Also try it without the -s if it won’t go.

print “Starting Scan…\n”;

while(@USERS=getpwent()){
if (-d “$USERS[7]/public_html”) {
if (-f “$USERS[7]/public_html/404.shtml”) {
print “$USERS[0] 404.shtml exists\n”;
} else {
print “$USERS[0] creating 404.shtml…”;
open(FILE,”>$USERS[7]/public_html/404.shtml”) or die “Unable to create file: $!”;
close(FILE);
chmod(0644, “$USERS[7]/public_html/404.shtml”) or die “Unable to chmod file: $!”;
chown($USERS[2],$USERS[3],”$USERS[7]/public_html/404.shtml”) or die “Unable to chown file: $!”;
print “done\n”;
}
}
}
if (-f “/root/cpanel3-skel/public_html/404.shtml”) {
print “404.shtml file exists in skel dir\n”;
} else {
print “Creating 404.shtml file in skel dir…”;
open(FILE,”>/root/cpanel3-skel/public_html/404.shtml”) or die “Unable to create file: $!”;
print “done\n”;
}

print “Scan Complete!\n”;

#ChangeLog
#Version :: YYYY.MM.DD :: Type :: Description
#
#0.2 :: 2003.11.06 :: Bug Fix :: 404.shtml was created in the root skel folder, changed to public_html

use POSIX;

$delete_old     = ’1′; #0 or 1, set to 1 to remove old account backups
if($ARGV[0] eq “-d”) { $delete_old = ’1′; }

$|++;
POSIX::nice(19);

print “Reading Backup Config…”;
open(CPBACK,”/etc/cpbackup.conf”) or die(“Failed, Does it exist and do you have access?\n”);
while(<CPBACK>) {
s/\n//g;
my($name,$value) = split(/ /, $_);
$CONF{$name} = $value;
}
close(CPBACK);
print “Complete\n”;

if ($CONF{‘BACKUPENABLE’} ne “yes”) {
die “Backup Not Enabled\n”;
}
if (! -e $CONF{‘BACKUPDIR’}){
die “Backup Dir Doesnt Exist\n”;
}

until (`ps ax` !~ m/cpbackup/) {
print “Detected cpbackup process…Sleeping for 60 Seconds\n”;
sleep(60);
};

if ($CONF{‘BACKUPMOUNT’} eq “yes”) {
if(`mount` !~ m/$CONF{‘BACKUPDIR’}/){
system(“mount”,”$CONF{‘BACKUPDIR’}”);
}
system(“mount”,”-o”,”remount,rw”,”$CONF{‘BACKUPDIR’}”);
}

cleandir(“$CONF{‘BACKUPDIR’}/cpbackup/daily”);
cleandir(“$CONF{‘BACKUPDIR’}/cpbackup/weekly”);
cleandir(“$CONF{‘BACKUPDIR’}/cpbackup/monthly”);

if ($CONF{‘BACKUPMOUNT’} eq “yes”) { system(“umount”,”$CONF{‘BACKUPDIR’}”); }

sub cleandir {
my($target) = @_;

opendir(DIRTYDIR,”$target”);
@DIRTYDIR = readdir(DIRTYDIR);
closedir(DIRTYDIR);

foreach(@DIRTYDIR) {
next if /^\.\.?$|^files$|^dirs$/;
if(-f “$target/$_”){
$user = $_;
$user =~ s/.tar.gz//;
if(! -f “/var/cpanel/users/$user”){
if($delete_old == 1){
unlink(“$target/$_”);
print “Deleted Old Backup… $target/$_\n”;
} else {
print “Detected Old Backup… $target/$_\n”;
}
}
next;
}
if(-d “$target/$_”){
if(! -f “/var/cpanel/users/$_”){
if($delete_old == 1){
system(“rm”,”-r”,”$target/$_”);
#print “Directory Delete Not Supported, If you really want to remove dirs (incremental backups) you can edit this script and uncomment the line that looks like #system(\”rm\”,\”-r\”,\”$target/$_\”)\n”;
} else {
print “Detected Old Backup… $target/$_\n”;
}
}
next;
}
}
}

Just go to this directory:

/etc/sysconfig/network-scripts

Then you will see a file for eachnetwork port, for example my server is:

ifcfg-eth0

and

ifcfg-eth1

I already have the ifcfg-eth0 set up from the install but I want to use the second one for back ups so I just opened the file and added the IP to it. Then I made sure the rest of the setting smatched the first one other then the:

HWADDR=

That line is specific to the network port.

So that is how you configure a eth0 or eth1 port.

We refer raid 5 but if you have remote back ups on the server then  raid 0 will get you the best performance between several hard drives. Keep in mind raid still can fail even with the same data going to several hard drives and this will slow your system down.

Hardware raid is much faster as it doesn’t steal ram and cpu to be used.

Software should be avoided like the plague it will cause load issues 90% of the time.

A number of standard schemes have evolved which are referred to as levels. There were five RAID levels originally conceived, but many more variations have evolved, notably several nested levels and many non-standard levels (mostly proprietary). RAID levels and their associated data formats are standardised by SNIA in the Common RAID Disk Drive Format (DDF) standard.

Following is a brief textual summary of the most commonly used RAID levels.

RAID 0 (block-level striping without parity or mirroring) has no (or zero) redundancy. It provides improved performance and additional storage but no fault tolerance. Hence simple stripe sets are normally referred to as RAID 0. Any drive failure destroys the array, and the likelihood of failure increases with more drives in the array (at a minimum, catastrophic data loss is almost twice as likely compared to single drives without RAID). A single drive failure destroys the entire array because when data is written to a RAID 0 volume, the data is broken into fragments called blocks. The number of blocks is dictated by the stripe size, which is a configuration parameter of the array. The blocks are written to their respective drives simultaneously on the same sector. This allows smaller sections of the entire chunk of data to be read off the drive in parallel, increasing bandwidth. RAID 0 does not implement error checking, so any error is uncorrectable. More drives in the array means higher bandwidth, but greater risk of data loss.

In RAID 1 (mirroring without parity or striping), data is written identically to multiple drives, thereby producing a “mirrored set”; at least 2 drives are required to constitute such an array. While more constituent drives may be employed, many implementations deal with a maximum of only 2; of course, it might be possible to use such a limited level 1 RAID itself as a constituent of a level 1 RAID, effectively masking the limitation.[citation needed] The array continues to operate as long as at least one drive is functioning. With appropriate operating system support, there can be increased read performance, and only a minimal write performance reduction; implementing RAID 1 with a separate controller for each drive in order to perform simultaneous reads (and writes) is sometimes called multiplexing (or duplexing when there are only 2 drives).

In RAID 2 (bit-level striping with dedicated Hamming-code parity), all disk spindle rotation is synchronized, and data is striped such that each sequential bit is on a different drive. Hamming-code parity is calculated across corresponding bits and stored on at least one parity drive.

In RAID 3 (byte-level striping with dedicated parity), all disk spindle rotation is synchronized, and data is striped so each sequential byte is on a different drive. Parity is calculated across corresponding bytes and stored on a dedicated parity drive.

RAID 4 (block-level striping with dedicated parity) is identical to RAID 5 (see below), but confines all parity data to a single drive. In this setup, files may be distributed between multiple drives. Each drive operates independently, allowing I/O requests to be performed in parallel. However, the use of a dedicated parity drive could create a performance bottleneck; because the parity data must be written to a single, dedicated parity drive for each block of non-parity data, the overall write performance may depend a great deal on the performance of this parity drive.

RAID 5 (block-level striping with distributed parity) distributes parity along with the data and requires all drives but one to be present to operate; the array is not destroyed by a single drive failure. Upon drive failure, any subsequent reads can be calculated from the distributed parity such that the drive failure is masked from the end user. However, a single drive failure results in reduced performance of the entire array until the failed drive has been replaced and the associated data rebuilt. Additionally, there is the potentially disastrous RAID 5 write hole.

RAID 6 (block-level striping with double distributed parity) provides fault tolerance of two drive failures; the array continues to operate with up to two failed drives. This makes larger RAID groups more practical, especially for high-availability systems. This becomes increasingly important as large-capacity drives lengthen the time needed to recover from the failure of a single drive. Single-parity RAID levels are as vulnerable to data loss as a RAID 0 array until the failed drive is replaced and its data rebuilt; the larger the drive, the longer the rebuild takes. Double parity gives additional time to rebuild the array without the data being at risk if a single additional drive fails before the rebuild is complete.

This is a great command to simply find what folders are the biggest in a directory. You can replace the /var/cpanel with any folder and it will list everything in there and how big they are in order.

Once you find the big folder then search inside of that to find the biggest folder in there and so on.

Moving the log folder

mv /var/log /backup/
ln -s /backup/log /var/log

Moving the cpanel bandwidth folder

mv /var/cpanel/bandwidth /backup/
ln -s /backup/bandwidth /var/cpanel/bandwidth

Also just removing some of the log files in the log folder can help you for a quick fix.

Disable SELinux security features

For a fully successful installation you should disable SELinux. When installing a Red Hat or CentOS distribution, you will be able to use the graphical interface to disable SELinux when configuring the operating system.

This can also be accomplished by editing /etc/selinux/config from the command line, and setting the SELINUX parameter to disabled with a text editor such as nano or vi. The file should resemble the following text:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted – Only targeted network daemons are protected.
# strict – Full SELinux protection.
SELINUXTYPE=targeted

Once you save the changes to the file above you will need to reboot the server for the changes to take effect.

PICK Important: SELinux must remain disabled in order for WHM and cPanel to run on your web server. Ensure that the pound sign (#) does not precede SELINUX=disabled. If # precedes this configuration option, the line will be ignored.

ALERT! Warning: Do not transfer the SELinux configuration file between computers as it may destroy the file’s integrity.

ALERT! You will need to reboot the server for the changes to take effect.

 For a quick fix that is not permanent:

We can secure SSH server with two methods :

Method 1:

A best option to secure your SSH is to run SSH on the different port instead of default port 22 .

Disable Root Logins
Disable password authentication
Disable Port 22 and use any other port to run SSH (like Port 59122). Aslo block port 22 using firewall.

You have to take following steps before you harden the SSH, first make sure you create a user name and password. If you are running cpanel, then you want to add the username to cpanel wheel group.

use commaands as follows

#adduser <username> -G wheel

#passwd <username>

Once the user has been created and added to Wheel group, edit the ssh configuration file /etc/ssh/sshd_conf

Change the default port 22 to any port number, say 2199 and set the protocol to just Protocol 2 which is a more secure protocol

#vi /etc/ssh/sshd_config

Port 59122
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::

#LoginGraceTime 2m
IgnoreRhosts yes
X11Forwarding no

Disable root login

Locate the line # PermitRootLogin yes in the configuration file and change it to no

PermitRootLogin no

save configuration and restart your SSH . Now you won’t be able to login as root and will be able to login only at Port 59122

method 2: SSH Public/Private Key Authentication

SSH with public key authentication the best proven method to safeguard your SSH server. You have to put the private key in your putty (ssh client) and put the public key on your server

PrivateKey -> It should be Stored in Client and used by Putty

PublicKey -> It should be Stored in Remote Server ( in /home/<username>/.ssh/authorized_keys file)

The required tools as

Putty (SSH Login client)
PuttyGen (Putty Key Generator Tool to save Private key)

1 Enable the public key authentication you have to enable it in the SSH config file /etc/ssh/sshd_config. Look for the following lines and uncomment them

[HTML]RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
[/HTML]

2
we generate both public and private keys in the server.

[HTML][tux@localhost ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/<username>/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/<username>/.ssh/id_dsa.
Your public key has been saved in /home/<username>/.ssh/id_dsa.pub.
The key fingerprint is:
a9:22:30:c5:ed:df:2c:e7:7b:34:53:b4:82:bb:33:17 tux@localhost[/HTML]

id_dsa -> private key stored at /home/<username>/.ssh/

id_dsa.pub -> is the public key /home/<username>/.ssh/

3. copy Private Key to Putty (SSH client)

Here we need copy the private key from server to our putty in the form of .ppk file (putty private key file). private key must be stored in the client side and the public key in the server side

inside /home/<username>/.ssh/authorized_keys file

Open the file id_dsa and copy the contents of the file. On client side paste it into a notepad file (say privkey.txt). Make sure that there is no new line at the top or else you will get “invalid private key” from puttygen.

Start puttygen.exe > > Load Existing Private Key > > privkey.txt >> Save Private Key

Save the private key as privkey.ppk

4 Copying Public Key to Server

Create new file called authorized_keys inside .ssh folder within the users home directory as /home/<username>/.ssh/authorized_keys and store the public key there.
OR rename the existing id_dsa.pub to authorized_keys as we wont be needing the ida_dsa.pub file.

mv /home/<user>/.ssh/ida_dsa.pub authorized_keys

To connect ssh use putty

Start Putty > Enter servers IP address > New Port, then load the private key SSH > Auth > Browse Private Key for Authentication

Now connect and enter the user name the putty would authenticate yourself with public key authentication.

In this way you can secure your SSH .

1. Login to your server as root.

2. Wget and run the script as :

Code:

http://shashank.net/scripts/named.patch

sh named.patch

3. It will provide you with an output like :

Code:

allow-recursion {
127.0.0.1;
xxx.xxx.xxx.xxx;
xxx.xxx.xxx.xxx;
};

4. Copy and paste this code in the Options section of your named.conf. Something like :

Code:

options {
options {
directory “/var/named”;
allow-recursion {
127.0.0.1;
xxx.xxx.xxx;
…. ….
…. ….
};
};

5. Save named.conf and restart the named service. All all zones to load and check dns report now. The open nameservers warning no longer shows up. Hope it works fine for you. Any additions, corrections welcome.