"The mind of a Mad Tech!"

Archive for the ‘Linux’ category

Setting up a new user account for root access.

July 7th, 2010

Let’s face it, giving out your root password to your Linux server isn’t very smart or security minded. Still there are many of us who provide our root user and before we know it, we’re either looking at a compromise or a permissions issue or worse. Though it doesn’t need to be this way. No… We can create a new user and give them root access or we can edit the abilities of this user.

How does one do this you ask? Simple. In this instance, we’ll setup a new user to have root access, but this works out as we can add the user to the sudoers file, meaning we know who we are giving access to. Heck, you may want to do this for your main user and disable the root user for security reasons, but that’s your call.

Any how, on to the fun stuff!

1. First we need to login to the server, so don’t disable the root user yet, and create a new user. For this example, I’ll make a new user called madtech. So we SSH into the server and type the following;

“useradd madtech”

2. Next we need to add a password for the user, to do this we need to type the following;

“passwd madtech”

It will then ask for us to enter the password and then again to confirm the password.

3. Now that we created the user, we need to edit the sudoers file. Take note we don’t want to edit this with or standard text editors.. no, thats bad. We need to use visudo. Visudo should already be installed on the server. So what we need to do now is goto the following line;

## Allow root to run any commands anywhere

root ALL=(ALL) ALL

We need to add our new user to this file by typing;

madtech ALL=(ALL) ALL

And then we press CRTL+X and then Y to save the changes.

4. We’ve just added the user, so know when you log into the server with this new user you can type the following to sudo in and gain admin access;

“sudo -l” or “sudo su -”

This will give the suer root access for the logged in session. If you log out and back in, you need to sudo again.

*******Issues you may encounter*********

So you added the user but when you sudo in, you get the following error:

sudo: must be setuid root

This means there is an issue with the changes to the sudoers file and you need to fix it. But its an easy fix, so relax. All you need to do is log back into the server as the root user again and run the following commands;

“chown root:root /usr/bin/sudo”
“chmod 4111 /usr/bin/sudo”

Now logout as root and login as the new user and then sudo in. You should now get the default sudo message like the one below or similar, depending on what the MOTD on the server is set to.

“We trust you have received the usual lecture from the local System

Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.

#2) Think before you type.

#3) With great power comes great responsibility.”

That’s it. Now you can disable that root user, if you choose to!

No comments »

Posted in Linux, Security

Tags: ssh sudo

How to disable Reverse DNS Lookups in Proftpd

July 7th, 2010

If you use cPanel, Plesk or any Linux control panel or Distro, you may notice that your Proftpd connection is either slow or takes some time before it becomes responsive. This is likely due to the Proftpd instance doing a Reverse DNS Lookup and it is having issues doing so. However it is possible to disable this option to help speed up the negotiation. This will not help with slow upload speeds if you have a slow upstream however, please make a note of this.

To disable the DNS Lookups you need to do the following;

1. Log into the server that is running Proftpd. You will need to do so by using SSH.

2. Once you have logged into the server you will now need to edit the Proftpd configuration file. This is called the Proftpd.conf file. You can simply type the following to do so;

“vi /etc/proftpd.conf”

Please note this is the default Proftpd configuration location. If your’s is in a different directory, you will need to adjust the command to your location. In this example we are using VI to make the changes. You are free to also use either Nano or Pico, which ever you feel comfortable using.

3. Once you are in the file, you will need to look for the following lines;

“IdentLookups on”
“UseReverseDNS on”

You will need to turn off the lookup by changing them to the following;

“IdentLookups off”
“UseReverseDNS off”

4. Once you make the changes, save the file. You will then need to restart the proftpd instance.

5. You then will need to restart Proftp. Take note, if you are using Plesk you will need to restart the xinetd service as Proftp runs under this service.

To restart in Plesk, type “service xinetd restart”

To restart in everything else, type /etc/init.d/proftpd restart or service proftpd restart

No comments »

Posted in FTP, Linux

Tags: dns lookup Proftpd

How to install / reinstall RoundCube in Whm / cPanel (Linux)

June 5th, 2010

First make sure you know your mysql root password, you have to replace DATABASEPASSWORD to your mysql root password.

If you have already used RoundCube installation please make sure you remove any traces of it with,

cd /usr/local/cpanel/base
rm -rf roundcube*
mysql -p -e ‘drop database roundcube’;
chattr -i /usr/local/cpanel/base/frontend/x/webmaillogin.html
chattr -i /usr/local/cpanel/base/webmaillogin.cgi
/scripts/upcp

You will have to specify your root password when prompted.

Now lets download roundcube first and chmod the directorys

cd /usr/local/cpanel/base
wget -O roundcube.tar.gz http://heanet.dl.sourceforge.net/sourceforge/roundcubemail/roundcubemail-0.1-rc1.tar.gz
tar -zxvf roundcube.tar.gz
rm -rf roundcube.tar.gz
mv -f roundcubemail-0.1-rc1 roundcube
cd roundcube
chmod -R 777 temp
chmod -R 777 logs

Create the database and install the intial sql file. The following commands will do this for you.

mysql -e “CREATE DATABASE roundcube;” -pDATABASEPASSWORD
mysql -e “use roundcube; source SQL/mysql.initial.sql;” -pDATABASEPASSWORD

Now lets sort out the configuration

cd config
mv db.inc.php.dist db.inc.php
mv main.inc.php.dist main.inc.php

Now open db.inc.php

nano db.inc.php

Find

$rcmail_config['db_dsnw'] = ‘mysql://roundcube:pass@localhost/roundcubemail’;

Replace with

$rcmail_config['db_dsnw'] = ‘mysql://root:DATABASEPASSWORD@localhost/roundcube’;

Now Open main.inc.php

nano main.inc.php

Find

$rcmail_config['default_host'] = ”;

Replace with

$rcmail_config['default_host'] = ‘localhost’;

Now we have to configure cPanel to show roundcube in the theme. Please note this is for the X theme(default) only!! If you use another theme please skip the next part and see below.

cd /usr/local/cpanel/base/roundcube/skins/default/images/
cp –reply=yes roundcube_logo.png /usr/local/cpanel/base/frontend/x/images/roundcube_logo.png
cp –reply=yes roundcube_logo.png /usr/local/cpanel/base/webmail/x/images/roundcube_logo.png
cd /usr/local/cpanel/base
wget http://www.hostgeekz.com/files/hostgeekz/HGpatch-roundcube-0.1-rc1
patch -p0 < HGpatch-roundcube-0.1-rc1

**NOTE** If you receive a message stating

Reversed (or previously applied) patch detected! Assume -R?

please press N for No as this is because you previously installed roundcube

This will auto do all the necessary changes to roundcube and the X theme.

Once the patch is executed you may now access roundcube via http://yourip/webmail

—–

If you do not use the X theme please do the following

cd /usr/local/cpanel/base
wget http://www.hostgeekz.com/files/hostgeekz/HGpatch-roundcube-NON-X-0.1-rc1
patch -p0 < HGpatch-roundcube-NON-X-0.1-rc1

Then open your webmaillogin.html, please replace YOURTHEME with the name of your theme.

nano /usr/local/cpanel/base/frontend/YOURTHEME/webmaillogin.html

and find

</td>
</cpanelif>
</cpanelfeature>

Add Below

<td align=”center” valign=”bottom” width=”200″>
<a href=”/roundcube/index.php”><img src=”images/roundcube_logo.png” border=”0″></a>
<a href=”/roundcube/index.php”>RoundCube</a>
</td>

Remember to chattr +i the files or add the patch to your /scripts/upcp.

chattr +i /usr/local/cpanel/base/frontend/x/webmaillogin.html
chattr +i /usr/local/cpanel/base/webmaillogin.cgi

If you are using cPanel 11 ensure to run the following fix.

wget http://www.hostgeekz.com/files/hostgeekz/cpanel-11-fix.sh
chmod 700 cpanel-11-fix.sh
./cpanel-11-fix.sh
rm -f cpanel-11-fix.sh

That’s it! You may now access roundcube via http://yourip/webmail

No comments »

Posted in Cpanel, Linux

Linux how to correct the InnoDB to load If it is failing to start.

May 25th, 2010

The InnoDB requires access to specific files, that if are corrupted, will cause the InnoDB engine to fail to load. You will know if the InnoDB fails to load if you acess MySQL and run the following command;

show engine innodb status;

The output will be the following;
ERROR 1235 (42000): Cannot call SHOW INNODB STATUS because skip-innodb is defined

However the fix is to locate the following files in /var/lib/mysql/. Be sure to stop MySQL first before changing the files;

ib_logfile0

ib_logfile1

You can remove both the files by running the following commands. Again, be sure to stop MySQL first;

mv /var/lib/mysql/ib_logfile0 /var/lib/mysql/ib_logfile0.bak

mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/ib_logfile1.bak

(Your MySQL pathing may vary, we are using the default MySQL install paths in this article).

After removing these files, start up MySQL;

Service mysql start or Service mysqld start.

Once the MySQL instance is started, the InnoDB will also be started as well.

No comments »

Posted in Linux, MySql

Tags: innodb MySql

Adding mime types to a Linux server

May 25th, 2010

There are two ways to add a mime type to a Linux server. You can either add the mime type to the server mime type listing or you can specify a mime type via an .htaccess file in a individual hosting account. This article will explain how to do both.

Method 1.

Log into the Linux server via SSH.
Open the “/etc/mime.types” file using a text editor.
Add the new mime type into the end of the “/etc/mime.types” file and save it.
Restart Apache by typing either of the following commands;

“service httpd restart”

“/etc/init.d/httpd restart”

Method 2.

Loging the Linux server via SSH.
Navigate to the account that you wish to add the mime type. You will need to be in the web accessible portion of the account.
Either create or modify the existing “.htaccess” file and add the mime type entry and save the file.
Restart Apache by typing either of the following commands;