Chtaccess

From prajith.in

Chtaccess is a cPanel plugin designed to increase functionality in the cPanel interface when working with generating htaccess files, htpassword protected directory and more. The following option are provided:

Password Protect File
Custom error page
Block bad bots
Change default directory index
Prevent viewing of .htaccess
301 Redirect and 302 Redirect
allow or deny IPs
WWW Redirection
Cache Control

 
 
 
 
 
 
 
 
 
Installation:

wget http://prajith.in/cpanel/chtaccess.sh
sh chtaccess.sh

From prajith.in

ApacheBooster

This software has been depreciated. Please do not use.

From prajith.in

ApacheBooster is an install and integration of nginx and varnish onto the server with an addition of a WHM plugin to manage it. This setup will reduce the server load spikes and memory usage, Also the plugin will provides the following features:

Restart ApacheBooster
Rebuild nginx Conf
Rebuild Vhosts
Nginx Conf Editor
Varnish Conf Editor
Varnish Tunner
Rebuild IP Pool
Show varnish stats
Purge Varnish Cache
Check for upgrade

Additional tweaking will almost always be necessary to configure it specifically for your server.

Install:

wget http://prajith.in/downloads/apachebooster.tar.gz
tar -zxf apachebooster.tar.gz
cd apachebooster
sh install.sh

Varnish

Varnish Cache is a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 – 1000x, depending on your architecture. A high level overview of what Varnish does can be seen in the video attached to this web. Varnish performs really, really well. It is usually bound by the speed of the network, effectivly turning performance into a non-issue. We’ve seen Varnish delivering 20 Gbps on regular off-the-shelf hardware.

Nginx

Nginx is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption. Unlike traditional servers, Nginx doesn’t rely on threads to handle requests. Instead it uses a much more scalable event-driven (asynchronous) architecture. This architecture uses small, but more importantly, predictable amounts of memory under load.

From prajith.in

PWGen

pwgen – PWGen is a password generator capable of creating large amounts of cryptographically secure random passwords or passphrases (from word lists). It uses a random pool to gather entropy from user inputs and system parameters as well as text encryption. The default should be fine for most users. For example, to get a 12-character password, use pwgen 12, and the utility will spit out a set of 120 possible passwords from which to choose (six columns, 20 rows).

Options

  • -0, –no-numerals = Don’t include numbers in the generated passwords.
  • -1 = Print the generated passwords one per line.
  • -A, –no-capitalize = Don’t bother to include any capital letters in the generated passwords.
  • -a, –alt-phonics = This option doesn’t do anything special; it is present only for backwards compatibility.
  • -B, –ambiguous = Don’t use characters that could be confused by the user when printed, such as ‘l’ and ‘1’, or ‘0’ or ‘O’. This reduces the number of possible passwords significantly, and as such reduces the quality of the passwords. It may be useful for users who have bad vision, but in general use of this option is not recommended.
  • -c, –capitalize = Include at least one capital letter in the password. This is the default if the standard output is a tty device.
  • -C = Print the generated passwords in columns. This is the default if the standard output is a tty device.
  • -N, –num-passwords=num = Generate num passwords. This defaults to a screenful if passwords are printed by columns, and one password.
  • -n, –numerals = Include at least one number in the password. This is the default if the standard output is a tty device.
  • -H, –sha1=/path/to/file[#seed] = Will use the sha1’s hash of given file and the optional seed to create password. It will allow you to compute the same password later, if you remember the file, seed, and pwgen’s options used. ie: pwgen -H ~/your_favorite.mp3#your@email.com gives a list of possibles passwords for your pop3 account, and you can ask this list again and again.
    WARNING:
    The passwords generated using this option are not very random. If you use this option, make sure the attacker can not obtain a copy of the file. Also, note that the name of the file may be easily available from the ~/.history or ~/.bash_history file.
  • -h, –help = Print a help message.
  • -s, –secure = Generate completely random, hard-to-memorize passwords. These should only be used for machine passwords, since otherwise it’s almost guaranteed that users will simply write the password on a piece of paper taped to the monitor…
  • -v, –no-vowels = Generate random passwords that do not contain vowels or numbers that might be mistaken for vowels. It provides less secure passwords to allow system administrators to not have to worry with random passwords accidentally contain offensive substrings.
  • -y, –symbols = Include at least one special character in the password.

  • pwgen 12 -s1yc
    D6gz/ewd/z(|

    pwgen 14 -B1ycs
    !sg@-.$=W'}t4"

    pwgen -B -c -N1 -n -s -y
    pu3WK}^a

    pwgen 12 -1cn
    aeb7yaKo3yu5

    Easyapache mysqli extension error

    It seems that sometimes the mysqli extension in EasyApache will not compile in properly on CentOS4.

    It was failing with this error:

    /bin/sh /home/cpeasyapache/src/php-5.3.15/libtool --silent
    --preserve-dup-deps --mode=compile gcc -Iext/mysqli/
    -I/home/cpeasyapache/src/php-5.3.15/ext/mysqli/ -DPHP_ATOM_INC
    -I/home/cpeasyapache/src/php-5.3.15/include
    -I/home/cpeasyapache/src/php-5.3.15/main
    -I/home/cpeasyapache/src/php-5.3.15
    -I/home/cpeasyapache/src/php-5.3.15/ext/date/lib
    -I/home/cpeasyapache/src/php-5.3.15/ext/ereg/regex
    -I/opt/xml2/include/libxml2 -I/opt/pcre/include -I/opt/curlssl//include
    -I/usr/X11R6/include -I/usr/include/freetype2
    -I/opt/php_with_imap_client//include
    -I/home/cpeasyapache/src/php-5.3.15/ext/mbstring/oniguruma
    -I/home/cpeasyapache/src/php-5.3.15/ext/mbstring/libmbfl
    -I/home/cpeasyapache/src/php-5.3.15/ext/mbstring/libmbfl/mbfl
    -I/opt/libmcrypt//include -I/usr/include/mysql
    -I/home/cpeasyapache/src/php-5.3.15/ext/sqlite3/libsqlite
    -I/home/cpeasyapache/src/php-5.3.15/TSRM
    -I/home/cpeasyapache/src/php-5.3.15/Zend -g -O2 -prefer-non-pic
    -c /home/cpeasyapache/src/php-5.3.15/ext/mysqli/mysqli.c -o
    ext/mysqli/mysqli.lo
    In file included from /usr/include/mysql/my_pthread.h:832,
    from /usr/include/mysql/my_sys.h:44,
    from /home/cpeasyapache/src/php-5.3.15/ext/mysqli/php_mysqli_structs.h:77,
    from /home/cpeasyapache/src/php-5.3.15/ext/mysqli/mysqli.c:33:
    /usr/include/mysql/mysql/psi/mysql_thread.h:100: error: syntax error
    before "pthread_rwlock_t"
    /usr/include/mysql/mysql/psi/mysql_thread.h:100: warning: no semicolon
    at end of struct or union
    /usr/include/mysql/mysql/psi/mysql_thread.h:107: error: syntax error
    before '}' token
    /usr/include/mysql/mysql/psi/mysql_thread.h: In function
    `inline_mysql_rwlock_init':
    /usr/include/mysql/mysql/psi/mysql_thread.h:683: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h:683: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h:691: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h: In function
    `inline_mysql_rwlock_destroy':
    /usr/include/mysql/mysql/psi/mysql_thread.h:715: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h:717: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h:718: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h:721: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h: In function
    `inline_mysql_rwlock_rdlock':
    /usr/include/mysql/mysql/psi/mysql_thread.h:750: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h:752: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h:758: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h: In function
    `inline_mysql_rwlock_wrlock':
    /usr/include/mysql/mysql/psi/mysql_thread.h:806: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h:808: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h:814: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h: In function
    `inline_mysql_rwlock_tryrdlock':
    /usr/include/mysql/mysql/psi/mysql_thread.h:862: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h:864: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h:870: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h: In function
    `inline_mysql_rwlock_trywrlock':
    /usr/include/mysql/mysql/psi/mysql_thread.h:889: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h:891: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h:897: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h: In function
    `inline_mysql_rwlock_unlock':
    /usr/include/mysql/mysql/psi/mysql_thread.h:910: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h:911: error: dereferencing
    pointer to incomplete type
    /usr/include/mysql/mysql/psi/mysql_thread.h:913: error: dereferencing
    pointer to incomplete type
    make: *** [ext/mysqli/mysqli.lo] Error 1
    make: *** Waiting for unfinished jobs....
    !! 'make -j2' failed with exit code '512' !!
    !! Restoring original working apache !!
    !! Executing '/scripts/initsslhttpd' !!
    !! Restarting 'httpd' ... !!
    !! 'httpd' restart complete. !!
    Building global cache for cpanel...Done
    !! Executing '/scripts/initfpsuexec' !!
    !! Executing '/scripts/initsslhttpd' !!
    !! Executing '/scripts/update_apachectl' !!
    !! Executing '/scripts/enablefileprotect' !!
    !! Feel free to submit a support ticket at
    https://tickets.cpanel.net/submit/index.cgi?reqtype=tickets !!
    !! Verbose logfile is at
    '/usr/local/cpanel/logs/easy/apache/build.1344792998' !!

    Evidently, CentOS 4 has some issues with mysqli. The fix that worked is as follows:

    Add the following to lines to the all_php5 file which should allow mysqli to install properly.


    touch /var/cpanel/easy/apache/rawopts/all_php5
    vim /var/cpanel/easy/apache/rawopts/all_php5
    add:
    --enable-mysqlnd
    --with-mysqli=mysqlnd
    :wq

    to save the file. After that, simply re-run
    /scripts/easyapache --build
    and mysqli should install properly after that.

    When the build completes verify the install with a
    php -m |grep mysqli
    and/or
    php -i |grep mysqli
    for the mysqli extension settings.

    9 Traits Of The Veteran Unix Admin

    From infoworld.com By Paul Venezia

    Veteran Unix admin trait No. 1: We don’t use sudo
    Much like caps lock is cruise control for cool, sudo is a crutch for the timid. If we need to do something as root, we su to root, none of this sudo nonsense. In fact, for Unix-like operating systems that force sudo upon all users, the first thing we do is sudo su – and change the root password so that we can comfortably su – forever more. Using sudo exclusively is like bowling with only the inflatable bumpers in the gutters — it’s safer, but also causes you to not think through your actions fully.

    Veteran Unix admin trait No. 2: We use vi, not emacs, and definitely not pico or nano
    While we know that emacs is near and dear to the hearts of many Unix admins, it really is the Unix equivalent of Microsoft Word. Vi — and explicitly vim — is the true tool for veteran Unix geeks who need to get things done and not muck about with the extraneous nonsense that comes with emacs. Emacs has a built-in game of Tetris, for crying out loud.

    Veteran Unix admin trait No. 3: We wield regular expressions like weapons
    To the uninitiated, even the most innocuous regex looks like the result of nauseous keyboard. To us, however, it’s pure poetry. The power represented in the complexity of pcre (Perl Compatible Regular Expressions) cannot be matched by any other known tool. If you need to replace every third character in a 100,000-line file, except when it’s followed by the numeral 4, regular expressions aren’t just a tool for the job — they’re the only tool for the job. Those that shrink from learning regex do themselves and their colleagues a disservice on a daily basis. In just about every Unix shop of reasonable size, you’ll find one or two guys regex savants. These poor folks constantly get string snippets in their email accompanied by plaintive requests for a regex to parse them, usually followed by a promise of a round of drinks that never materializes.

    Veteran Unix admin trait No. 4: We’re inherently lazy
    When given a problem that appears to involve lots of manual, repetitive work, we old-school Unix types will always opt to write code to take care of it. This usually takes less time than the manual option, but not always. Regardless, we’d rather spend those minutes and hours constructing an effort that can be referenced or used later, rather than simply fixing the immediate problem. Usually, this comes back to us in spades when a few years later we encounter a similar problem and can yank a few hundred lines of Perl from a file in our home directory, solve the problem in a matter of minutes, and go back to analyzing other code for possible streamlining. Or playing Angry Birds.

    Veteran Unix admin trait No. 5: We prefer elegant solutions
    If there are several ways to fix a problem or achieve a goal, we’ll opt to spend more time developing a solution that encompasses the actual problem and preventing future issues than simply whipping out a Band-Aid. This is related to the fact that we loathe revisiting a problem we’ve already marked “solved” in our minds. We figure that if we can eliminate future problems now by thinking a few steps ahead, we’ll have less to do down the road. We’re usually right.

    Veteran Unix admin trait No. 6: We generally assume the problem is with whomever is asking the question
    To reach a certain level of Unix enlightenment is to be extremely confident in your foundational knowledge. It also means we never think that a problem exists until we can see it for ourselves. Telling a veteran Unix admin that a file “vanished” will get you a snort of derision. Prove to him that it really happened and he’ll dive into the problem tirelessly until a suitable, sensible cause and solution are found. Many think that this is a sign of hubris or arrogance. It definitely is — but we’ve earned it.

    Veteran Unix admin trait No. 7: We have more in common with medical examiners than doctors
    When dealing with a massive problem, we’ll spend far more time in the postmortem than the actual problem resolution. Unless the workload allows us absolutely no time to investigate, we need to know the absolute cause of the problem. There is no magic in the work of a hard-core Unix admin; every situation must stem from a logical point and be traceable along the proper lines. In short, there’s a reason for everything, and we’ll leave no stone unturned until we find it.

    To us, it’s easy to stop the bleeding by HUPping a process or changing permissions on a file or directory to 777, but that’s not the half of it. Why did the process need to be restarted? That shouldn’t have been necessary, and we need to know why.

    Veteran Unix admin trait No. 8: We know more about Windows than we’ll ever let on
    Though we may not run Windows on our personal machines or appear to care a whit about Windows servers, we’re generally quite capable at diagnosing and fixing Windows problems. This is because we’ve had to deal with these problems when they bleed over into our territory. However, we do not like to acknowledge this fact, because most times Windows doesn’t subscribe to the same deeply logical foundations as Unix, and that bothers us. See traits No. 5 and 6 above.

    Veteran Unix admin trait No. 9: Rebooting is almost never an option
    Unix boxes don’t need reboots. Unless there’s absolutely no other option, we’ll spend hours fixing a problem with a running system than give it a reboot. Our thinking here is there’s no reason why a reboot should ever be necessary other than kernel or hardware changes, and a reboot is simply another temporary approach to fixing the problem. If the problem occurred once and was “fixed” by a reboot, it’ll happen again. We’d rather fix the problem than simply pull the plug and wait for the next time.

    If some of these traits seem antisocial or difficult to understand from a lay perspective, that’s because they are. Where others may see intractable, overly difficult methods, we see enlightenment, born of years of learning, experience, and most of all, logic.

    From infoworld.com By Paul Venezia

    cPanel autorepair script for CentOS

    [cPanel-News] cPanel Releases autorepair script for CentOS and RedHat Enterprise Linux

    cPanel has released an autorepair script to resolve a problem caused by a CentOS and Red Hat Enterprise Linux security update to sudo.

    If you are experiencing problems resolving domains, please take the following action from WHM or a root shell:

    To apply the fix from WHM:
    ==========================
    1. Login to WHM as root

    2. Manually append the following to the WHM url:

    /scripts2/autofixer

    examples:
    https://[YOURSERVERHERE]:2087/scripts2/autofixer
    https://[YOURSERVERHERE]:2087/cpsess999999/scripts2/autofixer

    3. In the script name field, enter:

    nsswitch

    4. Click Submit

    To apply the fix from a root shell:
    ===================================
    /scripts/autorepair nsswitch
    # or for newer versions of cPanel
    /usr/local/cpanel/scripts/autorepair nsswitch

    cPanel has assigned internal case number 60611 to track this problem.

    At this time, we believe only RHEL 5, and CentOS 5 are affected if /etc/nsswitch.conf contained a sudoers line prior to the sudo rpm being updated.

    For more information about this problem please see the CentOS and RedHat reports below:
    http://bugs.centos.org/view.php?id=5883&history=1
    https://bugzilla.redhat.com/show_bug.cgi?id=844420

    Updated 2012 WHM Plugin List

    Here is a good solid list of addons/plugins which are available for WHM. This is by no means a complete list as there are many others out there which are paid addons which will increase functionality.

    A-AST RKHUNTER Interface – http://scriptmantra.info/2009/01/the-rkhunter-whm-interface/

    A-AST Sendmail Logger – http://scriptmantra.info/2008/07/sendmail-logger/

    cPanel WHM APF Interface – http://scriptmantra.info/2009/01/cpanel-whm-apf-interface/

    Account DNS Check – http://www.ndchost.com/cpanel-whm/plugins/accountdnscheck/

    Add IP to Firewall – http://www.v-nessa.net/2008/06/05/whm-apf-plugin

    Clean Backups – http://www.ndchost.com/cpanel-whm/plugins/cleanbackups/

    WatchMySQL – http://www.ndchost.com/cpanel-whm/plugins/watchmysql/

    ConfigServer Explorer – http://configserver.com/cp/cse.html

    ConfigServer Mail Manage – http://configserver.com/cp/cmm.html

    ConfigServer Mail Queues – http://configserver.com/cp/cmq.html

    ConfigServer ModSec Control – http://configserver.com/cp/cmc.html

    ConfigServer Security&Firewall – http://configserver.com/cp/csf.html

    ConfigServer Multiple paid offerings – http://configserver.com/ $Fee

    Configure cPanel Cron Times – Main>>cPanel>>Manage Plugins
    ‘cronconfig’ – Check ‘Install and keep updated’

    Fantastico De Luxe WHM Admin – https://netenberg.com/fantastico.php – $Fee

    Munin Service Monitor – Main>>cPanel>>Manage Plugins
    ‘munin’ – Check ‘Install and keep updated’

    Password Changer – http://www.linux-op.com/password-changer-for-cpanelwhm/

    Softaculous – Instant Installs – http://softaculous.com – $Fee

    System Log Viewer – LogView – http://logview.org

    Nginx Admin – http://nginxcp.com/

    WHM Secondary MX Plugin – http://www.ndchost.com/cpanel-whm/plugins/smx/ $Fee

    WHMSonic – http://whmsonic.com Manage shoutcast $Fee

    WHM LVE Manager Plugin – http://www.cloudlinux.com/docs/whmplugin.php
    (if using cloudlinux with WHM/cPanel)

    LiteSpeed Plugin – http://www.litespeedtech.com/support/forum/showthread.php?t=2160
    (Pre-Release)

    WHM RBL Checker – http://www.nickpack.com/article/free-whm-rbl-checker-plugin
    (I needed to run


    /usr/local/cpanel/scripts/perlinstaller Mail::RBL
    /usr/local/cpanel/scripts/perlinstaller Regexp::Common

    to get this one to run correctly)

    WordPress Versions – http://www.white-hat-web-design.co.uk/blog/whm-plugin-wordpress-versions/

    WHMXtra – http://whmxtra.com $Fee

    cPremote – http://cpremote.net/ $Fee

    Domain Statistics – http://domainsstatistics.gk-root.com (Security Tokens needs to be enabled)

    AutoUnblock csf + CSF Manager Auto Unblock http://www.autounblock.com/

    Restore manager – http://restoremanager.gk-root.com/

    Google Apps Wizard cPanel plugin – http://gaw.gk-root.com/

     

    Enjoy…