Also try it without the -s if it won’t go.

Just go to this directory:

/etc/sysconfig/network-scripts

Then you will see a file for eachnetwork port, for example my server is:

ifcfg-eth0

and

ifcfg-eth1

I already have the ifcfg-eth0 set up from the install but I want to use the second one for back ups so I just opened the file and added the IP to it. Then I made sure the rest of the setting smatched the first one other then the:

HWADDR=

That line is specific to the network port.

So that is how you configure a eth0 or eth1 port.

This is a great command to simply find what folders are the biggest in a directory. You can replace the /var/cpanel with any folder and it will list everything in there and how big they are in order.

Once you find the big folder then search inside of that to find the biggest folder in there and so on.

Moving the log folder

mv /var/log /backup/
ln -s /backup/log /var/log

Moving the cpanel bandwidth folder

mv /var/cpanel/bandwidth /backup/
ln -s /backup/bandwidth /var/cpanel/bandwidth

Also just removing some of the log files in the log folder can help you for a quick fix.

We can secure SSH server with two methods :

Method 1:

A best option to secure your SSH is to run SSH on the different port instead of default port 22 .

Disable Root Logins
Disable password authentication
Disable Port 22 and use any other port to run SSH (like Port 59122). Aslo block port 22 using firewall.

You have to take following steps before you harden the SSH, first make sure you create a user name and password. If you are running cpanel, then you want to add the username to cpanel wheel group.

use commaands as follows

#adduser <username> -G wheel

#passwd <username>

Once the user has been created and added to Wheel group, edit the ssh configuration file /etc/ssh/sshd_conf

Change the default port 22 to any port number, say 2199 and set the protocol to just Protocol 2 which is a more secure protocol

#vi /etc/ssh/sshd_config

Port 59122
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::

#LoginGraceTime 2m
IgnoreRhosts yes
X11Forwarding no

Disable root login

Locate the line # PermitRootLogin yes in the configuration file and change it to no

PermitRootLogin no

save configuration and restart your SSH . Now you won’t be able to login as root and will be able to login only at Port 59122

method 2: SSH Public/Private Key Authentication

SSH with public key authentication the best proven method to safeguard your SSH server. You have to put the private key in your putty (ssh client) and put the public key on your server

PrivateKey -> It should be Stored in Client and used by Putty

PublicKey -> It should be Stored in Remote Server ( in /home/<username>/.ssh/authorized_keys file)

The required tools as

Putty (SSH Login client)
PuttyGen (Putty Key Generator Tool to save Private key)

1 Enable the public key authentication you have to enable it in the SSH config file /etc/ssh/sshd_config. Look for the following lines and uncomment them

[HTML]RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
[/HTML]

2
we generate both public and private keys in the server.

[HTML][tux@localhost ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/<username>/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/<username>/.ssh/id_dsa.
Your public key has been saved in /home/<username>/.ssh/id_dsa.pub.
The key fingerprint is:
a9:22:30:c5:ed:df:2c:e7:7b:34:53:b4:82:bb:33:17 tux@localhost[/HTML]

id_dsa -> private key stored at /home/<username>/.ssh/

id_dsa.pub -> is the public key /home/<username>/.ssh/

3. copy Private Key to Putty (SSH client)

Here we need copy the private key from server to our putty in the form of .ppk file (putty private key file). private key must be stored in the client side and the public key in the server side

inside /home/<username>/.ssh/authorized_keys file

Open the file id_dsa and copy the contents of the file. On client side paste it into a notepad file (say privkey.txt). Make sure that there is no new line at the top or else you will get “invalid private key” from puttygen.

Start puttygen.exe > > Load Existing Private Key > > privkey.txt >> Save Private Key

Save the private key as privkey.ppk

4 Copying Public Key to Server

Create new file called authorized_keys inside .ssh folder within the users home directory as /home/<username>/.ssh/authorized_keys and store the public key there.
OR rename the existing id_dsa.pub to authorized_keys as we wont be needing the ida_dsa.pub file.

mv /home/<user>/.ssh/ida_dsa.pub authorized_keys

To connect ssh use putty

Start Putty > Enter servers IP address > New Port, then load the private key SSH > Auth > Browse Private Key for Authentication

Now connect and enter the user name the putty would authenticate yourself with public key authentication.

In this way you can secure your SSH .

mysqlcheck -o –all-databases

If you are offline then you can run myisamchk which is a little more thorough.

myisamchk –sort-index
myisamchk -r tbl_name

uname -a

Nic / Lan driver version

dmesg | grep r8169

Internet controller

lspci -nn | grep Ethernet

Details on etho nic card

sudo ethtool eth0

Module size

lsmod | grep r8169

Module versions

cat /proc/modules | grep r8169

Don’t worry all these commands are safe and just for reporting.

Here is how to get it set up with Cantos 5.3 easily.

I wanted to host for my brother the latest WoW patch, but at a hefty 450 MB, I didn’t want to blow all my bandwidth on it either. I am setting a limit for the download at 2.5 TB of bandwidth, and limiting it to 5mbs at 10 connections a second. My hardware is RHEL 4 running on a P4 with Plesk 8. In the guide to follow, you’ll see a few steps that wouldn’t be needed on a non-plesk system. To setup bandwidth limiting for the host, we need to be able to compile a new apache module against our system, and then install and configure it.

Step 1: The prereqs

First I needed to setup a yum repository for FC4. This can be accomplished by issuing an RPM command:

rpm -ivh http://rpm.livna.org/livna-release-4.rpm

Now that you can access the RPM packages, we need to install http-devel using yum:

yum install httpd-devel

If all went well, we can now extract, compile, and install mod_cband for apache:

cd /tmp
wget http://cband.linux.pl/download/mod-cband-0.9.7.4.tgz
tar xzvf mod-cband-0.9.7.4.tgz
cd mod-cband-0.9.7.4
./configure
make
make install

If all went well, restart apache with the new module (you can check httpd.conf to make sure the module is going to be loaded):

/etc/init.d/httpd restart

Step 2: Configuration

Here’s where the Plesk part gets annoying. We can’t just edit our vhosts file, because plesk writes over it all the time. Instead, we edit a /home/httpd/vhosts/*/subdomains/*/conf/vhost.conf file. Mine looks like this:

CBandScoreboard /var/www/scoreboard
CBandPeriod 4W
CBandDefaultExceededCode 509
CBandLimit 2500G
CBandSpeed 5000 5 10
CBandRemoteSpeed 1600 3 1
<Location /cband-status>
SetHandler cband-status
</Location>
<Location /cband-status-me>
SetHandler cband-status-me
</Location>

What does this mean? (1) Use /var/www/scoreboard to log usage and limits (2) Reset the limit count every 4 weeks (3) Throw a 509 error when the limits are exceeded (4) Allow 2.5TB per period (5) Allow 5mbs with 5 requests a second and 10 connections at a time oeverall (6) Allow 1.6mbs with 3 requests a second and 1 connections at a time per client (7) Allow us to access a page at /cband-status to view the status.

You’ll also need to issue commands to make the scoreboard directory, and to allow apache to own it:

mkdir /var/www/scoreboard
chown apache:apache /var/www/scoreboard

Finally, Plesk requires you to inform it of your work:

/usr/local/psa/admin/sbin/websrvmng -u –vhost-name=yourdomain.com

If you restart Apache now, everything should work!

/etc/init.d/httpd restart

Step 3: An Example

You can take a peek at my status page right now if you’d like. It looks a bit like this:

A quick note, I simply just added:

CBandPeriod 4W
CBandLimit 10000G
CBandSpeed 12000 40 80
CBandRemoteSpeed 6400 12 4

Now this set the limit to about 12 megs (MPS) a second which is a lot, but this customer is paying $250 a month to cover it. Most websites should max at about 5 MPS. I left out the other options because I didn’t need them and it’s less load on the server without them.

One main difference is you have raise the server limit if you want to raise the max client limit.

The easiest way to do this is to go to:

1. Web Hosting Manager
2. Then click Apache Configuration
3. Then click Include Editor
4. Then click the apache version under the pre-main include
5. Then add this to the input section:

ServerLimit 512

StartServers 32
MinSpareServers 5
MaxSpareServers 20
MaxClients 512
MaxRequestsPerChild 1000

Then save and it will ask to restart apache you click yes there.

Now your apache limit is set to 512 and cpanel will not mess with it.

Here is the explanation for each derivative in the above code:

MaxClients:

The MaxClients sets the limit on maximum simultaneous requests that can be supported by the server; no more than this number of child processes are spawned. It shouldn’t be set too low; otherwise, an ever-increasing number of connections are deferred to the queue and eventually time-out while the server resources are left unused. Setting this too high, on the other hand, will cause the server to start swapping which will cause the response time to degrade drastically. The appropriate value for MaxClients can be calculated as:

If there are more concurrent users than MaxClients, the requests will be queued up to a number based on ListenBacklog directive. Increase ServerLimit to set MaxClients above 256.

MinSpareServers, MaxSpareServers, and StartServers:

MaxSpareServers and MinSpareServers determine how many child processes to keep active while waiting for requests. If the MinSpareServers is too low and a bunch of requests come in, Apache will have to spawn additional child processes to serve the requests. Creating child processes is relatively expensive. If the server is busy creating child processes, it won’t be able to serve the client requests immediately. MaxSpareServers shouldn’t be set too high: too many child processes will consume resources unnecessarily.

Tune MinSpareServers and MaxSpareServers so that Apache need not spawn more than 4 child processes per second (Apache can spawn a maximum of 32 child processes per second). When more than 4 children are spawned per second, a message will be logged in the ErrorLog.

The StartServers directive sets the number of child server processes created on startup. Apache will continue creating child processes until the MinSpareServers setting is reached. This doesn’t have much effect on performance if the server isn’t restarted frequently. If there are lot of requests and Apache is restarted frequently, set this to a relatively high value.

MaxRequestsPerChild:

The MaxRequestsPerChild directive sets the limit on the number of requests that an individual child server process will handle. After MaxRequestsPerChild requests, the child process will die. It’s set to 0 by default, the child process will never expire. It is appropriate to set this to a value of few thousands. This can help prevent memory leakage, since the process dies after serving a certain number of requests. Don’t set this too low, since creating new processes does have overhead.