October 26, 2014

How to install and setup SVN on cPanel server

    Subversion (SVN) is an open source version control system. It helps you keep track of a collection of files and folders. Any time you change, add or delete a file or folder that you manage with Subversion, you commit these changes to your Subversion repository, which creates a new revision in your repository reflecting these changes. You can always go back, look at and get the contents of previous revisions.

This article will help you for step by step setup SVN server on a cPanel/WHM server.

Prerequisite

1. sqlite3 php module
2. Apache mod_dav module.

Installing php sqlite3 module

Run the following command in the server terminal

#php -m | grep sqlite

If the module is installed already, it will return

sqlite3

If the module is not enabled, run easyapache to enable the module

Installing mod_dav (if needed)

Run the following command in the terminal:

#httpd -M | grep dav

If mod_dav is already installed, it will return:

dav_module (static)
dav_fs_module (static)

If this module is already enabled, run EasyApache and enable this module.

Note: If both sqlite3 and mod_dav is not enabled, you can install them in a single EasyApache.
Install Subversion

In order to properly configure latest version of Subversion it needs to be compiled from its sources. Download and install subversion using the following commands.
Always check the https://subversion.apache.org/download/ for the latest version

#cd /usr/local/src/
#wget http://mirror.cc.columbia.edu/pub/software/apache/subversion/subversion-1.8.10.tar.gz tar xzvf subversion-1.8.10.tar.gz //unzip the file
#cd subversion-1.8.10/
#./configure –with-apxs=/usr/local/apache/bin/apxs –with-apr=/usr/local/apache/bin/apr-1-config –with-apr-util=/home/cpeasyapache/src/httpd-2.2/srclib/apr-util/
Latest version of sqlite3 is needed. If the configure fails with following error:
—————————————————————————————————
An appropriate version of sqlite could not be found. We recommend 3.7.15.1, but require at least 3.7.12.
Please either install a newer sqlite on this system

or

get the sqlite 3.7.15.1 amalgamation from:

http://www.sqlite.org/sqlite-amalgamation-3071501.zip

unpack the archive using unzip and rename the resulting
directory to:
/usr/local/src/subversion-1.8.10/sqlite-amalgamation
—————————————————————————————————

Then run following commands to enable latest sqlite3

#wget http://www.sqlite.org/sqlite-amalgamation-3071501.zip
#unzip sqlite-amalgamation-3071501.zip
#mv sqlite-amalgamation-3071501 sqlite-amalgamation

And run the configure again. It should work.

If the configure fails with following error

—————————————————————————————————
checking for APR… configure: error: the –with-apr parameter is incorrect. It must specify an install prefix, a build directory, or an apr-config file.
—————————————————————————————————

You need to correct the “–with-apr-util=” path specified. Look for httpd-*.*.** (where the stars are your script version) and update accordingly and run the configure, make and make install commands.

Subversion and Apache

When using WHM and EasyApache, you can’t just modify the Apache configuration to include the Subversion modules. Instead, you must use the Include Editor, which you can find by browsing to “Apache Configuration” in the WHM menu. There, you must use the Pre Main Include. Select the latest Apache version from the dropdown list and a textarea will appear. Add the following to it and click on “Update”:

LoadModule dav_svn_module /usr/local/libexec/mod_dav_svn.so
LoadModule authz_svn_module /usr/local/libexec/mod_authz_svn.so

Set up your repository

use one repository per domain / subdomain. These instruction will work for multiple repositories.

For our explaining, consider the domain name is supportpro.com and support is the cPanel username.

First, you need to add a new virtual host for your repository:

#mkdir -p /etc/httpd/conf/userdata/std/2/support/supportpro.com

Next, you need to create the Subversion config file
#vi /etc/httpd/conf/userdata/std/2/support/supportpro.com/svn.conf

And copy following to the svn.conf file. For every repository you wish to create, add another <location> block.

<IfModule mod_dav_svn.c>
<Location /svn>
DAV svn
SVNPath /home/support/public_html/svn
AuthType Basic
AuthName “SupportPro SVN”
AuthUserFile /home/support/public_html/passwd
Require valid-user
</Location>
</IfModule>

Tell cPanel to update the Apache configuration to use the custom vhost includes:
#/scripts/ensure_vhost_includes –all-users
#service httpd restart

Now, create the actual repository files:

#su svnaccount -
#cd public_html
#svnadmin create svn
#chmod 775 -R svn

 Add Subversion users

#/usr/local/apache/bin/htpasswd /home/support/public_html/passwd username

//enter password when asked.

Test

Go to http://supportpro.com/svn to test your repository. It should ask for your user and password.

AddThis Social Bookmark Button

October 15, 2014

Fix spamming in cpanel exim server

Spam is most often considered to be electronic junk mail or junk newsgroup postings. It may be defined even more generally as any unsolicited email.

Generally, spamming can happen in three ways.

1. By hacking an email account which has a simple password, which is easy to guess.

2. By uploading script on the server which send out mails at regular intervals.

3. Via forum or newsletters scripts which are sending mass emails.

A fix to a spamming issue means :

* Block the IP address if it is an incoming spamming.(Make use of iptables or csf, apf)

* Change the password, disable mailing list and scripts or even suspend the account, if it is an outgoing spamming.

Case 1:

1) Go for the command ‘exim ­bpc’, this will count the number of mails waiting in the mail queue.

For example:

# exim -­bpc
3600

2) Once you find a high number on the queue, check for live spamming by going for the command

#exim -­bp | tail ­-10

For example:

0m 1.5K 1XV6jK­0005iy­RF <user@domain.com>

user@example.com

0m 1.5K 1XV85i­000223­B6 <user@domain.com>

user@example1.com

0m 1.5K 1XV9T1­0003ET­D3 <user@domain.com>

user@example2.com

3) Check for each mail’s header by hitting the command, ‘exim ­Mvh message ID’.

For example:

#exim ­-Mvh 1XV6jK­0005iy­RF

————————————-

1XV6jK­0005iy­RF­H

user 614 32007

<user@domain.com>

1411165962 0

­ident user

­received_protocol local

­body_linecount 23

­max_received_linelength 98

­auth_id user

­auth_sender user@domain.com

­allow_unqualified_recipient

­allow_unqualified_sender

­local

XX

1

user@example.com
id 1XV6jK­0005iy­RF

for user@example.com; Sat, 20 Sep 2014 06:32:42 +0800

060T To: =?UTF­8?B?bXlybmFpdTM=?= <user@example.com>

099 Subject:

=?UTF­8?B?V2VsY29tZSB0byAiQXNpYSBQYWNpZmljIFBsYW5lIFNwb3R0ZXJzIEZvcnVt?=

=?UTF­8?B?Ig==?=

026F From: <user@domain.com>

030R Reply­To: <user@domain.com>

033* Return­Path: <user@domain.com>

028* Sender: <user@domain.com>

018 MIME­Version: 1.0

059I Message­ID: <593045bb511db542f2a9955da9509c67@pvollering.com>

038 Date: Sat, 20 Sep 2014 06:32:42 +0800

040 Content­Type: text/plain; charset=UTF­8

032 Content­Transfer­Encoding: 8bit

014 X­Priority: 3

026 X­MSMail­Priority: Normal

017 X­Mailer: phpBB3

018 X­MimeOLE: phpBB3

046 X­phpBB­Origin: phpbb://www.domain.com/phpbb/ucp.php

061 X­AntiAbuse: Board servername ­ =?UTF­8?B?cHZvbGxlci5uZXQ=?=

025 X­AntiAbuse: User_id ­ 1

049 X­AntiAbuse: Username ­ =?UTF­8?B?QW5vbnltb3Vz?=

038 X­AntiAbuse: User IP ­ xxx.xxx.xxx.xxx

————————————-
Here, please look into the field auth_id where the authentication id is ‘user’ which is being used to send spam emails. Here the cpanel account ‘user’ is used to send spam via scripts.

4) The next step is to locate the spam script under this account.

If the mails are sent by PHP script, the following commands will show the script which is used to send the email.

#cd /var/spool/exim/input

#egrep “X­PHP­Script” * ­R

The message IDs and the location of the scripts will be listed. Just cat the message ID to view the message header and the spamming script.

Also, you can run the following command to pull the most used mailing script’s location.

#grep cwd /var/log/exim_mainlog | grep ­v /var/spool | awk ­F”cwd=” ‘{print $2}’ | awk ‘{print $1}’ | sort |

#uniq ­c | sort ­n

For example:

.
.

2644 /home/domain/public_html/phpbb

We can see /home/domain/public_html/phpbb has more outgoing emails in the list.

Also from the email header pasted above, you can see that the spam script location is www.domain.com/phpbb/ucp.php

Now you can go ahead with null ­routing the particular script.

For example:

#cd /home/domain/public_html/phpbb

#chown root: ucp.php

#chmod 000 ucp.php
5) Now take a look at our Apache access log to see what IP addresses are accessing this script using the following command:

For example:

#grep “ucp.php” /home/domain/access­logs/domain.com | awk ‘{print $1}’ | sort ­n | uniq ­c | sort ­n

You should get back something similar to this:

.
.

10408 xxx.xxx.xxx.xxx

We can see the IP address xxx.xxx.xxx.xxx which has used our script in a malicious nature.

If you find a malicious IP address sending a large volume of mail from a script, you can block them at your server’s firewall so that they can’t try to connect again using the commands given below.

In csf: csf ­-d xxx.xxx.xxx.xxx

In iptables: iptables ­-I INPUT -­s xxx.xxx.xxx.xxx -­j DROP

In apf: apf ­-d xxx.xxx.xxx.xxx
And finally save the rule which you have added.

6) Clear the spam email using the command given below

#exim ­-bp | grep “user” | awk ‘{print $3}’ | xargs exim -Mrm
­­­­­­­­­­­­­­­­­­­

Case 2:

1) Follow step (1) and (2) as in case 1

2) Please use the following command to sort the mails in the queue on the basis of number of mails and the corresponding email account.
This will list the mail IDs and its weight in the increasing order of their weight in the queue, that is, mail IDs with higher number of mails in the mail queue will be listed at the last.

#exim -­bpr | grep “<*@*>” | awk ‘{print $4}’|grep ­v “<>” | sort | uniq ­c | sort ­n

For example:

The output will look like:

1 test@example.com

1762 user@domain.com

3) Now you can read the email headers under the email account user@domain.com with the command

#exim -­bp | grep user@domain.com | tail ­-10

This will list you the output as given below:

0m 1.5K 1XV6jK­0005iy­RF <user@domain.com>

0m 1.5K 1XV85i­000223­B6 <user@domain.com>

0m 1.5K 1XV9T1­0003ET­D3 <user@domain.com>

0m 1.5K 1XV9Ti­0003KJ­55 <user@domain.com>

0m 1.5K 1XVArh­0000DU­6Z <user@domain.com>

4) Check for each mail’s header by hitting the command, ‘exim ­-Mvh message ID’.

For example:
# exim -­Mvh 1XV6jK­0005iy­RF

————————————-

mailnull 47 12

<user@domain.com>

1411184761 0

­helo_name webmail.domain.com

­host_address 127.0.0.1.3544

­host_name localhost.localdomain

­host_auth dovecot_login

­interface_address 127.0.0.1.25

­received_protocol esmtpa

­body_linecount 215856

­max_received_linelength 76

­auth_id user@domain.com

XX

1

info@companyname.com

250P Received: from localhost.localdomain ([127.0.0.1]:35444 helo=webmail.chai.in)

by sp12.twist.in with esmtpa (Exim 4.82)

(envelope­from <user@domain.com>)

id 1XVBcX­0000CX­3r

for info@companyname.com; Sat, 20 Sep 2014 11:46:04 +0800

018 MIME­Version: 1.0

078 Content­Type: multipart/mixed;

boundary=”=_8c49e7e215e784f10d84aad1fd14fc83″

038 Date: Sat, 20 Sep 2014 11:46:01 +0800

028F From: user@domain.com

025T To: info@companyname.com

068 Subject: Request quotation for Operable wall at S’Poly(T1A610)­ OLS

059I Message­ID: <a49d791ef84993a11e09c3fae7d8c187@chai.in>

032 X­Sender: user@domain.com

036 User­Agent: Roundcube Webmail/1.0.1

————————————-
Please look into the field auth_id ie authentication email address ‘user@domain.com’ which is being used to send spam emails.

Now, you should reset the password of the email account as soon as possible.

5) You can check the maillog to check the IP address from where this email address has been accessed.

For example :

#grep user@domain.com /var/log/maillog | awk ‘{print $10}’ | sort ­n | uniq ­c | sort ­n
941 rip=192.168.0.x,

2632 rip=xxx.xxx.xxx.xxx,
Now you can block them at your server’s firewall so that they can’t try to connect again using the commands given below.

In csf: csf ­-d xxx.xxx.xxx.xxx

In iptables: iptables ­-I INPUT ­-s xxx.xxx.xxx.xxx -­j DROP

In apf: apf ­-d xxx.xxx.xxx.xxx
And finally save the rule which you have added.

6) Please use the following command to clear the emails from a particular account.

#exim ­-bpu | grep ­e “frozen” ­e “user@domain.com” | awk ‘{print $3}’ | xargs exim ­-Mrm

Please replace “user@domain.com” with the actual email address.

Case 3:

If email are sent via newletters or forms, you can ask the customer to add any verification methods in page. One of the authentication methods is catpcha.
Redirect them to a developer to enable captcha on their contact forms.

You can refer the URL given below for more details about captcha.

Reference:

http://www.captcha.net/

AddThis Social Bookmark Button

October 4, 2014

Samba Server setup and cifs mount

Filed under: General Topics,Linux Basics,Miscellaneous — Bella @ 1:21 am

Samba is a free software re-implementation of the SMB/CIFS networking protocol.We need to setup and configure samba server where the drive to share or mount is located.

Samba Server uses the following port no. :
137/tcp
137/udp
138/tcp
138/udp
139/udp
139/udp
445/tcp
445/udp

Daemon name : smb and nmb Samba services are implemented as two daemons: smbd, which provides the file and printer sharing services, and nmbd, which provides the NetBIOS-to-IP-address name service. NetBIOS over TCP/IP requires some method for mapping NetBIOS computer names to the IP addresses of a TCP/IP network.

How to install and configure samba server:

Step 1: Install through yum command. cups-libs is for printer.

#yum install samba samba-commons cups-libs

Step 2: create a directory which you would like to share
#mkdir /shared

Step 3: Add a new group or you can use existing group to provide access on shared directory,Here I am adding new group called staff.
#groupadd staff

Step 4: Change the group and permission of sharing folder
#chgrp -R staff /shared  chmod -R 777 /shared

Step 5: Change the selinux security context on sharing directory and set the selinux boolean value for samba .
You can skip this step if selinux has permissive or disabled status. (use sestatus command to check selinux status)
#chcon -R -t samba_share_t /shared/
#semanage fcontext -a -t samba_share_t /shared/
#setsebool -P samba_enable_home_dirs on

Step 6: create user and add them in group called staff. And set the samba password for this user.
#useradd test
#usermod -G staff test
Set Password, here test123
#smbpasswd -a test
New SMB password:
Retype new SMB password:
#tdbsam_open: Converting version 0.0 database to version 4.0.
#tdbsam_convert_backup: updated /var/lib/samba/private/passdb.tdb file.

Step 7: Take backup of /etc/samba/smb.conf file then edit the smb.conf file.
#cd /etc/samba/
#cp -p smb.conf smb.conf.orig
And add the below given parameters in last line of  samba config file /etc/samba/smb.conf file
#vi /etc/samba/smb.conf

[backup]
comment = shared-directory
path = /shared
public = no
valid users = test, @staff
writable = yes
browseable = yes
create mask = 0777
directory mask = 777
force directory mode = 755
force group = root
force create mode = 644
force user = root
create mode = 644
directory mode = 775

The name in square braces is the name that we are referring while doing mount from remote server

Step 8: Edit these lines in /etc/samba/smb.conf . To allow network to reach samba server.

Change the value of 192.168.0.0/24 with your subnet. And change the ethernet value which is in used by your system and which you want to allow for traffic.
In second line ,192.168.0. is for subnet .Same rule applied to 127. which is for loopback.

#vi /etc/samba/smb.conf

interfaces = lo eth0 eth1 192.168.0.0/24
hosts allow = xxx.xxx.xxx.xxx

Please test the syntax on the config file using ‘testparm /etc/samba/smb.conf’  after the changes.

Note: Mainly for windows users,if your all PC in your network are using different WORKGROUP name edit the given below line in smb.conf with your workgroup name. Windows system by default uses the WORKGROUP as WORKGROUP. Try first without changing the WORKGROUP name,if required do the change.

workgroup = MYGROUP

Step 9 : Add services in /etc/services files
#vi /etc/services

netbios-ns    137/tcp            # netbios name service
netbios-ns    137/udp            # netbios name service
netbios-dgm    138/tcp            # netbios datagram service
netbios-dgm    138/udp            # netbios datagram service
netbios-ssn    139/udp            # netbios session service
netbios-ssn    139/udp            # netbios session service

Step 10: Add iptables rule in samba server for port no. 137,138.139 and 445.

Edit /etc/sysconfig/iptables file

Note: If in your network iptables service is stopped or there is no rule set up.Kindly skip this step. Change the 192.168.1.0/24 value with you network subnet.

vi /etc/sysconfig/iptables

Add the below lines  to the file /etc/sysconfig/iptables just before COMMIT or open the ports for the IPs

-A INPUT -s 192.168.1.0/24 -m state –state NEW -p tcp –dport 137 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state –state NEW -p tcp –dport 138 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state –state NEW -p tcp –dport 139 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state –state NEW -p tcp –dport 445 -j ACCEPT

Now save and restart the iptables

Step 11: Now start the smb and nmb services.

#/etc/init.d/smb start
#/etc/init.d/nmb start
#chkconfig smb on
#chkconfig nmb on

Step 12: Now we will test samba from linux

#mount -t cifs //samba-server-ipaddress/shared-directory-name -o username=USERNAME /mnt/

In our Example:
#mount -t cifs //xxx.xxx.xxx.xxx/shared -p username=test password=test123 /backup
Fstab entry (/etc/fstab)
//xxx.xxx.xxx.xxx/shared /backup cifs  username=test,password=test123,rw 0 0
# df -h |grep backup
//xxx.xxx.xxx.xxx/shared  917G   17G  854G   2% /backup

Windows User:

Open the Run and type \\ip-address-of-samba-server\shared-Direcory-name

eg :  \\xxx.xxx.xxx.xxx\shared

Give username and password. here the suername is “test” and the password is “test123″

AddThis Social Bookmark Button

September 29, 2014

WordPress Theme Installation

Filed under: General Topics,Linux Basics — Bella @ 8:44 pm

WordPress is a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL. WordPress is the most popular blogging system in use on the Web, at more than 60 million websites.

WordPress Themes :

WordPress users may install and switch between themes. Themes allow users to change the look and functionality of a WordPress website or installation without altering the information content or structure of the site.

Themes may be installed using the WordPress “Appearance” administration tool or theme folders may be uploaded via FTP. The PHP, HTML(hyper text markup language) and cascading style sheets(CSS) code found in themes can be added to or edited for providing advanced features. Thousands of WordPress themes exist, some free, and some paid for templates.

WordPress users may also create and develop their own custom themes if they have the knowledge and skill to do so.

Install WordPress Themes :

Installing a WordPress theme is easy. You can install a free WordPress theme by using the following steps.

>>> First you need to login to wordpress admin panel

Admin page.JPG

 

>>> Then from your WordPress dashboard, navigate to the Appearance > Themes menu.

Appearances.JPG

>>> Click on the “Add new” button.

Add new.JPG

>>> Choose the theme that suit your website from the list that appears and select “Install”

theme2.JPG

 

>>> After installation, you will be guided to a page like below

>>> Select “Activate” link from the options available

>>> You have installed the theme successfully.
If you have already downloaded the zip file of the wordpress theme and you wish to install that particular theme for your website, then you can install it using the below given steps :

>>> First you need to login to wordpress admin panel

>>> Then from your WordPress dashboard, navigate to the Appearance > Themes menu.

>>> Click on the “Add new” button.

>>> Select “Upload Theme” option

>>> Select “Browse” option

>>> Upload the zip file and select “Install Now”.

 

>>> After installation, you will be guided to a page like below.

 

 

>>> Select “Activate” link from the options available

>>> You have installed the theme successfully

After installation, when you refresh your website, it should load with the new WordPress theme.

AddThis Social Bookmark Button

Shell shock vulnerability

A new vulnerability has been found that potentially affects most versions of the Linux and Unix operating systems, in addition to Mac OS X. Known as the “Bash Bug” or “ShellShock,” the GNU Bash Remote Code Execution Vulnerability could allow an attacker to gain control over a targeted computer if exploited successfully. And because Bash is everywhere on Linux and Unix-like machines and interacts with all parts of the operating system, everyone anticipates that it will have lot of repercussions.

How does Shellshock work?

Shellshock exploits a flaw in how Bash parses environment variables; Bash allows functions to be stored in environment variables, but the issue is Bash will execute any code placed after the function in the environment variable value.

For example, an environment variable setting of VAR=() { ignored; }; /bin/id will execute /bin/id when the environment is imported into the bash process.
I am vulnerable?

You can check if you’re vulnerable by running the following lines in your default shell.

env X=”() { :;} ; echo vulnerable” `which bash` -c “echo Check completed”

If you see the word “vulnerable” echo’d back , then you’re at risk.

How Shellshock is Impacting the Web ?

The most likely route of attack is through Web servers utilizing CGI (Common Gateway Interface), the widely-used system for generating dynamic Web content. An attacker can potentially use CGI to send a malformed environment variable to a vulnerable Web server. The attacker is able to inject environment variables inside all bash process spawned by a web server under the CGI specification. This will occur directly if the CGI script is programmed in bash or indirectly by system calls inside other types of CGI scripts since the environment will propagate to the sub-shell. The vulnerability will automatically be triggered at the shell process instantiation. Furthermore if specific headers are used as attack points, the payload may not appear in the web-server logs, letting a compromise occur with virtually no trace of the intrusion.

Example:
CGI stores the HTTP headers in environment variables. Let’s say the example.com is running a CGI application written in Bash script.

We can modify the HTTP headers such that it will exploit the shellshock vulnerability in the target server and executes our code.

curl -k http://example.com/cgi-bin/test -H “User-Agent: () { :;}; echo Hacked > /tmp/Hacked.txt”

Here, the curl is sending request to the target website with the User-Agent containing the exploit code. This code will create a file “Hacked.txt” in the “/tmp” directory of the server.

What can I do to protect myself?

Major operating software vendors including RedHaT, CentOS, etc are already released a initial patch for this bug.

Debian—https://www.debian.org/security/2014/dsa-3032
Ubuntu—http://www.ubuntu.com/usn/usn-2362-1/
Red Hat—https://access.redhat.com/articles/1200223*
CentOS—http://centosnow.blogspot.com/2014/09/critical-bash-updates-for-centos-5.html
Novell/SUSE— http://support.novell.com/security/cve/CVE-2014-6271.html

If a patch is unavailable for a specific distribution of Linux or Unix, it is recommended that users switch to an alternative shell until one becomes available.

Need expert assistance?

SupportPro has a team of well experienced professionals. We can check your server for Shellshock vulnerability and patch the server so that you and your customers are secure from this attack. Feel free to contact us if you need assistance.

AddThis Social Bookmark Button
Next Page »

Powered by WordPress