Unable to Create Addon Domain cPanel

Posted on by

0

(XID ztg584) The system cannot create the common domain “example.com.br”. You must choose a different domain name.

 

Search domain Name there in

grep -irl example.com.br /var/cpanel/users/*

grep -irl example.com.br /var/cpanel/userdata/

grep -irl example.com.br /etc/*

grep -irl example.com.br /usr/local/apache/

 

Some time extension [.com.br] will be there in /var/cpanel/commondomains

so you cannot create with that extesion. In my case this was the issue. When I remove the extesion from /var/cpanel/commondomains , I am able to create addon domain “example.com.br”

 

Sa

Posted on by

0

HRA Deducation

 

Let us understand income tax calculation with an example. Rajeev receives a Basic Salary of Rs 50,000 p.m., HRA of Rs 25,000 p.m, conveyance allowance of Rs 8,000 p.m., Special Allowance of Rs 5,000 p.m., LTA of Rs 20,000 annually. Rajeev lives in rented accommodation in Delhi and pays Rs 20,000 p.m as rent.

To avail HRA benefit, the least of the following amount (yearly) is exempted, rest is taxable:
i) Actual HRA received = Rs 300000
ii) 50% of salary (metro city) = Rs 3,00,000 (50% of Rs 6,00,000)
iii) Actual Rent paying = 240000

Actual Rent – 10% of Basic = 240000-60000=180000

So HRA- Allowed Deduction = 120000 ie: 300000-180000= 120000

Basic Fully taxale

 

 

 

 

rDNS/PTR verifying Script

Posted on by

0

#!/bin/bash
echo -e "Paste Your Domain and IP as given by the client [\e[96mIts not an issue if its in any format]\e[0m \e[1;31m#### Once you paste the input Press Enter and Ctrl + D to Save #####\e[0m" && cat > rdns-input.file
echo ""
echo ""
echo  -e "\e[92mrDNS for the given IP's are mentioned below if its not updated try to readd and check again\e[0m"
while read line; do   ip="$(grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' <<< "$line")";   echo "$ip"; done < "rdns-input.file" > ip-sorted-rdns.file
for i in `cat ip-sorted-rdns.file`; do dig +short -x $i;done
rm -rf ip-sorted-rdns.file rdns-input.file

refer: http://support-tools.com/?a63de70d61908d8d#kDKIznfRLOHUw1nlCqMndyDzmKOWij4LAy7+kfcZ1Gw=

Mysql

Posted on by

0

GRANT ALL PRIVILEGES ON db_name.* TO 'dbuser'@'localhost' IDENTIFIED BY 'password';
CREATE TABLE authors (id INT, name VARCHAR(20), email VARCHAR(20));
INSERT INTO authors (id,name,email) VALUES(1,"Vivek","xuz@abc.com");

DROP TABLE tablename;
DROP DATABASE dbname;
CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';
FLUSH PRIVILEGES;
DROP USER ‘demo’@‘localhost’;


SELECT * from Student WHERE s_name = 'Abhi';


SELECT eid, name, salary+3000  from Employee;


SELECT * from Student where s_name like 'A%'; will list name starts with A

SELECT * from Student where s_name like '_d%'; second characted d
SELECT * from Student where s_name like '%x'; last character x

ascending by default [small to big]
SELECT * from Emp order by salary; 

SELECT * from Emp order by salary DESC;



SELECT name, age from Emp group by salary
select name, salary from Emp where age > 25 group by salary


select distinct salary from Emp; unique salary will display 2 1000 is there will lst only 1 1000

SELECT * from Emp WHERE salary < 10000 AND age > 25

The above query will return records where salary is less than 10000 and age greater than 25.

SELECT * from Emp WHERE salary > 10000 OR age > 25

The above query will return records where either salary is greater than 10000 or age greater than 25.

A Stored procedure is a group of SQL statements that is compiled one time, and then can be executed many times when required.

A Trigger is a database object that is implicitly fired when a triggering event occurs. The trigger can be executed before or after the triggering event.

Refer

Posted on by

0

top

VIRT : Virtual Size of Process [Memory Actual Using + Memry mapped itself + file on the disk that have mapped into+memory shared with outher process]
RES is actal memory user by the process
SHR when a program runs all fuction will map and resident use only the required function

/proc/sys/kernel/pid_max

/proc/sys/vm/swappiness

swapiness=100 [move all to swap]

swapiness = 0 [will not use swap]

/etc/sysctl.conf
vm.swapiness=10

To free page cache:

# echo 1 > /proc/sys/vm/drop_caches

To free dentries and inodes:

# echo 2 > /proc/sys/vm/drop_caches

To free page cache, dentries and inodes:

echo 3 > /proc/sys/vm/drop_caches

Stack is used for static memory allocation and 
Heap for dynamic memory allocation, both stored in the computer's RAM .

Deadlocks are a set of blocked processes each holding a resource and 
waiting to acquire a resource held by another process.

Processes provide two virtualizations: a virtualized processor and virtual memory.
The process descriptor contains the data that describes the executing program—open files, the process’s address space, pending signals, the process’s state,

ni userspace and PR is process actual priority that use by Linux kernel.

In linux system priorities are 0 to 139 in which 0 to 99 for real time and 100 to 139 for users. nice value
range is -20 to +19 where -20 is highest, 0 default and +19 is lowest. relation between nice value and priority is :
PR = 20 + NI

vmstat
procs memory swap io system cpu
r/nproc > 1 CPU Bottleneck
High Niumber in Block indicates slow disk
alwys r > b
si: Amount of memory swapped in from disk (/s). This shows page-ins
so: Amount of memory swapped to disk (/s). This shows page-outs. The so column is zero consistently, indicating there are no page-outs.
bi: Blocks received from block device – Read (like a hard disk)
bo: Blocks sent to a block device – Write

The swapper manages memory allocation for processes and influences CPU allocation.
the process dispatcher shell , vhand dbflush

program runs

slot in process table
pid
copy and spawn new child
return pid to parent
run progarm after forking

 

Display child processes of a parent process

ps -o pid,uname,comm -C httpd

Display threads of a process

ps -p 3150 -L

ps -e -o pid,uname,pcpu,pmem,comm

Turn ps into an realtime process viewer

watch -n 1 ‘ps -e -o pid,uname,cmd,pmem,pcpu –sort=-pmem,-pcpu | head -15’

Sort process by cpu or memory usage

ps aux –sort=-pcpu,+pmem

Sar Tips

sar -d device
sar -r memory
sar -u CPU
sar -u ALL
sar -p cpu of individual
sar -S swap
sar -b IO
sar -d individual IO
sar -w context switch
sar -q load average
sar -n network statics

 

 

sar -f /var/log/sa/sa27
sar -q -f /var/log/sa/sa23 -s 10:00:01 | head -n 10
sar -f /var/log/sa/sa27 -s 02:20:00 -e 03:20:00

 

tcpdump -i eth1 -s0 -n -A host serverip | grep remoteip

Http reques

Get, Post, Put, Delete,Trace

Client

5GET / HTTP/1.0
User-Agent: Wget/1.10.2 (Red Hat modified)
Accept: */*
Host: 192.168.0.103
Connection: Keep-Alive


Server
HTTP/1.1 200 OK
Date: Thu, 21 Feb 2013 10:36:32 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 21 Feb 2013 09:47:39 GMT
ETag: "377709-6-f71984c0"
Accept-Ranges: bytes
Content-Length: 6
Connection: close
Content-Type: text/html; charset=UTF-8
 
hello

Ansible YML File

Posted on by

0

https://pastebin.com/SZGvYPTs

https://pastebin.com/hnLz8iAX

https://pastebin.com/TkHg6ewq

https://pastebin.com/c82LN3mp

https://pastebin.com/NFMeWU9x

 

Excecute Commands from Shell

ansible all -a “/bin/df -h”
ansible all -a “/usr/bin/free -m”
ansible localhost -m service -a “name=apache2 state=restarted” [Restart apache service]
ansible all -m setup gather all server details

 

To get Remote Server Details: [Gather Facts]

ansible all -m setup –tree /tmp/facts

 

Git Basics

Posted on by

0

You have Project [Say Example Bash Script]

So create a folder:

mkdir project

cd project

git init

Move all bash files to project folder

 

git status

git add .         [. means to add all files for committing]

git remote add origin https://tinut89@github.com/tinut89/project.git

git remote set-url origin https://tinut89@github.com/tinut89/project.git   [To Change Current Settings]

git push -u origin master

This will sync all files under project to remote repository

 

Branch  Concept

 

git branch [will list branch by default master will be there]

git branch newbranch [for creating branch]

git checkout newbranch [to switch branch] [Then list branch and check where pointer is]

To push created branch to remote location

git push -u origin newbranch

 

So we know two branches are right now master and newbranch

Both branches will contain same bash files.

 

What is use of branch:

 

Suppose two developer is there to develop bash script:

 

Master will be the original files. So before making changes on master developer can work on newbranch which won’t affect master. Once everything is perfect and validated we can merge with master.

 

To merge newbranch with master

 

git checkout master

git merge newbranch

git push -u origin master

 

 

List the remote connections you have to other repositories.

git remote -v

 

 

Note: Connection for Local Repository to Remote Gthub are two methods

HTTP – will ask password everytime when we push

git remote add origin https://git-username@github.com/git-username/project.git

SSH    – If we set key based authentication will not ask password.

 

Switching remote URLs from SSH to HTTPS

git remote set-url origin https://git-username@github.com/git-username/project.git

Switching remote URLs from HTTPS to SSH

git remote set-url origin ssh://git@github.com/tinut89/project.git

 

Test Connection

$ ssh -T git@github.com
Hi tinut89! You’ve successfully authenticated, but GitHub does not provide shell access.

 

 

git push -u origin master

 

 

 

 

 

 

 

 

 

 

 

 

File System

Posted on by

0

hard disk drive or HDD is cheaper and offers more storage (500 GB to 1 TB are common) while SSD disks are more expensive and generally available in 64 GB to 256 GB configurations.

SSD is good but Expensive

HDD is less expensive [Most of the Hosting Companies use HDD]

 

Hard Disk is Circular Shape and Reading and Writing Data done by Magnetisation.

Hard Disk is a Platter and Tracks are there and its divided into Sectors [512 bytes]

 

 

 

 

Programming Basics

Posted on by

0

1.Multiply all numbers in array –

Input [1,2,3,4,5]

Output should gives 1*2*3*4*5 = 120

Write a program inside function

 

=========================

def multpily(a):
x = 1
for i in a:
x*=i
return x

a = [1,2,3,4,5]
print multpily(a)

===========================

2 . Add 3 to all numbers of an array . Input [2,3,4,5] should gives [5, 6, 7, 8]
like (2+3,3+3,4+3,5+3)

===========================

def add3toarray(a):
c = []
for i in a:
c.append(i+3)
return c

a = [2,3,4,5]
print add3toarray(a)

============================

3. Given a number. Check if it’s prime. Example 7 is prime,19 is prime, 4,10,9 are not prime.
    If prime, print “Prime” else print “Not Prime
============================

n = 9
h = n/2
i = 2
flag = 0
while i<=h:
if n%i==0:
flag=1
break
i+=1

if flag:
print “Not Prime”

else:
print “Prime”

============================

4. Check for a number is array Example : array – [1,2,3,4,5] . Check if 5 exists in array.
============================

def weatherexist(a):
for i in a:
if i==5:
break
print i, “Exist in Array” , a

a = [1,2,3,4,5]
weatherexist(a)

============================

5.Check if a string  is palindrome. Example – “malayalam”,”noon“,”radar” etc . It’s a variation of the string reversal we have done . (you have to compare the reversed string to original one)

===========================

def stringreverse(a):
l = len(a) – 1
i = 0
while i<=l:
print a[l-i]
i+=1

a = ‘malayalam’
stringreverse(a)

============================

 

Script to Install CSF and CSF Hardening

Posted on by

0

Paste the below code to a file and run the file.

#!/usr/bin/env bash

csfinstall () {
cd /usr/local/src
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.cpanel.sh
rm -rfv /usr/local/src/csf.tgz /usr/local/src/csf/
}
csfupdateonly() {
#CSF Update
/usr/sbin/csf -x
/scripts/perlinstaller –force URI
/usr/sbin/csf -e
/usr/sbin/csf -u
}

csftweak() {
cp /etc/csf/csf.conf    /etc/csf/csf.conf.beforetweak
sed -i ‘s/TESTING = “1”/TESTING = “0”/’ /etc/csf/csf.conf
sed -i ‘s/RESTRICT_SYSLOG = “0”/RESTRICT_SYSLOG = “3”/’ /etc/csf/csf.conf
sed -i ‘s/FASTSTART = “0”/FASTSTART = “1”/’ /etc/csf/csf.conf
sed -i ‘s/SYSLOG_CHECK = “0”/SYSLOG_CHECK = “3600”/’ /etc/csf/csf.conf
sed -i ‘s/PT_USERMEM = “200”/PT_USERMEM = “500”/’ /etc/csf/csf.conf
sed -i ‘s/PT_ALL_USERS = “0”/PT_ALL_USERS = “1”/’ /etc/csf/csf.conf
sed -i ‘s/PS_INTERVAL = “300”/PS_INTERVAL = “3600”/’ /etc/csf/csf.conf
sed -i ‘s/PS_LIMIT = “10”/PS_LIMIT = “20”/’ /etc/csf/csf.conf
sed -i ‘s/SMTP_BLOCK = “0”/SMTP_BLOCK = “1”/’ /etc/csf/csf.conf
sed -i ‘s/CT_LIMIT = “0”/CT_LIMIT = “1000”/’ /etc/csf/csf.conf

sed -i ‘s/UDPFLOOD = “0”/UDPFLOOD = “1”/’ /etc/csf/csf.conf
sed -i ‘s/SYNFLOOD = “0”/SYNFLOOD = “1”/’ /etc/csf/csf.conf
sed -i ‘s/PT_LIMIT = “60”/PT_LIMIT = “0”/’ /etc/csf/csf.conf

sed -i ‘s/LF_SCRIPT_LIMIT = “0”/LF_SCRIPT_LIMIT = “100”/’ /etc/csf/csf.conf
sed -i ‘s/LF_MODSEC_PERM = “1”/LF_MODSEC_PERM = “180”/’ /etc/csf/csf.conf
sed -i ‘s/LF_FTPD = “1”/LF_FTPD = “20”/’ /etc/csf/csf.conf
sed -i ‘s/LF_FTPD_PERM = “1”/LF_FTPD_PERM = “5”/’ /etc/csf/csf.conf
sed -i ‘s/LF_POP3D = “1”/LF_POP3D = “20”/’ /etc/csf/csf.conf
sed -i ‘s/LF_POP3D_PERM = “1”/LF_POP3D_PERM = “5”/’ /etc/csf/csf.conf
sed -i ‘s/LF_IMAPD = “1”/LF_IMAPD = “20”/’ /etc/csf/csf.conf
sed -i ‘s/LF_IMAPD_PERM = “1”/LF_IMAPD_PERM = “5”/’ /etc/csf/csf.conf
sed -i ‘s/LF_SMTPAUTH = “1”/LF_SMTPAUTH = “20”/’ /etc/csf/csf.conf
sed -i ‘s/LF_SMTPAUTH_PERM = “1”/LF_SMTPAUTH_PERM = “5”/’ /etc/csf/csf.conf
sed -i ‘s/LF_HTACCESS = “1”/LF_HTACCESS = “20”/’ /etc/csf/csf.conf
sed -i ‘s/LF_HTACCESS_PERM = “1”/LF_HTACCESS_PERM = “5”/’ /etc/csf/csf.conf
sed -i ‘s/LF_PERMBLOCK_INTERVAL = “86400”/LF_PERMBLOCK_INTERVAL = “12000”/’ /etc/csf/csf.conf
sed -i ‘s/LF_PERMBLOCK_COUNT = “4”/LF_PERMBLOCK_COUNT = “20”/’ /etc/csf/csf.conf
#sed -i ‘s/LF_ALERT_TO = “”/LF_ALERT_TO = “root@”/’ /etc/csf/csf.conf
sed -i ‘s/LF_SYMLINK = “0”/LF_SYMLINK = “2”/’ /etc/csf/csf.conf
sed -i ‘s/LF_SYMLINK_PERM = “1”/LF_SYMLINK_PERM = “5”/’ /etc/csf/csf.conf
sed -i ‘s/2095,2096″/2095,2096,30000:50000″/’ /etc/csf/csf.conf

#sed -i ‘s/X_ARF = “0”/X_ARF = “1”/’ /etc/csf/csf.conf
#sed -i ‘s/X_ARF_TO = “”/X_ARF_TO = “sample”/’ /etc/csf/csf.conf

sed -i ‘s/LF_SCRIPT_ALERT = “0”/LF_SCRIPT_ALERT = “1”/’ /etc/csf/csf.conf
sed -i ‘s/LF_DIRWATCH_DISABLE = “0”/LF_DIRWATCH_DISABLE = “1”/’ /etc/csf/csf.conf
echo “.googlebot.com” >> /etc/csf/csf.rignore
echo “.crawl.yahoo.net” >> /etc/csf/csf.rignore
echo “.search.msn.com” >> /etc/csf/csf.rignore
echo “.root-servers.net” >> /etc/csf/csf.rignore

echo “exe:/usr/bin/php” >> /etc/csf/csf.pignore
echo “exe:/usr/libexec/dovecot/auth” >> /etc/csf/csf.pignore
echo “exe:/usr/local/cpanel/3rdparty/bin/freshclam” >> /etc/csf/csf.pignore
echo “exe:/usr/bin/python” >> /etc/csf/csf.pignore
echo “exe:/usr/bin/ruby” >> /etc/csf/csf.pignore

sed -i ‘/exe:\/usr\/local\/cpanel\/3rdparty\/bin\/webalizer\_lang\/english/ d’ /etc/csf/csf.pignore ; echo “exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/english” >> /etc/csf/csf.pignore
sed -i ‘/exe:\/usr\/local\/cpanel\/3rdparty\/perl\/514\/bin\/perl/ d’ /etc/csf/csf.pignore ; echo “exe:/usr/local/cpanel/3rdparty/perl/514/bin/perl” >> /etc/csf/csf.pignore

sed -i ‘s/#SPAMEDROP/SPAMEDROP/’ /etc/csf/csf.blocklists
sed -i ‘s/#BOGON/BOGON/’ /etc/csf/csf.blocklists
sed -i ‘s/#HONEYPOT/HONEYPOT/’ /etc/csf/csf.blocklists
sed -i ‘s/#MAXMIND/MAXMIND/’ /etc/csf/csf.blocklists
sed -i ‘s/86400/3600/g’ /etc/csf/csf.blocklists

if ! grep “GREENSNOW” /etc/csf/csf.blocklists >/dev/null;then
echo “” >> /etc/csf/csf.blocklists
echo “# GreenSnow IP List” >> /etc/csf/csf.blocklists
echo “# Details at: http://greensnow.co&#8221; >> /etc/csf/csf.blocklists
echo “GREENSNOW|3600|0|test” >> /etc/csf/csf.blocklists
fi

/etc/init.d/csf restart
/etc/init.d/lfd restart
csf -r
}

cmcinstall() {
cd /usr/local/src
rm -fv cmc.tgz
wget http://www.configserver.com/free/cmc.tgz
tar -xzf cmc.tgz
cd cmc/
sh install.sh
cd /usr/local/src
rm -rfv /usr/local/src/cmc.tgz /usr/local/src/cmc/
}

cmminstall() {
cd /usr/local/src
rm -fv cmm.tgz
tar -xzf cmm.tgz
cd cmm
sh install.sh
cd /usr/local/src
rm -rfv /usr/local/src/cmm.tgz /usr/local/src/cmm
}

cmqinstall() {
cd /usr/local/src
rm -fv cmq.tgz
wget http://download.configserver.com/cmq.tgz
tar -xzf cmq.tgz
cd cmq
sh install.sh
cd /usr/local/src
rm -rfv /usr/local/src/cmq.tgz /usr/local/src/cmq
}

mysleep() {
MESSAGE=$1
pid=$!
spin=’-\|/’
i=0
while kill -0 $pid 2>/dev/null
do
i=$(( (i+1) %4 ))
echo -ne “\r$MESSAGE ${spin:$i:1}”
sleep .1
done
}

maldetinstall() {
if [ ! -d /usr/local/maldetect ]; then
cd /usr/local/src/
rm -rv maldetect-current.tar.gz
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar xfz maldetect-current.tar.gz
cd maldetect-*
./install.sh
maldet -d
maldet -u
cd /usr/local/src/
rm -rfv /usr/local/src/maldetect-current.tar.gz /usr/local/src/maldetect-*
fi

sed -i “s/email_alert=0/email_alert=1/” /usr/local/maldetect/conf.maldet
sed -i “s/you@domain.com/$CUSTOMEREMAIL/” /usr/local/maldetect/conf.maldet
}

lesinstall() {
cd /usr/local/src
wget  http://www.rfxn.com/downloads/les-current.tar.gz
tar -zxvf les-current.tar.gz
cd les-*
./install.sh
les -sb on
cd /usr/local/src
rm -rf les-*
}

lsminstall() {
cd /usr/local/src
wget http://www.rfxn.com/downloads/lsm-current.tar.gz
tar xvfz lsm-current.tar.gz
cd lsm-*
./install.sh
cd /usr/local/src
rm -rf lsm-*
}

linuxtweak() {
sed -i ‘s/# kernel.tcp_syncookies = 0/kernel.tcp_syncookies = 1/’ /etc/sysctl.conf
sysctl -p

> /etc/cron.daily/logrotate
cd /usr/local/src/
wget  http://techsware.in/downloads/logrotatefix.txt
cat logrotatefix.txt >> /etc/cron.daily/logrotate
mkdir -p /var/spool/logrotate/tmp

yum install logwatch -y
rm -f /etc/logwatch/conf/logwatch.conf
sed -i ‘s/Output =/Output = mail/’ /usr/share/logwatch/default.conf/logwatch.conf
sed -i “s/MailTo = root/MailTo = $CUSTOMEREMAIL/” /usr/share/logwatch/default.conf/logwatch.conf
sed -i ‘s/Print = Yes/Print = No/’ /usr/share/logwatch/default.conf/logwatch.conf
cp -p /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/
logwatch

echo $CUSTOMEREMAIL > /root/.forward
}

disableunproc() {
yum install wget -y; cd /usr/local/src/ && wget http://nixtree.com/download/free/services_dis_vps.txt && for i in `cat services_dis_vps.txt`; do chkconfig $i off; service $i stop; done
rm -f /usr/local/src/services_dis_vps.txt
}

rkhunterinstall() {
cd /usr/local/src
wget http://ph.clarenne.name/rkhunter-1.4.2.tar.gz
tar -zxvf rkhunter-1.4.2.tar.gz
cd rkhunter-1.4.2
sh installer.sh –install
rkhunter –update
cd /usr/local/src
rm -rfv rkhunter-1.4.2.tar.gz rkhunter-1.4.2

sed -i “s/#MAIL-ON-WARNING=me@mydomain   root@mydomain/MAIL-ON-WARNING=$CUSTOMEREMAIL/” /etc/rkhunter.conf
sed -i ‘s/#ALLOW_SSH_ROOT_USER=no/ALLOW_SSH_ROOT_USER=unset/’ /etc/rkhunter.conf

echo “SCRIPTWHITELIST=/sbin/ifup” >> /etc/rkhunter.conf
echo “SCRIPTWHITELIST=/sbin/ifdown” >> /etc/rkhunter.conf
echo “SCRIPTWHITELIST=/usr/bin/GET” >> /etc/rkhunter.conf
echo “SCRIPTWHITELIST=/usr/bin/ldd” >> /etc/rkhunter.conf
echo “SCRIPTWHITELIST=/usr/bin/whatis” >> /etc/rkhunter.conf

echo “ALLOWHIDDENFILE=/dev/.udev/queue.bin” >> /etc/rkhunter.conf
echo “ALLOWHIDDENFILE=/usr/share/man/man5/.k5identity.5.gz” >> /etc/rkhunter.conf
echo “ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.gz” >> /etc/rkhunter.conf
echo “ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz” >> /etc/rkhunter.conf
echo “ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac” >> /etc/rkhunter.conf
echo “ALLOWHIDDENFILE=/usr/bin/.ssh.hmac” >> /etc/rkhunter.conf
echo “ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac” >> /etc/rkhunter.conf

echo “ALLOWDEVFILE=/dev/.udev/queue.bin” >> /etc/rkhunter.conf
echo “ALLOWHIDDENDIR=/dev/.udev” >> /etc/rkhunter.conf

sed -i “s/DISABLE_TESTS/#DISABLE_TESTS/g” /etc/rkhunter.conf
echo “DISABLE_TESTS=loaded_modules suspscan hidden_ports hidden_procs deleted_files packet_cap_apps avail_modules loaded_modules” >> /etc/rkhunter.conf

echo “/usr/local/bin/rkhunter –cronjob” > /etc/cron.daily/rkhunterscan
chmod 755 /etc/cron.daily/rkhunterscan

rkhunter –propupdate
}

ftptweak() {
cp /etc/pure-ftpd.conf  /etc/pure-ftpd.conf.beforetweak
sed -i  “s/RootPassLogins: ‘yes’/RootPassLogins: ‘no’/g” /var/cpanel/conf/pureftpd/main
sed -i  “s/AnonymousCantUpload: ‘no’/AnonymousCantUpload: ‘yes’/g” /var/cpanel/conf/pureftpd/main
sed -i  “s/NoAnonymous: ‘no’/NoAnonymous: ‘yes’/g” /var/cpanel/conf/pureftpd/main
sed -i “s/MaxClientsPerIP: 8/MaxClientsPerIP: 15/” /var/cpanel/conf/pureftpd/main
sed -i ‘s/# PassivePortRange/PassivePortRange/’ /etc/pure-ftpd.conf
sed -i ‘s/MaxIdleTime: 15/MaxIdleTime: 25/’ /var/cpanel/conf/pureftpd/main
touch /var/cpanel/conf/pureftpd/root_password_disabled

cp /etc/proftpd.conf    /etc/proftpd.conf.beforetweak
sed -i “s/TCPAccessFiles: ‘on’/TCPAccessFiles: ‘off’/” /var/cpanel/conf/proftpd/main
sed -i “s/cPanelAnonymousAccessAllowed: ‘yes’/cPanelAnonymousAccessAllowed: ‘no’/” /var/cpanel/conf/proftpd/main
echo “PassivePorts 30000 50000” >> /etc/proftpd.conf

/usr/local/cpanel/whostmgr/bin/whostmgr2 doftpconfiguration > /dev/null
/scripts/restartsrv ftp
}

cpaneltweak() {

##cPanel Tweak Settings
cp -p /var/cpanel/cpanel.config /var/cpanel/cpanel.config.beforetweak
echo “alwaysredirecttossl=1” >> /var/cpanel/cpanel.config
echo “referrerblanksafety=1” >> /var/cpanel/cpanel.config
echo “referrersafety=1” >> /var/cpanel/cpanel.config
echo “xsrftokens=1” >> /var/cpanel/cpanel.config
echo “maxemailsperhour=500” >> /var/cpanel/cpanel.config
echo “emailusersbandwidthexceed95=1” >> /var/cpanel/cpanel.config
echo “proxysubdomains=1” >> /var/cpanel/cpanel.config
echo “proxysubdomainsfornewaccounts=1” >> /var/cpanel/cpanel.config
echo “proxysubdomainsoverride=1” >> /var/cpanel/cpanel.config
echo “skipboxtrapper=1” >> /var/cpanel/cpanel.config
echo “use_apache_md5_for_htaccess=1” >> /var/cpanel/cpanel.config
echo “cookieipvalidation=strict” >> /var/cpanel/cpanel.config
echo “skiphttpauth=1” >> /var/cpanel/cpanel.config
echo “cpaddons_adminemail=$CUSTOMEREMAIL” >> /var/cpanel/cpanel.config
echo “cpaddons_notify_owner=always” >> /var/cpanel/cpanel.config
echo “cpaddons_notify_root=1” >> /var/cpanel/cpanel.config
echo “blockcommondomains=1” >> /var/cpanel/cpanel.config
echo “coredump=0” >> /var/cpanel/cpanel.config
echo “emailpasswords=0” >> /var/cpanel/cpanel.config
echo “jaildefaultshell=0” >> /var/cpanel/cpanel.config
echo “defaultmailaction=fail” >> /var/cpanel/cpanel.config
echo “email_send_limits_count_mailman=1” >> /var/cpanel/cpanel.config
echo “email_send_limits_max_defer_fail_percentage=30” >> /var/cpanel/cpanel.config
echo “phploader=ioncube” >> /var/cpanel/cpanel.config
echo “cgihidepass=1” >> /var/cpanel/cpanel.config

echo “SecurityPolicy::PasswordAge=1” >> /var/cpanel/cpanel.config
echo “SecurityPolicy::PasswordAge::maxage=365” >> /var/cpanel/cpanel.config
echo “SecurityPolicy::PasswordStrength=1” >> /var/cpanel/cpanel.config

echo “nobodyspam=1” >> /var/cpanel/cpanel.config
echo “permit_unregistered_apps_as_reseller=0” >> /var/cpanel/cpanel.config
echo “permit_appconfig_entries_without_acls=0” >> /var/cpanel/cpanel.config
echo “permit_appconfig_entries_without_features=0” >> /var/cpanel/cpanel.config

echo “SecurityPolicy::PasswordStrength=1” >> /var/cpanel/cpanel.config
echo “minpwstrength_sshkey=95” >> /var/cpanel/cpanel.config
echo “minpwstrength=85” >> /var/cpanel/cpanel.config
echo “minpwstrength_createacct=80” >> /var/cpanel/cpanel.config
echo “minpwstrength_pop=75” >> /var/cpanel/cpanel.config
echo “minpwstrength_ftp=75” >> /var/cpanel/cpanel.config
echo “minpwstrength_passwd=75” >> /var/cpanel/cpanel.config
echo “minpwstrength_mysql=75” >> /var/cpanel/cpanel.config
echo “minpwstrength_webdisk=70” >> /var/cpanel/cpanel.config
echo “minpwstrength_postgres=65” >> /var/cpanel/cpanel.config
echo “minpwstrength_bandmin=60” >> /var/cpanel/cpanel.config
echo “minpwstrength_cpaddons=55” >> /var/cpanel/cpanel.config
echo “minpwstrength_list=50” >> /var/cpanel/cpanel.config

echo “api_shell=0” >> /var/cpanel/features/default
echo “fantastico=0” >> /var/cpanel/features/default
echo “guest=0” >> /var/cpanel/features/default

/usr/local/cpanel/whostmgr/bin/whostmgr2 –updatetweaksettings

## Disable SMTP Tweak in cPanel – Enable it in CSF
rm -f /var/cpanel/smtpgidonlytweak

## Disable Compiler Access
chmod 750 /usr/bin/gcc /usr/bin/i386-redhat-linux-gcc
chown root:compiler /usr/bin/gcc /usr/bin/i386-redhat-linux-gcc

## Enable cpHulkd
/usr/local/cpanel/etc/init/startcphulkd
/usr/local/cpanel/bin/cphulk_pam_ctl –enable
mysqlcheck -r cphulkd

#BG Process Killer
cp /var/cpanel/killproc.conf    /var/cpanel/killproc.conf.beforetweak
echo “services” > /var/cpanel/killproc.conf
echo “ptlink” >> /var/cpanel/killproc.conf
echo “psyBNC” >> /var/cpanel/killproc.conf
echo “ircd” >> /var/cpanel/killproc.conf
echo “guardservices” >> /var/cpanel/killproc.conf
echo “generic-sniffers” >> /var/cpanel/killproc.conf
echo “eggdrop” >> /var/cpanel/killproc.conf
echo “bnc” >> /var/cpanel/killproc.conf
echo “BitchX” >> /var/cpanel/killproc.conf

#Shell Bomb Fork Protection
if ! grep “cPanel Added Limit Protections” /etc/profile >/dev/null; then
cd /usr/local/src
wget http://techsware.in/downloads/disableshellbomb.txt
cat disableshellbomb.txt >> /etc/profile
rm -f disableshellbomb.txt
fi

sed -i ‘/mysql:1/ d’ /etc/chkserv.d/chkservd.conf; echo “mysql:1” >> /etc/chkserv.d/chkservd.conf
sed -i ‘/httpd:1/ d’ /etc/chkserv.d/chkservd.conf; echo “httpd:1” >> /etc/chkserv.d/chkservd.conf
sed -i ‘/lfd:1/ d’ /etc/chkserv.d/chkservd.conf; echo “lfd:1” >> /etc/chkserv.d/chkservd.conf
sed -i ‘/sshd:1/ d’ /etc/chkserv.d/chkservd.conf; echo “sshd:1” >> /etc/chkserv.d/chkservd.conf
sed -i ‘/exim:1/ d’ /etc/chkserv.d/chkservd.conf; echo “exim:1” >> /etc/chkserv.d/chkservd.conf
sed -i ‘/ftpd:1/ d’ /etc/chkserv.d/chkservd.conf; echo “ftpd:1” >> /etc/chkserv.d/chkservd.conf
sed -i ‘/imap:1/ d’ /etc/chkserv.d/chkservd.conf; echo “imap:1” >> /etc/chkserv.d/chkservd.conf
sed -i ‘/pop:1/ d’ /etc/chkserv.d/chkservd.conf; echo “pop:1” >> /etc/chkserv.d/chkservd.conf
sed -i ‘/cpdavd:1/ d’ /etc/chkserv.d/chkservd.conf; echo “cpdavd:1” >> /etc/chkserv.d/chkservd.conf
sed -i ‘/syslogd:1/ d’ /etc/chkserv.d/chkservd.conf; echo “syslogd:1” >> /etc/chkserv.d/chkservd.conf
sed -i ‘/watchmysql:1/ d’ /etc/chkserv.d/chkservd.conf; echo “watchmysql:0” >> /etc/chkserv.d/chkservd.conf

/usr/local/cpanel/bin/updatephpmyadmin –force

}

apachetweak() {
APACHEMINVER=`/usr/local/apache/bin/httpd -V | grep “Server version” | awk -F”/” {‘print $2’} | awk -F”.” {‘print $2’}`
if [ -f /var/cpanel/conf/apache/local ]; then
cp  /var/cpanel/conf/apache/local /var/cpanel/conf/apache/local.beforetweak
sed “s/’/#/g” /var/cpanel/conf/apache/local | sed ‘s/ceenable”: #On#/ceenable”: #Off#/g’ | sed ‘s/ersignature”: #On#/ersignature”: #Off#/g’ |  sed ‘s/ertokens”: #.*#/ertokens”: #ProductOnly#/g’| sed ‘s/leetag”: #.*#/leetag”: #None#/g’ | sed ‘s/nksIfOwnerMatch”: 0/nksIfOwnerMatch”: 1/g’ | sed “s/#/’/g” >  /var/cpanel/conf/apache/local.tmp
cat /var/cpanel/conf/apache/local.tmp > /var/cpanel/conf/apache/local
rm -f /var/cpanel/conf/apache/local.tmp
else
cat << ‘EOF’ > /var/cpanel/conf/apache/local

“main”:
“serversignature”:
“item”:
“serversignature”: ‘Off’
“servertokens”:
“item”:
“servertokens”: ‘ProductOnly’
“traceenable”:
“item”:
“traceenable”: ‘Off’
“fileetag”:
“item”:
“fileetag”: ‘None’

EOF
fi

/usr/local/cpanel/bin/build_apache_conf
/scripts/restartsrv http
}

mysqltweak() {
if grep local-infile /etc/my.cnf /dev/null; then
sed -i ‘s/local-infile=1/local-infile0/’ /etc/my.cnf
else
echo “local-infile=0” > /usr/local/src/mysqltweak.txt
sed -i “/\[mysqld\]/ r /usr/local/src/mysqltweak.txt” /etc/my.cnf
rm -f /usr/local/src/mysqltweak.txt
fi

mysql -u root -e “drop database test”

/scripts/restartsrv mysql

cd /usr/local/src
wget http://download.ndchost.com/watchmysql/latest-watchmysql
sh latest-watchmysql
rm -f latest-watchmysql
}

phptweak() {
cp /usr/local/lib/php.ini       /usr/local/lib/php.ini.beforetweak
sed -i ‘s/max_execution_time = [0-9]*/max_execution_time = 300/’ /usr/local/lib/php.ini
sed -i ‘s/max_input_time = [0-9]*/max_input_time = 600/’ /usr/local/lib/php.ini
sed -i ‘s/post_max_size = 8M/post_max_size = 128M/’ /usr/local/lib/php.ini
sed -i ‘s/max_file_uploads = 20/max_file_uploads = 32/’ /usr/local/lib/php.ini
sed -i ‘s/enable_dl = On/enable_dl = Off/g’ /usr/local/lib/php.ini
sed -i ‘s/allow_url_fopen = On/allow_url_fopen = Off/g’ /usr/local/lib/php.ini
sed -i ‘s/display_errors = On/display_errors = Off/g’ /usr/local/lib/php.ini
sed -i ‘s/display_startup_errors = On/display_startup_errors = Off/g’ /usr/local/lib/php.ini
sed -i ‘s/;safe_mode = On/safe_mode = On/g’ /usr/local/lib/php.ini
sed -i ‘s/expose_php = On/expose_php = Off/g’ /usr/local/lib/php.ini
sed -i ‘s/disable_functions =/disable_functions = eval, show_source, system, shell_exec, passthru, exec, popen, proc_open, allow_url_fopen, symlink/’ /usr/local/lib/php.ini

/scripts/restartsrv http
}

sshtweak() {
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.beforetweak
sed -i ‘s/#UseDNS yes/UseDNS no/’ /etc/ssh/sshd_config
sed -i ‘s/#Protocol 2,1/Protocol 2/’ /etc/ssh/sshd_config
sed -i ‘s/#LoginGraceTime 2m/LoginGraceTime 30s/’ /etc/ssh/sshd_config

/scripts/restartsrv ssh
}

######################################
#Main Function Starts Here
######################################
red=’\e[0;31m’
green=’\e[0;32m’
notice=’\e[0;35m’
NC=’\e[0m’
CUSTOMEREMAIL=$1

if [ “$#” -ne 1 ]; then
echo -ne “${red}Usage: $0 <Email Address>${NC}”
echo -ne ‘\n’
exit
fi
if [ -f /usr/local/cpanel/cpdavd ]; then
sleep 1 > /dev/null &
mysleep “Checking for cPanel..”
echo -ne “\r${notice}Detected cPanel/WHM on the server${NC}”
echo -ne ‘\n’

else
echo -ne “${red}Cound not detect cPanel on your server${NC}”
echo -ne ‘\n’
fi

read -p “Need to install and configure CSF? (y/n)” -n 1 -r
if [[  $REPLY =~ ^[Yy]$ ]]; then
if [ -f /usr/sbin/csf ]; then
echo -ne ‘\n’
echo  -ne “${notice}CSF installed already on this server${NC}”
echo -ne ‘\n’
csfupdateonly > /dev/null  2>&1 &
mysleep “Updating CSF/LFD”
echo -ne “\r${green}CSF/LFD has been updated${NC}”
echo -ne ‘\n’

else
csfinstall  > /dev/null  2>&1 &
echo -ne ‘\n’
mysleep “Installing CSF”
if [ -f /usr/sbin/csf ]; then
echo -ne “\r${green}CSF has been installed successfully${NC}”
else
echo -ne “\r${red}CSF installation error${NC}”
fi
fi
csftweak > /dev/null  2>&1 &
mysleep “Tweaking CSF”
echo -ne “\r${green}CSF has been Tweaked${NC}”
echo -ne ‘\n’
else
echo -ne ‘\n’
echo -ne “${red}Entered option other than Yes..Skipping CSF installation and configuration${NC}\n”
fi

cmminstall > /dev/null  2>&1 &
mysleep “Installing ConfigServers Mail Manage”
echo -ne “\r${green}ConfigServers Mail Manage  has been installed${NC}”
echo -ne ‘\n’

cmqinstall > /dev/null  2>&1 &
mysleep “Installing ConfigServers Mail Queue Manage”
echo -ne “\r${green}ConfigServers Mail Queue Manage  has been installed${NC}”
echo -ne ‘\n’

cmcinstall > /dev/null  2>&1 &
mysleep “Installing ConfigServers Mod_Sec Manage”
echo -ne “\r${green}ConfigServers Mod_Sec Manage has been installed${NC}”
echo -ne ‘\n’

cpaneltweak > /dev/null  2>&1 &
mysleep “Tweaking cPanel”
echo -ne “\r${green}cPanel/WHM Settings has been tweaked${NC}”
echo -ne ‘\n’

maldetinstall > /dev/null  2>&1 &
mysleep “Installing Maldet”
echo -ne “\r${green}RFXN MalDet has been installed and enabled${NC}”
echo -ne ‘\n’

lesinstall > /dev/null  2>&1 &
mysleep “Installing Linux Environment Security”
echo -ne “\r${green}RFXN Linux Environment Security has been installed${NC}”
echo -ne ‘\n’

lsminstall > /dev/null  2>&1 &
mysleep “Installing Linux Socket Monitor”
echo -ne “\r${green}RFXN Linux Socket Monitor has been installed${NC}”
echo -ne ‘\n’

rkhunterinstall > /dev/null  2>&1 &
mysleep “Installing rkhunter”
echo -ne “\r${green}RkHunter has been installed and configured${NC}”
echo -ne ‘\n’
rkhunter -c -sk > /dev/null  2>&1 &
mysleep “Running rkhunter scan”
echo -ne “\r${green}RkHunter scan has been  completed. You will receive an email if it has detected any issues${NC}”
echo -ne ‘\n’

read -p “Would you like to secure /tmp and /var/tmp? (y/n)” -n 1 -r
if [[  $REPLY =~ ^[Yy]$ ]]; then
if [ -f /var/cpanel/version/securetmp_disabled ]; then
echo -ne ‘\n’
echo  -ne “\r${red}cPanel securetmp is disabled on this server${NC}”
echo -ne ‘\n’
else
/scripts/securetmp –auto  > /dev/null  2>&1 &
echo -ne ‘\n’
echo  -ne “\r${green}/tmp and /var/tmp have been secured on this server${NC}”
echo -ne ‘\n’
fi

else
echo  -ne “${red}/tmp and /var/tmp securing is skipped${NC}”
fi

disableunproc > /dev/null  2>&1 &
mysleep “Disabling unwanted processes”
echo -ne “\r${green}Unwanted processes have been disabled. ${notice}Check website for the list of processes that are disabled${NC}”
echo -ne ‘\n’

ftptweak > /dev/null  2>&1 &
mysleep “Twaeking FTP”
echo -ne “\r${green}FTP Server has been tweaked and restarted${NC}”
echo -ne ‘\n’

read -p “Would you like to do basic security hardening for MySQL? (y/n)” -n 1 -r
if [[  $REPLY =~ ^[Yy]$ ]]; then
cp -p /etc/my.cnf /etc/my.cnf.beforetweak
mysqltweak  > /dev/null  2>&1 &
echo -ne ‘\n’
mysleep “MySQL tweaking..”
echo  -ne “\r${green}MySQL Tweak has been completed${NC}”
echo -ne ‘\n’
else
echo -ne ‘\n’
echo  -ne “\r${red}MySQL Tweak is skipped by user selection${NC}”
echo -ne ‘\n’
fi

read -p “Would you like to do basic security hardening for PHP? (y/n)” -n 1 -r
if [[  $REPLY =~ ^[Yy]$ ]]; then
phptweak > /dev/null  2>&1 &
echo -ne ‘\n’
mysleep “Tweaking PHP”
echo  -ne “\r${green}PHP has been tweaked for better security${NC}”
echo -ne ‘\n’
else
echo -ne ‘\n’
echo  -ne “\r${red}PHP Tweak is skipped by user selection${NC}”
echo -ne ‘\n’
fi

read -p “Would you like to do basic security hardening for SSH? (y/n)” -n 1 -r
if [[  $REPLY =~ ^[Yy]$ ]]; then
sshtweak > /dev/null  2>&1 &
echo -ne ‘\n’
mysleep “Tweaking SSH”
echo  -ne “\r${green}SSH has been tweaked for better security${NC}”
echo -ne ‘\n’
SSHPORT=`netstat -plan | grep ssh | grep LISTEN | awk -F” ” {‘print $4’} | head -1 | awk -F”:” {‘print $2’}`
if [ $SSHPORT -eq 22 ]; then
echo  -ne “\r${red}SSH running on default port. It is strognly recommended to change it to a custom port${NC}”
echo -ne ‘\n’
fi
else
echo -ne ‘\n’
echo  -ne “\r${red}SSH Tweak is skipped by user selection${NC}”
echo -ne ‘\n’
fi

read -p “Would you like to do basic security hardening for Apache? (y/n)” -n 1 -r
if [[  $REPLY =~ ^[Yy]$ ]]; then
apachetweak> /dev/null  2>&1 &
echo -ne ‘\n’
mysleep “Tweaking Apache”
echo  -ne “\r${green}Apache Tweak is completed and restarted the service${NC}”
echo -ne ‘\n’
else
echo -ne ‘\n’
echo  -ne “\r${red}Apache Tweak is skipped by user selection${NC}”
echo -ne ‘\n’
fi

echo  -ne “\r${notice}Checking rDNS for server IP address${NC}”
echo -ne ‘\n’
MAINIP=`hostname -i`
RDNS=`dig +short -x $MAINIP`
if [ -z $RDNS ]; then
echo -ne “${notice}No rDNS found for the main IP address…checking in /etc/mailips file…${NC}”
if [ ! -s /etc/mailips ]; then
echo -ne “${red}/etc/mailips file is empty….set proper rDNS for main IP address for uninterrupted mail service${NC}”
else
for ip in `cat /etc/mailips| awk -F” ” {‘print $2’}`
do
RDNS=`dig +short -x $ip`
if [ -z $RDNS ]; then
echo -ne “${red}No rDNS found for IP address $ip${NC}”
else
echo -ne “${red}found rDNS for IP address $ip${NC}”
fi
done
fi
else
echo -ne “${green}Found rDNS for IP address $MAINIP${NC}”
fi
echo -ne ‘\n’