Linux Daily Use Command

How to check Whole folder size exclude particular sub folder

du --exclude=picture -sch *

Find all softlink inside parent folder

find . -type l -ls

Find particular word in side directory

grep -r ' asd' .

For find install php modules

php -m

for find php.ini file which in use.

php --ini

How to find which module are enable and install in apache/ httpd

apachectl -M

or

apachectl -t -D DUMP_MODULES

How to mount windows (CIFS) shares on Linux with credentials in a secure way

yum install cifs-utils

cat /proc/filesystems |grep cifs

Output : nodev cifs

ls /lib/modules/$(uname -r)/kernel/fs/*/*ko|grep cifs

Output :  /lib/modules/3.10.0-123.el7.x86_64/kernel/fs/cifs/cifs.ko

mount -t cifs //192.168.1.111/rns /rns -o user=username

Automatically mount the CIFS share

vi /root/.smbcred

domain=domainname
username=username
password=password

chmod 400 /root/.smbcred

vi /etc/fstab

//192.168.1.111/rns /rns cifs credentials=/root/.smbcred,defaults 0 0

How to define primary & secondary virtual host define in apache

Wildcard include your site configuration files:

Include path/to/site/confs/*httpd.conf

Organize your site conf files so they are loaded in an expected order. Example...

01-httpd.conf

02-site1-httpd.conf

03-site2-httpd.conf

etc...

Apache will read these in order. Then create one that will always load last to catch any unmatched virtual hosts and return a 404 instead of loading a default site.

How To configure Git Inhouse server

How To configure Git Inhouse server

Requirement

·         GitLab on CentOS 7

·         Ruby versions 2.3

·         Redis

·         Postgres

·         Nginx

·         1 core CPU can support upto 100 users but recommended 2 core CPU which can easily support up to 500 users.

·         At least 2GB memory combining both RAM and swap. Apart from this we will need to install all the required dependencies

For OS complete Update

yum -y update

For install Openssh server & client and enable ssh

yum -y install openssh-server openssh-clients sudo systemctl enable sshd sudo systemctl start sshd

For install dependency

yum -y install curl policycoreutils postfix sudo systemctl enable postfix sudo systemctl start postfix

For enable http & https globally access

firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https sudo

For restart firewall

systemctl reload firewalld

For download gitlab repo

curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash

For install gitlab community edition

yum -y install gitlab-ce

gitlab-ctl reconfigure

http://serverIPaddress

For change external URL change

Edit  /etc/gitlab/gitlab.rb file and change 

external_url 'http://gitlab.example.com'

gitlab-ctl reconfigure   & gitlab-ctl restart

For enable SSL for gitlab

Create the /etc/gitlab/ssl directory and copy your key and certificate there. Now run gitlab-ctl reconfigure . When the reconfigure finishes your GitLab instance should be reachable at https://gitlab.example.com . If you are using a firewall you may have to open port 443 to allow inbound HTTPS traffic as well as need to change external URL again.


Gitlab standered repository path : /var/opt/gitlab/git-data/repositories

For Git backup either clone repo or just copy paste whole repositories folder

for uninstall run

/gitlab-ctl uninstall 

send-email-using-gmail-smtp-server-through-php-mailer for PHP version 5.6 and above

Below code working fine in php 5.2 and php 5.4 and PHP5.6 same code given valid SSL error  so we have to use from  $mail->SMTPSecure = 'ssl'; update $mail->SMTPSecure = 'tls'; and use port 587 and comment $mail->isSMTP(); function. Not known how but it working and able to send mail

$mail = new PHPMailer(); // create a new object
$mail->IsSMTP(); // enable SMTP
$mail->SMTPDebug = 1; // debugging: 1 = errors and messages, 2 = messages only
$mail->SMTPAuth = true; // authentication enabled
$mail->SMTPSecure = 'ssl'; // secure transfer enabled REQUIRED for Gmail
$mail->Host = "smtp.gmail.com";
$mail->Port = 465; // or 587
$mail->IsHTML(true);
$mail->Username = "email@gmail.com";
$mail->Password = "password";
$mail->SetFrom("example@gmail.com");
$mail->Subject = "Test";
$mail->Body = "hello";
$mail->AddAddress("email@gmail.com");

 if(!$mail->Send()) {
    echo "Mailer Error: " . $mail->ErrorInfo;
 } else {
    echo "Message has been sent";
 }

How to Configure Redmine-3.1.6 with WHM 11.56.25

First Login to WHM and create subdomain and after login Cpanel via phpmyadmin create database

from root

cd /usr/local/src

wget http://rubyforge.org/frs/download.php/XXXXX/redmine-version.tar.gz

tar -xzvf redmine-version.tar.gz

chown -R username:username /usr/local/src/redmine-version/*

mv /usr/local/src/redmine-version/* /home/username/

mv /home/username/public/* /home/username/public_html

rm -rf /home/username/public

ln -s /home/username/public_html /home/username/public

For rvm install 

gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3

curl -L get.rvm.io | bash -s stable

source /etc/profile.d/rvm.sh

rvm requirements

rvm install 2.2.3

gem install rails

gem install passenger

yum -y install curl-devel sqlite-devel

passenger-install-apache2-module

vi /usr/local/apache/conf/passenger.conf

LoadModule passenger_module /usr/local/rvm/gems/ruby-2.2.3/gems/passenger-5.0.24/buildout/apache2/mod_passenger.so

PassengerRoot /usr/local/rvm/gems/ruby-2.2.3/gems/passenger-5.0.24

PassengerDefaultRuby /usr/local/rvm/wrappers/ruby-2.2.3/ruby

vi /usr/local/apache/conf/includes/pre_main_global.conf

Include /usr/local/apache/conf/passenger.conf

/scripts/rebuildhttpdconf

 service httpd restart

From User

cd /home/username

bundle install --without development test postgresql sqlite

cp /home/username/config/database.yml.example /home/username/config/database.yml

cd /home/username

rake generate_secret_token

RAILS_ENV=production rake db:migrate

RAILS_ENV=production rake redmine:load_default_data

from root

mkdir -p /usr/local/apache/conf/userdata/std/2/username/domain.com

edit /usr/local/apache/conf/userdata/std/2/username/domain.com/redmine.conf

PassengerSpawnMethod smart

PassengerPoolIdleTime 300

PassengerMaxPreloaderIdleTime 0

PassengerMaxRequests 5000

PassengerStatThrottleRate 5

PassengerMinInstances 3

Options Indexes -ExecCGI FollowSymLinks -MultiViews

# AllowOverride None

Order allow,deny

Allow from all

# mod_rails

# PassengerUser redmine

#RailsEnv edoceo_live

RackBaseURI /

# environment.rb

# Redmine::Utils::relative_url_root = "/"  

Next, add this to /etc/httpd/conf/includes/post_virtualhost_global.conf

PassengerPreStart http://domain.com

Uncomment the include line, and restart Apache to verify it works fine. Once restarted OK, distill it to the distiller:

 #Include "/usr/local/apache/conf/userdata/std/2/username/domain.com/*.conf"

/usr/local/cpanel/bin/apache_conf_distiller --update

/usr/local/cpanel/bin/build_apache_conf

Your redmine application should now be accessible at http://domain.com

Mysql User Base access for whole Subnet

GRANT ALL ON *.* to root@'10.50.249.%' IDENTIFIED BY 'your-root-password';

FLUSH PRIVILEGES;

 

db server:  10.50.249.51

web server: 10.50.249.52

If you have a user defined in mysql.user as 'user'@'10.50.249.52' with password1 and another 'user'@'10.50.249.%' with password2, then, if you try to connect to the db server from the web server as 'user' with password2, it will result in an 'Access denied' error because the single IP 'user'@'10.50.249.52' authentication is used over the wildcard 'user'@'10.50.249.%' authentication.

For High CPU Utilization Process

ps -eo pcpu,pid,user,args | sort -k1 -r | head -10

ps -eo pcpu,pid,user,args | sort -k 1 -r | head -10


For Used Memory

free | awk 'FNR == 3 {print $3/($3+$4)*100}'

free -m|awk 'FNR == 2 {print $3*100/$2}'


For Free memory

free | awk 'FNR == 3 {print $4/($3+$4)*100}'


For High Memmory Utilization Process

ps aux --sort -rss | head


For avarage load on Server

uptime | sed 's/.*load average: //'


For Zomebee process

ps axo stat,ppid,pid,comm | grep -w defunct

ps aux --sort -rss| grep -w defunct

ps aux | grep 'Z'

For strace PID

strace -p PID -o output.file

For Sleeping process list

ps -eo pid,cmd,etime | sort -k 1 -r | head -10


For Only Cpu Utilization

mpstat 1 1 | awk '$3 ~ /CPU/ { for(i=1;i<=NF;i++) { if ($i ~ /%idle/) field=i } } $3 ~ /all/ { printf("%d",100 - $field) }'


Server Resource Monitor Script

#!/bin/bash
#This script will moniter the server load and if pne minute load avg. on the server is more that 30 if will collect the information of Last 3 Login, Current Users Login, CPU consuming processes, Memory consuming processes And mail to the provided email address
#NOTE : This will only mail if one minute load average is more than 30
EMAIL="arvindrsawant@gmail.com"
#EMAIL1="2ndemail id"
LIMIT=30
HOSTNAME=$(hostname)
TIMESTAMP=$(date "+%Y.%m.%d")
TIME=$(date "+%H%M")
REPORT_DIR="/home/load/$TIMESTAMP"
REPORT="$REPORT_DIR/load-"$TIME".log"
SUBJECT="Alert: Heavy Load on Server "$HOSTNAME" "
mkdir -p $REPORT_DIR
echo -e "Current Load on "$HOSTNAME" : \n" >> $REPORT
uptime | sed 's/.*load average: //' >> $REPORT
currnetload=$(uptime | sed 's/.*load average: //' | awk -F, '{print $1}' | cut -f1 -d".")
if [[ $currnetload -gt $LIMIT ]];
        then
echo -e "\n Free Memory On "$HOSTNAME" : \n">> "$REPORT"
free -m >> $REPORT
echo -e "\n Last 3 Login Users On "$HOSTNAME" : \n">> "$REPORT"
last -a |head -3 >> $REPORT
echo -e "\n Current Login Users On "$HOSTNAME" : \n" >> $REPORT
w | tail -n +2 >> "$REPORT"
echo -e "\n CPU consuming processes on "$HOSTNAME" : \n" >> $REPORT
ps -eo pcpu,pid,user,args | sort -k 1 -r | head -10 >> "$REPORT"
echo -e "\n Memory consuming processes on "$HOSTNAME" : \n" >> $REPORT
ps aux --sort -rss | head >> "$REPORT"
echo -e "\n Disk consuming  on "$HOSTNAME" : \n" >> $REPORT
df -h >> "$REPORT"
echo -e "\n Used Memory  on "$HOSTNAME" : \n" >> $REPORT
free | awk 'FNR == 3 {print $3/($3+$4)*100}' >> "$REPORT"
echo -e "\n free Memory  on "$HOSTNAME" : \n" >> $REPORT
free | awk 'FNR == 3 {print $4/($3+$4)*100}' >> "$REPORT"
echo -e "\n Zombie Process  on "$HOSTNAME" : \n" >> $REPORT
ps aux --sort -rss| grep -w defunct >> "$REPORT"
echo -e "\n Sleeping Process list  on "$HOSTNAME" : \n" >> $REPORT
ps -eo pid,cmd,etime | sort -k 1 -r | head -10 >> "$REPORT"
cat $REPORT | mail -s "$SUBJECT" "$EMAIL" "$EMAIL1" "$EMAIL2" "$EMAIL3"
fi

WHM Setting & Wordpress prevent securities settings suggestions

Current : Hide login password from cgi scripts   Off need to make On

This setting allows you to hide the REMOTE_PASSWORD environment variable from scripts that the cpsrvd daemon's CGI handler executes.

Currently : Referrer safety check      Off need to make On

Only permit cpanel/whm/webmail to execute functions when the browser provided referrer (Domain/IP and Port) exactly matches the destination URL. This will help prevent XSRF attacks but may break integration with other systems, login applications, and billing software. Cookies are required with this option enabled.

Currently Verify signatures of 3rdparty cPaddons. Off need to make On

When this option is enabled, cPanel will verify GPG signatures of all 3rdparty cPaddons. This setting is only available if Signature Validation is enabled.

Currently Prevent “nobody” from sending mail     Off need to make On

Prevent the user “nobody” from sending out mail to remote addresses (PHP and CGI scripts generally run as “nobody” if you are using mod_php or have Suexec disabled.)

Currently Enable SPF on domains for newly created accounts    Off need to make On

Enable this option to deny spammers the ability to send email when they forge your domain’s name as the sender (spoofing).

Currently  :  Proxy subdomains   On need to make Off

Add proxy VirtualHost to httpd.conf to automatically redirect unconfigured cpanel, webmail, webdisk, cpcalendars, cpcontacts, and whm subdomains to the correct port (requires mod_rewrite and mod_proxy)

Currently : Proxy subdomain creation   On need to make Off

Automatically create cpanel, webmail, webdisk, cpcalendars, cpcontacts, and whm proxy subdomain DNS entries for new accounts. When this is initially enabled it will add appropriate proxy subdomain DNS entries to all existing accounts. (Use /scripts/proxydomains to reconfigure the DNS entries manually)

Currently Password Strength Configuration         0  need to make 8

This feature allows you to specify a minimum password strength for accounts that your server hosts. hosted by your server.

Currently Compiler Access    Enable need to make Disable          

This option disables compiler access for unspecified users in order to help prevent attacks on your server.

Currently Shell Fork Bomb Protection  Disable need to make Enable

This option limits the amount of server resources that users with terminal access may use

Currently FTP Server Configuration   Allow Anonymous Uploads  is Yes need to make No

Allowing anonymous FTP uploads in generally considered to weaken the security of the server. Setting this option to "No" is recommended

Currently Manage Shell Access  is Enable for all need to make off exclude root user

This interface allows you to select which users will have shell access on your server and whether that shell access is Normal or Jailed.

Currently File ETag   its For ALL need to make none

This directive configures the file attributes that are used to create the ETag response header field when the request is file based.

Note: “None” means that if a document is file based, no ETag field will be included in the response.

Currently expose_php is on need to make off

From Developer End

Upto Date Wordpress Version and Plugin version too

Two way authentications is required for website Admin panel or Wp-login.php Admin panel access from limited IP

Change table prefix or don’t use default table prefix for new website.

Use wordpress keysgenrater for wp-config.php

Prevent WordPress Hack by Blocking Search Engine Spiders from Indexing the Admin Section

#
User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: */trackback/
Disallow: */feed/
Disallow: /*/feed/rss/$
Disallow: /category/*

 Secure wp-config.php

# protect wp-config.php


Order deny,allow
Deny from all


2.       Limit Access to the Wp-Content Directory 

     Order deny,allow

Deny from all
Allow from all


3.       Prevent script injection

Options +FollowSymLinks

RewriteEngine On

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

RewriteRule ^(.*)$ index.php [F,L]

Protect your .htaccess file

# STRONG HTACCESS PROTECTION
<file>

order allow,deny
deny from all
satisfy all

</file>

wordpress xml-rpc ddos attack or avoid heavy load on server / recover from high load

After implemented this third party & mobile post stop to working

To disable xmlrpc.php file server wide you need to update your pre-VirtualHost Include file with the following code. You can update this file through WHM

Order Deny,Allow

Deny from all

Block WordPress xmlrpc.php requests with .htaccess

         

I want to send WordPress XML-RPC requests from my fictional IP address.

        

So I can deny all requests to the xmlrpc.php file, except for that IP, using the following .htaccess rules:

           

# Block WordPress xmlrpc.php requests

order deny,allow

deny from all

allow from IP Address

Add Entry in httpd.conf for all wordpress website.

Files ~"xmlrpc.php"

  Order allow,deny

  Deny from all

Files






Order Deny,Allow

Deny from all