Maintaining a shared hosting server is a full time job but tools and proper checks and balances can help make this burden lot less. I manage a shared hosting server for one of my friends and numerous times the scripts that people have installed over on their websites have vulnerabilities and hackers exploit it to upload stuff that mass-email or do other nasty stuff. Luckily, most of these exploits have common patterns like files names or other signatures that make them traceable (most of the time the so called hackers are just kiddy scripts)
Create a file and put this in it
find /home -name 'paypal.com*' | mail -s '[Woodcrest] Phishing Alert!' email@example.com
find /home -name 'rout.php' | mail -s '[Woodcrest] Phishing Alert - Mail Bomber!' firstname.lastname@example.org
This is a small script that finds specific named scripts in the /home directory (mostly cPanel servers). You can put this in the crontab to do a scan every x hours or so.
Have any questions or comments? feel free to post them below!
The greatest fear with adding additional and especially third party repos such as EPEL (we did a blog post on how to install EPEL earlier) is that it MAY overwrite base packages and bring the system to an unstable state.
In this blog post, I will set 1 as the priority (highest) for my CentOS Base repo
So that it becomes
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
name=CentOS-$releasever - Base
name=CentOS-$releasever - Updates
Other repos do not need updating since I have assigned CentOS repos with the highest priority. The default priority for repositories is 99.
SELINUX is a security feature on CentOS but some software such as SolusVM will require that SELINUX be disabled
Installation log : /tmp/install.log
Add this slave to your SolusVM master using the following details:
ID Key .......... : ABC
ID Password ..... : XYZ
IMPORTANT!! You need to setup a network bridge before you can use KVM on this server.
Please see the following link: http://wiki.solusvm.com/index.php/KVM_Network_Bridge_Setup
Please set SELINUX=disabled in /etc/selinux/config before rebooting.
Thankyou for choosing SolusVM.
1) Edit /etc/selinux/config using your favourite editor
[root@kvm ~]# nano /etc/selinux/config
and set SELINUX=disabled
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
Normally, I have two things on every Linux box so that I know whats going on
NAGIOS monitoring (nrpe)
Today, I got something in my logwatch email and it was strange because just the other day, I upgraded the clamav to latest version using epel reo.
--------------------- clam-update Begin ------------------------
The ClamAV update process (freshclam daemon) was not running!
If you no longer wish to run freshclam, deleting the freshclam.log
file will suppress this error message.
---------------------- clam-update End -------------------------
It appears that the latest version has some permission issues on the log file because when I try to run freshclam on command line I get this
root@cpanel [~]# freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
I always had the question (when I am running plenty of scripts on a linux box as to what is eating up all the memory? Finding memory consumed by current running processes in your favorite linux distro. Luckily, I found a great Python utility (scriplet to be exact).