sysdig is a tool like top, but more powerful, it is a combination of tools like htop, iftop, lsof.
To install sysdig on ubuntu, run
apt-get install sysdig
To see files using top IO, run
sysdig -c topfiles_bytes
To access top like GU, run
csysdig
Category: Linux
-
sysdig
-
Webuzo
- How to fix WordPress 404 error in Webuzo
- Webuzo MySQL root password
- Change MySQL root password in Webuzo
- How to find MySQL root password in Webuzo
Install webuzo
wget -N http://files.webuzo.com/install.sh chmod 0755 install.sh ./install.shAfter installing you can login into the Webuzo control panel at
https://server-ip:2005/Webuzo Config files
/usr/local/apps/nginx/etc/conf.d/webuzoVH.conf - Nginx /var/webuzo/my.conf - MySQL root password /var/webuzo/certs - SSL certificates used by the control panel, mail server, FTP /var/webuzo/logs - update/import logsBack to Hosting Control Panels
-
CageFS command not working for user
I have flvtool2 installed on the server. Path to binary file location was added in file /etc/cagefs/conf.d/vshare.cfg
[root@server22 ~]# cat /etc/cagefs/conf.d/vshare.cfg [vshare] comment=vShare Youtube Clone Requirements paths=/usr/bin/ffmpeg, /usr/bin/mencoder, /usr/bin/mplayer, /usr/bin/flvtool2, /usr/bin/lame, /usr/bin/yamdi, /usr/bin/qt-faststart, /usr/bin/MP4Box, /usr/bin/mediainfo, /usr/bin/neroAacEnc [root@server22 ~]#
The binary program works properly when running as root, but it fail when switching to a user that use CageFS.
[root@server22 ~]# /usr/bin/flvtool2 -V FLVTool2 1.0.6 [root@server22 ~]# su - socialwe Last login: Thu May 28 06:33:33 UTC 2020 on pts/0 [socialwe@server22 ~]$ /usr/bin/flvtool2 -V
' [socialwe@server22 ~]$ The problem is fixed by editing file /etc/cagefs/cagefs.mp
vi /etc/cagefs/cagefs.mp
Add following lines
!/usr/lib64/ruby/ !/usr/share/rubygems/ !/usr/share/ruby/ !/usr/local/share/ruby/
Now remount cagefs with
cagefsctl --remount-all
See cagefs
-
Monitor OpenLiteSpeed with monit
To monitor OpenLiteSpeed with monit on Ubuntu Server, create file
vi /etc/monit/conf-enabled/openlitespeed
Add following content
check process OpenLiteSpeed with pidfile /tmp/lshttpd/lshttpd.pid start program = "/usr/bin/systemctl start lshttpd" stop program = "/usr/bin/systemctl stop lshttpd"Reload monit with
monit reload
Now monit will monitor OpenLiteSpeed, restart if required. You can check status with
monit status
If you want to monitor if web server is responding to request, you can use
check process OpenLiteSpeed with pidfile /tmp/lshttpd/lshttpd.pid start program = "/usr/bin/systemctl start lshttpd" stop program = "/usr/bin/systemctl stop lshttpd" if failed host localhost port 80 protocol http then restart -
Ubuntu Screen Recorder
Ubuntu come with screen recorder, this can be activated with shortcut
CTRL + ALT + SHIFT + R
By default, it will record for 30 seconds. Video get saved in your home directory (/home/USERNAME) in webm format.
If you want to increase time, you can run following command
gsettings set org.gnome.settings-daemon.plugins.media-keys max-screencast-length TIME_IN_SECONDS_HERE
It is better to set this to 0, this way record never auto stop. You need to manually stop recording with CTRL + ALT + SHIFT + R key combination.
gsettings set org.gnome.settings-daemon.plugins.media-keys max-screencast-length 0
Default value on Ubuntu 20.04 is “uint32 30”
boby@sok-01:~$ gsettings get org.gnome.settings-daemon.plugins.media-keys max-screencast-length uint32 30 boby@sok-01:~$ gsettings set org.gnome.settings-daemon.plugins.media-keys max-screencast-length 0 boby@sok-01:~$ gsettings get org.gnome.settings-daemon.plugins.media-keys max-screencast-length uint32 0 boby@sok-01:~$
See Ubuntu
-
inotifywait
inotifywait monitor changes in Linux file system. It can be used to track file changes.
Here is inotifywait command used by bitninja to detect uploaded files.
/bin/inotifywait --daemon --recursive --outfile /var/log/bitninja/inotify/inotify.log --fromfile /var/lib/bitninja/monitor.txt --exclude (^/var/cache/buagent/md0.cache.data$|\.MYD$|\.MYI$|\.MAD$|\.MAI$|\.yara$|^/tmp/lshttpd/*\.sock*|^/tmp/lshttpd/\.rtreport\.*|^/var/tmp/clamav-.*|^/tmp/clamav-.*|^/var/lib/bitninja|^/var/log/bitninja|^/var/cache/awstats|^/usr/local/maldetect/quarantine|\.sock$|\.log$|^.*_log$|^.*_log\.processed$|^.*_ssl_log\.webstat$|^/home/accesslog|^/home/virtfs|^/home/cagefs-skeleton/|^/usr/share/cagefs-skeleton/|^/home/.*?/mail/|^/home/cpeasyapache/src/) --timefmt %F %T --format %w%f %e %T --monitor --event create,move,modify
-
redis commander
redis-commander is a GUI for redis. To install, run
npm install -g redis-commander redis-commander
-
Disable ModSecurity for a specific URL
On a web site that is protected with ModSecurity, when admin edit HTML pages in admin area, ModSecurity falsely detect it as XSS attack.
What we can do is disable specific rules that create this false positive. But in this case, it is bceause HTML is submitted. This application normally done need HTML submitted on any other part of the site. So it is better to disable ModSecurity for the specific URL that causes this error.
To do this, add the following code to the Apache VirtualHost entry for this website.
<If "%{REQUEST_URI} =~ m#/admin_area/manage_pages.php#"> SecRuleEngine Off </If> <If "%{REQUEST_URI} =~ m#/admin_area/edit_announcement.php#"> SecRuleEngine Off </If>This will disable ModSecurity for URLs /admin_area/manage_pages.php and /admin_area/edit_announcement.php
Back to ModSecurity
-
yum list all available packages in a repo
To list all packages available on a specific repo, run
yum --disablerepo="*" --enablerepo="REPO_NAME_HERE" list available
You can get list of all available repos with command
yum repolist
Example:
yum --disablerepo="*" --enablerepo="litespeed" list available
This command list all packages available in repo "litespeed"
-
Install ModSecurity on Ubuntu/Debian
To install ModSecurity on Debian/Ubuntu Apache web server, run
apt update apt-get install libapache2-mod-security2Enable mod security and restart Apache web server
a2enmod security2 service apache2 restartVerify mod_security installed with
apachectl -M | grep securityYou will see something like
root@sok-modsec:~# apachectl -M | grep security security2_module (shared) root@sok-modsec:~#To activate ModSecurity rules, run
cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.confEdit
vi /etc/modsecurity/modsecurity.confset
SecRuleEngine OnRestart Apache
service apache2 restartVerify mod security is working with command
curl -i "http://server-ip-here/?q=%3Cscript%3Ealert(%27test%27)%3C/script%3E"You should see “403 Forbidden” error,
boby@sok-01:~$ curl -i "http://10.95.0.24/?q=%3Cscript%3Ealert(%27test%27)%3C/script%3E" HTTP/1.1 403 Forbidden Date: Wed, 15 Oct 2025 03:03:32 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 275 Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access this resource.</p> <hr> <address>Apache/2.4.58 (Ubuntu) Server at 10.95.0.24 Port 80</address> </body></html> boby@sok-01:~$Here is another test url, which should result in 403 Forbidden message
curl 'http://server-ip-here/?foo=/etc/passwd&bar=/bin/sh'To view mod security logs, run
tail -f /var/log/apache2/modsec_audit.logBack to mod security
-
OpenLiteSpeed restart PHP
On OpenLiteSpeed, if you edit php.ini or installed a PHP module, restart OpenLiteSpeed won’t show the changes. You will need to restart PHP process.
You can do this by killing all PHP process with
killall -9 lsphp
Or you can create a file
touch /usr/local/lsws/admin/tmp/.lsphp_restart.txt
If you need PHP restarted just for a web site, run
touch /home/USER1/.lsphp_restart.txt