Linux Archives - ServerOK

Monitor OpenLiteSpeed with monit

May 28, 2020

by ServerOk with No Comment Linux

OpenLiteSpeed Monit

To monitor OpenLiteSpeed with monit on Ubuntu Server, create file

vi /etc/monit/conf-enabled/openlitespeed

1	vi /etc/monit/conf-enabled/openlitespeed

Add following content

check process OpenLiteSpeed with pidfile /tmp/lshttpd/lshttpd.pid
    start program = "/usr/bin/systemctl start lshttpd"
    stop program = "/usr/bin/systemctl stop lshttpd"

check process OpenLiteSpeed with pidfile /tmp/lshttpd/lshttpd.pid

start program = "/usr/bin/systemctl start lshttpd"

stop program = "/usr/bin/systemctl stop lshttpd"

Reload monit with

monit reload

1	monit reload

Now monit will monitor OpenLiteSpeed, restart if required. You can check status with

monit status

1	monit status

monit status openlitespeed

If you want to monitor if web server is responding to request, you can use

check process OpenLiteSpeed with pidfile /tmp/lshttpd/lshttpd.pid
    start program = "/usr/bin/systemctl start lshttpd"
    stop program = "/usr/bin/systemctl stop lshttpd"
    if failed host localhost port 80 protocol http then restart

check process OpenLiteSpeed with pidfile /tmp/lshttpd/lshttpd.pid

start program = "/usr/bin/systemctl start lshttpd"

stop program = "/usr/bin/systemctl stop lshttpd"

if failed host localhost port 80 protocol http then restart

inotifywait

May 26, 2020

by ServerOk with No Comment Linux

inotifywait monitor changes in Linux file system. It can be used to track file changes.

Here is inotifywait command used by bitninja to detect uploaded files.

/bin/inotifywait --daemon --recursive --outfile /var/log/bitninja/inotify/inotify.log --fromfile /var/lib/bitninja/monitor.txt --exclude (^/var/cache/buagent/md0.cache.data$|\.MYD$|\.MYI$|\.MAD$|\.MAI$|\.yara$|^/tmp/lshttpd/*\.sock*|^/tmp/lshttpd/\.rtreport\.*|^/var/tmp/clamav-.*|^/tmp/clamav-.*|^/var/lib/bitninja|^/var/log/bitninja|^/var/cache/awstats|^/usr/local/maldetect/quarantine|\.sock$|\.log$|^.*_log$|^.*_log\.processed$|^.*_ssl_log\.webstat$|^/home/accesslog|^/home/virtfs|^/home/cagefs-skeleton/|^/usr/share/cagefs-skeleton/|^/home/.*?/mail/|^/home/cpeasyapache/src/) --timefmt %F %T --format %w%f %e %T --monitor --event create,move,modify

/bin/inotifywait --daemon --recursive --outfile /var/log/bitninja/inotify/inotify.log --fromfile /var/lib/bitninja/monitor.txt --exclude (^/var/cache/buagent/md0.cache.data$|\.MYD$|\.MYI$|\.MAD$|\.MAI$|\.yara$|^/tmp/lshttpd/*\.sock*|^/tmp/lshttpd/\.rtreport\.*|^/var/tmp/clamav-.*|^/tmp/clamav-.*|^/var/lib/bitninja|^/var/log/bitninja|^/var/cache/awstats|^/usr/local/maldetect/quarantine|\.sock$|\.log$|^.*_log$|^.*_log\.processed$|^.*_ssl_log\.webstat$|^/home/accesslog|^/home/virtfs|^/home/cagefs-skeleton/|^/usr/share/cagefs-skeleton/|^/home/.*?/mail/|^/home/cpeasyapache/src/) --timefmt %F %T --format %w%f %e %T --monitor --event create,move,modify

redis commander

April 30, 2020

by ServerOk with No Comment Linux

redis-commander is a GUI for redis. To install, run

npm install -g redis-commander
redis-commander

1 2	npm install -g redis-commander redis-commander

redis commander

Disable ModSecurity for a specific URL

April 20, 2020

by ServerOk with No Comment Linux

On a web site that is protected with ModSecurity, when admin edit HTML pages in admin area, ModSecurity falsely detect it as XSS attack.

ModSecurity

What we can do is disable specific rules that create this false positive. But in this case, it is bceause HTML is submitted. This application normally done need HTML submitted on any other part of the site. So it is better just disable ModSecurity for the specific URL that cause this error.

To do this, add following code to Apache VirtualHost entry for this web site.

<If "%{REQUEST_URI} =~ m#/admin_area/manage_pages.php#">
    SecRuleEngine Off
</If>

<If "%{REQUEST_URI} =~ m#/admin_area/edit_announcement.php#">
    SecRuleEngine Off
</If>

SecRuleEngine Off

</If>

SecRuleEngine Off

</If>

This will disable ModSecurity for URLs /admin_area/manage_pages.php and /admin_area/edit_announcement.php

Cache

April 20, 2020

by ServerOk with No Comment Linux

Install Zend OpCache on OpenLiteSpeed Server

OpenLiteSpeed restart PHP

April 15, 2020

by ServerOk with No Comment Linux

On OpenLiteSpeed, if you edit php.ini or installed a PHP module, restart OpenLiteSpeed won’t show the changes. You will need to restart PHP process.

You can do this by killing all PHP process with

killall -9 lsphp

1	killall -9 lsphp

Or you can create a file

touch /usr/local/lsws/admin/tmp/.lsphp_restart.txt

1	touch /usr/local/lsws/admin/tmp/.lsphp_restart.txt

If you need PHP restarted just for a web site, run

touch /home/USER1/.lsphp_restart.txt

1	touch /home/USER1/.lsphp_restart.txt

Migrate IMAP emails using imapsync

April 14, 2020

by ServerOk with No Comment Linux

To copy emails from one mailbox to another using imapsync, use

imapsync --host1 IP_SRC_SERVER -user1 YOU@YOURDOMAIN --password1 'PASSWORD'  --host2 IP_NEW_SERVER --user2 YOU@YOURDOMAIN --password2 'PASSWORD'

1	imapsync --host1 IP_SRC_SERVER -user1 YOU@YOURDOMAIN --password1 'PASSWORD' --host2 IP_NEW_SERVER --user2 YOU@YOURDOMAIN --password2 'PASSWORD'

Example

imapsync --host1 gator4170.hostgator.com -user1 admin@serverok.in --password1 'CE2U7gnTq0CUk6'  --host2 server20.hostonnet.com --user2 admin@serverok.in --password2 'CE2U7gnTq0CUk6'

1	imapsync --host1 gator4170.hostgator.com -user1 admin@serverok.in --password1 'CE2U7gnTq0CUk6' --host2 server20.hostonnet.com --user2 admin@serverok.in --password2 'CE2U7gnTq0CUk6'

In this example, source and destination email and passwords are the same.

Enable Admin Tools in EasyEngine

April 11, 2020

by ServerOk with No Comment Linux

EasyEngine come admin tools. This include phpMyAdmin, phpinfo, OpCache GUI, nginx status.

To enable admin tool, run

ee admin-tools enable example.com

1	ee admin-tools enable example.com

Admin tools are password protected, to get login details, run

ee auth list global

1	ee auth list global

You can login to admin tools at

http://example.com/ee-admin/

1	http://example.com/ee-admin/

Accessing phpMyAdmin

The pma link in EasyEngine Admin tools take you to phpMyAdmin login page. To login, you need to use MySQL login details for your web site. This you can get by checking your web site configuration file.

You will be able to find your web site files in document root of your web site at

/opt/easyengine/sites/YOUR-DOMAIN/app/htdocs

1	/opt/easyengine/sites/YOUR-DOMAIN/app/htdocs

See EasyEngine

EasyEngine Connect to MySQL Database

April 10, 2020

by ServerOk with No Comment Linux

To Find MySQL root password on EasyEngine, run

cd /opt/easyengine/services && docker-compose exec global-db bash -c 'echo $MYSQL_ROOT_PASSWORD'

1	cd /opt/easyengine/services && docker-compose exec global-db bash -c 'echo $MYSQL_ROOT_PASSWORD'

cat /opt/easyengine/services/docker-compose.yml | grep MYSQL_ROOT_PASSWORD | awk -F'=' '{print $2}'
cat /opt/easyengine/services/docker-compose.yml | grep MYSQL_ROOT_PASSWORD | cut -d'=' -f2

1 2	cat /opt/easyengine/services/docker-compose.yml \| grep MYSQL_ROOT_PASSWORD \| awk -F'=' '{print $2}' cat /opt/easyengine/services/docker-compose.yml \| grep MYSQL_ROOT_PASSWORD \| cut -d'=' -f2

To connect to MySQL console, run

cd /opt/easyengine/services && docker-compose exec global-db bash -c 'mysql -uroot -p${MYSQL_ROOT_PASSWORD}'

1	cd /opt/easyengine/services && docker-compose exec global-db bash -c 'mysql -uroot -p${MYSQL_ROOT_PASSWORD}'

See EasyEngine

Find IP with Most Access from Apache Log

April 10, 2020

by ServerOk with No Comment Linux

To find IP with most access from Apache or other web server log file, run

cat APACHE_ACCESS_LOG_FILE | awk -F' ' '{print $1}' | sort | uniq -c | sort -n

1	cat APACHE_ACCESS_LOG_FILE \| awk -F' ' '{print $1}' \| sort \| uniq -c \| sort -n

If you want to see IP that made most POST request

cat APACHE_ACCESS_LOG_FILE | grep POST | awk -F' ' '{print $1}' | sort | uniq -c | sort -n

1	cat APACHE_ACCESS_LOG_FILE \| grep POST \| awk -F' ' '{print $1}' \| sort \| uniq -c \| sort -n

See Hacked log