cPanel/WHM 11.30 now supports MySQL TRIGGERS and VIEW privileges

I just noticed that cPanel/WHM 11.30 now supports MySQL TRIGGERS and VIEW privileges. From the official release notes

In 11.30 we are adding support for the MySQL TRIGGER and VIEW privileges.

  • Systems using MySQL 5.0 and higher can use the VIEW privilege. This privilege will grant the database user the CREATE VIEW and SHOW VIEW MySQL privileges.
  • When using MySQL 5.0, the SUPER privilege is required for the TRIGGER privilege. Due to this caveat, we will not support the TRIGGER privilege on systems using MySQL 5.0.
  • Systems using MySQL 5.1 and higher can enable and use the TRIGGER privilege. However, this privilege is not available if binary logging is enabled for the MySQL service.

Neither TRIGGER nor VIEW is available to systems using MySQL 4.0 or 4.1.

How to find specific files and send alerts

Maintaining a shared hosting server is a full time job but tools and proper checks and balances can help make this burden lot less. I manage a shared hosting server for one of my friends and numerous times the scripts that people have installed over on their websites have vulnerabilities and hackers exploit it to upload stuff that mass-email or do other nasty stuff. Luckily, most of these exploits have common patterns like files names or other signatures that make them traceable (most of the time the so called hackers are just kiddy scripts)

Create a file and put this in it

#!/bin/bash
find /home -name 'paypal.com*' | mail -s '[Woodcrest] Phishing Alert!' me@mydomain.com
find /home -name 'rout.php' | mail -s '[Woodcrest] Phishing Alert - Mail Bomber!' me@mydomain.com

This is a small script that finds specific named scripts in the /home directory (mostly cPanel servers). You can put this in the crontab to do a scan every x hours or so.

Have any questions or comments? feel free to post them below!

Freshclam daemon not running

Normally, I have two things on every Linux box so that I know whats going on

  1. NAGIOS monitoring (nrpe)
  2. Logwatch

Today, I got something in my logwatch email and it was strange because just the other day, I upgraded the clamav to latest version using epel reo.

 --------------------- clam-update Begin ------------------------

 The ClamAV update process (freshclam daemon) was not running!
 If you no longer wish to run freshclam, deleting the freshclam.log
 file will suppress this error message.

 ---------------------- clam-update End -------------------------

It appears that the latest version has some permission issues on the log file because when I try to run freshclam on command line I get this

root@cpanel [~]# freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).

The solution?

The solution is very simple 🙂 just do the following

touch /var/log/clamav/freshclam.log
chown clamav /var/log/clamav/freshclam.log
chmod 666 /var/log/clamav/freshclam.log

and after that, run freshclam (the service that updates the virus-definition for clamav)

root@cpanel [~]# freshclam

cPanel announces PHP 4 End of Life

cPanel, the leading web hosting control panel for Linux has announced end of life for PHP 4 support within cPanel.

cPanel to End Support for PHP 4

 

cPanel announces that EasyApache will no longer support PHP 4 beginning May, 2012.

 

PHP 4 has not been actively developed, or supported by the PHP developers, for several years. Many CVEs reported against newer versions of PHP are also applicable in version 4, but remain unaddressed by the PHP developers.

 

EasyApache will soon warn administrators that PHP 4 has reached End of Life when PHP 4 is selected. As early as EasyApache 3.12, PHP 4 will be removed from EasyApache. For an indeterminate period PHP 4 will be available as a Custom Option Module on http://easyapache.cpanel.net. This Custom Option Module is provided as a convenience for those who may need a longer period of time to transition away from PHP 4.

 

All administrators and users using WHM/cPanel and still stuck at using PHP4 for their depreciated and outdated code must plan to make the switch to PHP 5

Using CPanel/WHM API to get detail list of all accounts

Today I had this need to get a list of WHM Accounts using one of its APIs. I have never used it before but it was really simple to use. It returns an xml file that you can manipulate using your prefered language and store it in database for reporting etc.

Here is what you need to do, connect to your server using SSH and run the following command

wget http://your-server-ip:2086/xml-api/listaccts --http-user=myuser --http-password=mypass --output-document=listaccts.xml

Replace your-server-ip with your WHM’s ip and myuser/mypass with the actual WHM/CPanel password. The resultant xml file will be saved as “listaccts.xml” in the same directory as you ran the command in.

If you feel a bit insecure running these command over SSH then visit this page on your browser and save it as an xml file.

http://your-server-ip:2086/xml-api/listaccts

(again, substitute your-server-ip with the actual WHM ip address / FQDN)

Enjoy!