyfpm wsignaf —restart fpm
find . -type f -exec chmod 644 {} \; && find . -type d -exec chmod 755 {} \; —-permission
sar command:
-q Queue length and load average statistics
-r Memory utilization statistics
-R Memory statistics
-S Swap space utilization statistics
ips cwd —-to check the number of mails send from the website recently
quota -s username ——-disk space usage
cpl -q —- CWP disk quota usage
sudo sh -c “/usr/local/afribin/cpl-q username “
du -h –max-depth=1 ——-list folders using most size.
Details quota stats: sudo sh -c “cpuser_spacecheck cpanelusername”
php -i | grep php.ini ——php.ini file
/opt/cpanel/ea-php56/root/etc/php.ini
rsync -avz –rsh=”ssh -p 24″ /var/vmail/ettcoprojects.co.za/ root@154.0.168.249:/home/ettcolas/mail/ettcoprojects.co.za/ ——rsynch
scp path/to/local/file.ext user@remote-host:path/to/remote/file.ext
scp /backup/graveyard/luigi.aserv.co.za/cpmove-letcogqt.tar.gz 197.242.144.229:/home —–copy file
/scripts/restorepkg /home/cpmove-letcogqt.tar.gz —-restore account using that file.
/scripts/pkgacct redanezf ——-create full backup of the domain.
/scripts/pkgacct –skiphomedir username —–create skeleton backup.
find . -printf “%h\n” | cut -d/ -f-2 | sort | uniq -c | sort -rn —inode usage breakdown
email queue:
exim -qff -v
spamnuke – clear spam from queue.
domain hitting php limits: sudo sh -c “cpl innovationmediadesign8.co.za | grep PHP-FPM-LIMITS-HIT”
Bandwidth hits: less /usr/local/apache/domlogs/domain_name/ | awk {‘print $1’} | sort -n | uniq -c | sort -n
Check files using large space: find /home -maxdepth 3 -type f -size +100000k -exec ls -lh {} \;
Search in folder to check for any words in any files: grep -irl name
check number of hits during a time: egrep “15/Jan/2013:14:09|15/Jan/2013:14:10” /home/userna5/access-logs/example.com | wc -l
Fix scanner issue: /usr/local/afribin/configs/clamd_sane.sh
List emails older than 1 year
find /home/user/mail/domain/email/cur/ -mtime +365 -exec mv -v {} /home/user/backup_emails/info/cur {} \;
find /home/user/mail/domain/email/.Sent/cur/ -mtime +365 -exec mv -v {} /home/user/backup_emails/info/.Sent/cur {} \;
Check number of files inside a folder: ls | wc -l
cupcake: ssh2 justin.m@cupcake.afrihost.com -p 24
Gdrive upload:
curl gdrive.sh | bash -s <id>
Kill ping to an external IP from our server: ps aux | grep 129.232.199.72
kill -9 process_id
Open ports: netstat -tulpn | grep LISTEN
======================================
To change dedicated IP to shared IP:
netstat -plane | grep :80
if nginx is listening,
check if entry for the Dedicated IP is there in:
/etc/nginx/custom_rules
/etc/nginx/custom_local
======================================
DOMLOG
cd /usr/local/apache/domlogs/username
less sasol.com | grep “POST” | awk ‘{ print $1}’ | sort -n | uniq -c | sort -n
Disable/Enable shell_exec
vi /opt/cpanel/ea-php73/root/etc/php-fpm.d/domain.conf
restart php-fpm
unable to change the password or create email accounts for the domain.
While creating or changing, we are getting a red line under the password tab:
==
/scripts/upcp –force
==
Imagick:
extension=imagick.so — add in the .user.ini file.
convert -version
“JSONParse error”, while opening the WHM/cPanels of our servers.
—
/scripts/restartsrv_queueprocd –stop
rm -fv /var/cpanel/taskqueue/servers_*json
/scripts/restartsrv_queueprocd –start
—
spetool domain ——e routing check lumberjack
ssh -X justin.m@im.inhouse.net —–pidgin keyserver
scheme -l domain/ip/host ———-root password or whm link to log in to server.
frob rebuild ——-after php version upgrade.
frob login ——wp dashboard.
dig domain @new_nameserver MX/A ——-check what record is set in the remote NS side.
firefox profile: curl -s http://sysadmin.cpiv.com/scripts/compatibility.sh | /bin/bash
whmapi command to whitelist a sender address in all domains in a managed server:
for i in `cat /etc/trueuserdomains | awk {‘print $NF’}` ; do echo “whitelist_from *@accounting.sageone.co.za” >> /home/$i/.spamassassin/user_prefs ; done
Immutable:
chattr -i filename
Load
cd /var/log/sa
sar -q -f
/SCREEN
screen -S name
Run the command.
Ctrl-a + d: It detach a screen session without stopping it.
screen -r 200225
screen -ls — list of sessions
CTRL+A+ESC – Enable scroll option
cpu -> lscpu
free memory -> free -h
user connections -> mysql
show satus like ‘conn%’;
show status like ‘%onn%’; -> how many user connections in database
show status like ‘Conn%’; -> maximum used connections
disk breakdown: du -hx –max-depth 1 | sort -hr
find within the file: grep -iRl ‘lpcalhost’ ./*
disk usage: du -sh
backup disk usage: backupdu <domain> <IP>
create php.ini file> createini <domain> <server>
check the backups > checkbackup <user> <server>
access account > dropjail <domain> [server] [port]
disk and inode storage > du <domain> [server]
mysql usage for a user > checksql <domain> <server>
check number of processes >countproc <domain> <ip>
Mysql server down or not. > service mysql status
restart mysql service. > service mysql restart
exim logs. > ec <server IP> <username>
tail -n 100 error_log – to check the last 100 line of error log
chmod 755 mobile
w server load
ps -aux | grep php running processes.
awstats <primary domain> <server> [number of top results] stats of website.
scan –all
scan <server> <user>
/usr/local/cPanel/logs/cphulkd.log – login blocked. 15 times wrong password.
/usr/local/apache/logs/error_log – apache error websites issue. error 500.
/var/log/secure – username failed.
free ram space – free -m
free disk space – df -h
check backup – cd /backup
clear temp(if 100%) – cd /tmp
ls -al then we can delete these files.
shows backup: cd /cpbackup
ls -al
if cpbackup is not there, then go to cd <date>
ls -al
cd accounts
ls -al
To restore backups(overwrite) – /scripts/restorepkg <zip file>
or /scripts/restorepkg –skipaccount <zip file name>
Home of account – cd /home
to upload file: wget <link of file> then unzip <file name>
Root password change: WHM -> change root p/w.
ls : file list
ls -a : files list with hidden
ls -al : files with details.
To change ownership of files/folders : chown <cPanel username>: <cPanel username> index.php
for all files: chown <cPanel username>:<cPanel username> -rf *
current directory – pwd
to know about a command: man<command>
order by modified date: ls -alt
mkdir <folder name> : create folder.
to come out of a folder: cd ..
to edit file with vi editor: vi <file name> esc:wq or Esc:q!
move file: mv <source file name> <destination file name>
To find files/folders: find . -type f -name <folder name> -print;
find . -type d -name <folder name> -print;
find within files: grep -iRl ‘<keyword>’ ./<path>
file size(disk space of folder): du or du -sh
Process running: if website is slow. to see which process is running: top -c
to kill a process: kill pid <process ID>
files/folders with most size: du –max-depth=”1″ -h
to delete folder: rm -rf <folder name>
inode usage: df -i shows the no of inodes
clear server cache: synch; echo 1 > /proc/sys/vm/drop_caches
check sockets connected to IP: ss -tuna |awk ‘{print $1}’ | awk =F: ‘{print}’ | sort | uniq -c | sort -nrk1 | head -20
SAN id: cpm -> hal -> volume -> os -> san id. then check in zabbixmon.
if CM contact us with resold domain name, then we can search in eig shell with ui <resold domain name> if resold CM cannot validate main account, then no acc related assistance.
to check disk usage: du <domain> <ip> backupdu <domain> <ip>
We can ask WHM password from CM. No other password can be asked.
to reset database password – pwtemp setwp <DB name> pwtemp unsetwp <db name>
to top exim: service exim <stop/start>
To check status: use eig shell : status exim <ip>
httpd: service https start /stop/restart
free memory: free -h if less than 100 mb -> OOM. out of memory. Website
disk usage: du domain ip
User connections: #mysql #show status like “Conn%”;
to check server load: top – load average.
lscpu: how many cpu
free -m : free memory. if less than 100, then botler: oom Then ask CM to optimize the website , db etc.
For backups: eig shell -> backupdu <IP>
Disk/inode usage: du <domain><ip>
to log in to cPanel : pwtemp setuser <username><ip>
/putty codes
permfix domain ip -> permission fix
purgecache domain IP -> clear server cache.
remove cache – cachectl username off IP
exim -bpc to check queue.
For restoring
* /scripts/restorepkg (zip file name)
* If you get error /scripts/restorepkg –skipaccount (zip file name)
Cpanel accounts
* cd /home (enter) ls -al (it will list cPanel accounts)
* cd (cpanel account name) (enter)
* wget (paste link of file link address) (enter) unzip (filename)
* ls (filename)
* ls – a (files list with hidden)
* ls -al(files with details)
* To change the ownership of one file – chown (cpanel username):(cpanel username) index.php
* To change the ownership for all files – chown (cpanel username):(cpanel username) – Rf (enter) ls -al
* pwd (it shows the current directory which we are working)
The files which are modified in orders
* ls -alt
To display only php files
* ls *.php
To create a folder
* mkdir (folder name)
* cd (folder name) (to get inside the folder)
* cd .. (to come 1 folder back)
* cd ../../ (to come back 2 folders back)
To create file
* vi (file name) (enter) (edit file) ESC:wq (To save and quit) ESC :q! (quit without saving)
To find location of the file
* find . -type f -name ‘filename’ -print;
To find Location of the folder
* find . -type d -name ‘foldername’ -print;
To find within the file ( to find a particular keyword)
* grep -iRl ‘lpcalhost’ ./*
To display the disc place consumed in individual folder
* du -sh
=============================================
solarwind server:
rdesktop -u bobcares 208.69.56.10:8212 -pswlqaripuf#1O3aca -g 100%
xfreerdp /u:bobcares /v:208.69.56.10:8212 /p:swlqaripuf#1O3aca /compression /w:1300 /h:700
Check disk space:
df -h
Find Document root:
cat /etc/apache2/conf/httpd.conf | grep -C 5 www.bobkid.online
To find Username:
scripts/whoowns rawdon-qc.net
rawdonqc
To find the larger file :
find ~ -type f -size +1M
find . -iname <file name >
find /var -type f -mtime 0 -1s
ps axo pid,pcpu,pmem,vsz,rss,tty,stat,start,time,comm,user
dig +short rawdon-qc.net
>>208.88.6.30
host 208.88.6.30
>>30.6.88.208.in-addr.arpa domain name pointer neon.hostmds.com.
—————————-|
IP BLOCKED |
—————————-|
grep IP /var/log/maillog | grep failed
grep IP /var/log/exim_mainlog | grep failed
grep IP /var/log/lfd.log
csf -d [IP] [Optional comment] Deny an IP and add to /etc/csf/csf.deny
csf -a [IP] [Optional comment] Allow an IP and add to /etc/csf/csf.allow
csf -tr [IP] Remove an IP from the temporary IP ban or allow list.
csf -t Displays the current list of temporary allow and deny IP entries with their TTL and comments
exigrep 1lg6yD-000GjW-6m /var/log/exim_mainlog
csf -g IP –>grep
csf -dr [IP] –>Unblock an IP and remove from /etc/csf/csf.deny
csf -ta [IP] 14400 –>Temp remove ip for 4 hrs
csf -td [IP.add.re.ss] Place an IP on the temporary deny list in /var/lib/csf/csf.tempban
csf -d [IP.add.re.ss] [Optional comment]
message count in the queue: exim -bpc
List the messages in the queue: exim -bp
Print message’s header: exim -Mvh
Print message’s body: exim -Mvb
information about email messages in the queue: exim -bp
Summary of messages in the queue (count, volume, oldest, newest, domain, and totals):
exim -bp | exiqsumm
Display what Exim is doing right now: exiwhat
Search the queue for messages from a specific sender: exiqgrep -f [luser]@domain
Search the queue for messages for a specific recipient/domain: exiqgrep -r [luser]@domain
exim -bp | exiqsumm
remove all mails from queue: exim -bp | awk ‘/^ *[0-9]+[mhd]/{print “exim -Mrm ” $3}’ | bash
or
exiqgrep -i | xargs exim -Mrm
remove frozen mail : exim -bp|grep frozen|awk ‘{print $3}’ |xargs exim -Mrm
Find source email: exigrep -I -l 1mPuPM-0003yD-PK /var/log/exim_mainlog
List out most used script location from your Exim mail log:
grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F”cwd=” ‘{print $2}’ | awk ‘{print $1}’ | sort | uniq -c | sort -n
Whoown
/scripts/whoowns thousandwordsphotos.com
grep gmbsouvenirs.ca /etc/userdomains
PLESK:
mailq
list:
mailq | grep ^[A-F0-9]|cut -c 42-80|sort |uniq -c|sort -n|tail
/var/qmail/bin/qmail-qstat
http://blitzkreig.cpiv.com/identifying-spam-instance-script-on-server/
/var/log/messages
/var/log/secure
—————————————————————-
http://cb.inhouse.net/centralbugzilla/show_bug.cgi?id=17598568
—————————————————————–
IP blocked by server |
————————|
cat /etc/mailips
WHM- ip function -> Show IP Address Usage
add the free ip to /etc/mailips
check email delivilability
repair the domain
check if spf is added
——————————————————————
rdesktop -u ‘username’ IP -p ‘password’
xfreerdp /u:administrator /p:du3at#xefatra48V /v:208.88.5.16:8212 /w:1300 /h:700
———————————————-
Load value should be less than the number of cpu
uname -r ; check current kernal version
lscpu or nproc- list no of CPU cores
junglebyte.com
pkill -u username ; kills all the process of the user
ps axo pid,pcpu,pmem,vsz,rss,tty,stat,start,time,comm,user
To check for out of memory:
grep -i -r ‘out of memory’ /var/log/
free -m
PHP-FPM restart
/scripts/restartsrv_apache_php_fpm
————————————————————–
management *ipaddress*
scan:
maldet -a filepath
vzlist
vzlist -a
vzctl enter CTID
vzcalc -v 110
df -h #disk spave
free -m /ram #free mem in ram
cat /proc/cpuinfo #cpu info
nproc –all #no of cpus
/usr/local/cpanel/cpanel -V
plesk version
cat /etc/*-release #OS version
du -d 1 -h get file size
du -shc /var/*
du -hs * | sort -h
hidden files:
du -hs .[^.]*
clear mysqld error log
cat /dev/null > /var/lib/mysql/cypher.hostmds.com.err
192.168.208.6=199.103.56.134
windows destiny.cirrushosting.com
windows skyrim.cirrushosting.com
Linux sonic.cirrushosting.com plesk
Linux myst.cirrushosting.com
Windows rayne.cirrushosting.com
Linux celeste.cirrushosting.com
Linux indigo.cirrushosting.com
Linux phoenix.cirruhosting.com
Linux pariah.cirrushosting.com
Windows cabela.cirrushosting.com
Linux halo.cirrushosting.com 208.69.57.2 Plesk
Linux mooch.cirrushosting.com 208.69.56.130 Plesk
neelix -WP
Test server Linux
https://cloud.cirrushosting.com/virtual_machines/ifqrcizomxqbiu
Test machine Windows
https://cloud.cirrushosting.com/virtual_machines/hjlhodvqvblihn
clear cache KB
https://kb.iu.edu/d/ahic
VPN:
http://blitzkreig.cpiv.com/set-vpn-idle-timeout-on-windows-server/
http://blitzkreig.cpiv.com/add-vpn-user/
http://blitzkreig.cpiv.com/how-to-connect-anna-valarao-vpn-and-vm/
Test windows machine console
https://cloud.cirrushosting.com/virtual_machines/iodkcllhszayly
SSL:
http://blitzkreig.cpiv.com/230-2/
wildcard
#811421 – SSL webmail issue?
Certificate (*.crt) -> STAR_victoriaballet_ca .crt
CA certificate (*-ca.crt) -> SectigoRSADomainValidationSecureServerCA.crt
DDOS:
netstat -lpan|grep “:443\|:80” |awk ‘{print $5}’|cut -d’:’ -f1 | sort | uniq -c | sort -nk1
http://blitzkreig.cpiv.com/troubleshooting-ddos-attacks-linux-windows/
DNS
http://blitzkreig.cpiv.com/dns-migration/
PTR
http://blitzkreig.cpiv.com/reverse-dns-for-ips-rdns-ptr-record/
SMTP settings plesk
#611356
nagios
http://blitzkreig.cpiv.com/nagios-nrpe-client-installtion-nagioslinux/
http://blitzkreig.cpiv.com/add-new-server-to-nagios/
http://blitzkreig.cpiv.com/nagios-issue-in-disk-check/
nagios server update
[root@nagios r1soft]# rpm -qa | grep kernel-headers-$(uname -r)
kernel-headers-4.18.0-240.15.1.el8_3.x86_64
[root@nagios r1soft]# rpm -qa | grep kernel-devel-$(uname -r)
kernel-devel-4.18.0-240.15.1.el8_3.x86_64
cd /lib/modules/r1soft
ls
wget http://beta.r1soft.com/modules/Centos_8_x64/hcpdriver-cki-4.18.0-240.10.1.el8_3.x86_64.152.ko
/etc/init.d/cdp-agent restart
lsmod | grep hcpdriver
Nagios disk
#401306 – ** PROBLEM alert – vm.truckerschristmasgroup.org/DISK is CRITICAL **
when sending os maintenance update specify what have updatesa nd mention them including php, os, plesk
cirrus websites in -pheonix
To change HV, onapp tools->edit/migrate virtual server-> hot migrat->compute resource
openvz plesk login password
CT-2463 /# /usr/local/psa/bin/admin –show-password
Onapp backend training video
Onapp frontend issues
Openvz
Exchange
Windows
Plesk
Spamexperts
http://blitzkreig.cpiv.com/TRAINING/Blitzkrieg/
http://blitzkreig.cpiv.com/onapp-session-notes-midhun/
http://blitzkreig.cpiv.com/onapp-session-notes-2-midhun/
onapp IP switch
http://blitzkreig.cpiv.com/ip-address-changin-in-onapp-vms/
needs-restarting -r ; echo $?
/var/qmail/bin/qmail-qread
ps axo pid,pcpu,pmem,vsz,rss,tty,stat,start,time,comm,user
PHP-FPM restart
/scripts/restartsrv_apache_php_fpm
*Unix command to list all the IP addresses connected to your server on port 80.
netstat -tn 2>/dev/null | grep :80 | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -nr | head
*Show all active connections to Web server – sorted and unique
netstat -antu | grep :80 | grep -v LISTEN | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c
DDOS:
netstat -lpan|grep “:443\|:80” |awk ‘{print $5}’|cut -d’:’ -f1 | sort | uniq -c | sort -nk1
netstat -plan | grep 118.24.108.75 | awk ‘{print $6}’
netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
->more than 500 packets from an IP then mostly it will be a DDOS attack
netstat -an | egrep “:80|:443” | egrep ‘^tcp’ | grep -v LISTEN | awk ‘{print $5}’ | egrep ‘([0-9]{1,3}\.){3}[0-9]{1,3}’ | sed ‘s/^\(.*:\)\?\(\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*$/\2/’ | sort | uniq -c | sort -nr | sed ‘s/::ffff://’ | head
http://blitzkreig.cpiv.com/troubleshooting-ddos-attacks-linux-windows/
plesk 12 ger mail password
/usr/local/psa/admin/bin/mail_auth_view
increase disk space in openvz
vzctl set 2461 –diskspace 70G:71G –save
#vzctl set CTID –diskspace SoftLimit:HardLimit –save
run this comand outside the container
After migration plesk key
re read IP address
rdesktop -u ‘administrator’ 199.103.61.210 -p ‘TUScVc6swh1K’
xfreerdp /u:administrator /p:TUScVc6swh1K /v:199.103.61.210 /w:1300 /h:700
solarwind
xfreerdp +clipboard /u:bobcares /v:208.69.56.10:8212 /p:swlqaripuf#1O3aca /compression /w:1300 /h:700
Tools & Settings > Services Management > Reverse Proxy Server (nginx)
(10:59:39 IST) jithin.g: Service start aki
(10:59:47 IST) jithin.g: ayalde main domain work aavanillarnu
(11:00:00 IST) jithin.g: angne varanam enkil usually DNS or webserver
(11:00:12 IST) jithin.g: i checked webserver and found this
Blitzkreig team join Dec 18, 2020
after adding VPN accounts users save using “Save Running Configuration to Flash”. in the ASDM window.
If no internet in VM, check if IP/nic is present, if not rebuild network.
RSA host key
ssh-keygen -R IP
rsync to sysnc mail after migration
Change Windows VPS to Ubuntu: The steps here is to delete the existing VM from the client area and create a new VM (Add new server) using Ubuntu 20.04 OS template.
R1soft port 1167
Nagios Port 5666 IP, 208.69.59.172
solarwind 208.69.56.10
sudo netstat -tulpn | grep :443
iptables -I INPUT -p tcp –dport 5666 -j ACCEPT
AFS
ssh cyril.mr@172.17.1.31
P00rnam@123
inode count should not exceed 400,000 for users
RDP liscense installed by ryan, require server reboot.
Permission – corp.hostmds
chattr -i hostmds
chmod 711 hostmds
grep hostmd /var/log/lfd.log|grep disabled -B3
cat /etc/csf/csf.conf | grep LOCALRELAY
RDP restarted the “windows terminal services”(termsrv).
backup
cp -a /usr/local/nagios/etc/service.cfg /usr/local/nagios/etc/service.cfg_bak
Nagios diskl space issue
http://blitzkreig.cpiv.com/nagios-issue-in-disk-check/
curl -o /dev/null -w “Connect: %{time_connect} TTFB: %{time_starttransfer} Total time: %{time_total} \n” “https://unleashsynergy.com/“;