Note:  This tutorial is written as of RKHunter v1.3.4.  Always make sure that you’re installing the latest version for best results.

First we’re going to download the script, extract it, and begin the installer.  Copy this code and paste it into your SSH window.

wget http://garr.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.4.tar.gz
tar -zxvf rkhunter-1.3.4.tar.gz
cd rkhunter-1.3.4
./installer.sh –layout default –install

Hard right?  Guess what, that’s it for the installation!  Next you can run a scan by pasting the following line into your SSH window:

/usr/local/bin/rkhunter -c

Updating RKHunter is just about, if not easier than the installation.  Updating RKHunter retrieves the latest database from the rootkit.nl central server and matches your server OS to help prevent false positives.  To update just execute the following command:

/usr/local/bin/rkhunter –update

Now lets set it up so that it scans daily and emails you a copy of the results.  Let’s start by setting up a daily cron job:

nano /etc/cron.daily/rkhunter.sh

That created a new empty cron job, now let’s give it something to do.  Copy these lines into the new file you just created, making sure to replace your email address:

#!/bin/bash
(/usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s “Daily Rkhunter Scan Report” email@domain.com)

Now we’ll save the file we just created by doing the following:

ctrl-x to close the file, Hit “y” to accept the file changes, and hit enter to overwrite the file.

And we’ll finish off our cron job by executing the following command:

chmod +x /etc/cron.daily/rkhunter.sh

And that’s it!  Keep in mind, RKHunter is only a small tool in a very large array of server security tools.  That’s for another post though.

The session.save_path setting in your php configuration file (php.ini) is not set or is set to a folder which did not exist. You might need to set the save_path setting in php.ini or verify that the folder sets in save_path exist.

It’s a pretty simple fix in the servers php.ini. First thing you need to do is locate your servers copy of the php.ini by running the following command via SSH.

root@lolwut [~]# php -i | grep php.ini
Configuration File (php.ini) Path => /usr/local/lib
Loaded Configuration File => /usr/local/lib/php.ini
root@lolwut [~]#

Once you’ve found the php.ini, use your favorite editor and locate the following line.

root@lolwut [~]# grep ‘session.save_path’ /usr/local/lib/php.ini
; session.save_path = “N;/path”
;session.save_path = /tmp
; (see session.save_path above), then garbage collection does *not*
root@lolwut [~]#

In this case, simply remove “;” which will uncomment the line. If you are missing the “/tmp” part of the line, you will need to add it. Make these changes and save the file, then restart apache and you’re good to go.

One of the most common issues when installing fantastico is a buggy wget install on the server, so a working wget version will need to be installed. Another common issue is cPanels internal php may break, but we will discuss the fix to that later on. To install the working version of wget run the following commands:

rpm -qa wget ;
wget ftp://ftp.funet.fi/pub/mirrors/ftp.redhat.com/pub/fedora/linux/core/5/i386/os/Fedora/RPMS/wget-1.10.2-3.2.1.i386.rpm
chattr -ia /usr/bin/wget
rpm -e wget ;
rpm -ivh –force wget-1.10.2-3.2.1.i386.rpm ;
rpm -qa wget ;

First thing is downloading the Fantastico files to the server.

/scripts/upcp
cd /usr/local/cpanel/whostmgr/docroot/cgi
wget -N http://www.netenberg.com/files/free/fantastico_whm_admin.tgz
tar -xzpf fantastico_whm_admin.tgz
rm -rf fantastico_whm_admin.tgz

Once the files have been downloaded, log into WHM with your root account and select “Fantastico De Luxe WHM Admin” under the plugin section on the left side of WHM at the bottom.

You will then go the Fantastico main page, where you will select “Click here” under ‘Version Information’ in the middle. Now select the stable version from the drop down menu.

Now follow the remaining steps using the default information, as all of it should be correct, though you may want to double check. Be sure to select “enable” next to suexec if it is installed on the server and also check the VPS section if you have installed this on a VPS.

If you receive cpanel_phpengine errors when logged into Fantastico as end user, run the following command via SSH.

/scripts/makecpphp

You may also run into an ioncube error when trying to log into Fantastico, which can be fixed by logging into WHM as root -> Tweak Settings -> Loader to use for internal cPanel PHP -> IonCube -> Save

If you have any issues with your install, feel free to comment this post.

2009-07-20 21:58:07 Failed to get write lock for /var/spool/exim/db/ratelimit.lockfile: timed out
2008-07-20 21:58:07 H=[xx.xx.xx.xx] temporarily rejected connection in “connect” ACL: ratelimit database not available

To fix such an error , the exim cache database on the server side needs to be clear off to stop this message.

Run the folllowing command on root :

root@lolwut [~]# rm -fv /var/spool/exim/db/*

Output :

removed `/var/spool/exim/db/ratelimit’
removed `/var/spool/exim/db/ratelimit.lockfile’
removed `/var/spool/exim/db/retry’
removed `/var/spool/exim/db/retry.lockfile’
removed `/var/spool/exim/db/wait-dk_remote_smtp’
removed `/var/spool/exim/db/wait-dk_remote_smtp.lockfile’
removed `/var/spool/exim/db/wait-remote_smtp’
removed `/var/spool/exim/db/wait-remote_smtp.lockfile’

Then run the following command on root:

root@lolwut [~]# service exim restart

If this doesn’t work , then run /scripts/upcp –force on the server and then check exim_mainlog for the changes.

How to create a compressed tar.gz file from a folder or file in Linux?

In order to create a compressed tar.gz archive from a folder/file we need to run the following tar command:

tar -czf new-tar-file-name.tar.gz file-or-folder-to-archive

Here is the command explanation:

• tar – the tar command.
• c – create new archive.
• z – compress the archive using gzip.
• f – use archive file.
• new-tar-file-name.tar.gz – the name of the tar.gz to create.
• file-or-folder-to-archive – the name of the folder we want to archive.

How to create a compressed tar.gz file from multiple files and folders in Linux?

In order to create a compressed tar.gz file from multiple files or/and folders we need to run the same tar command we used when we archived a single file/folder and to append the rest of the files/folders’ names to it.

tar -czf new-tar-file-name.tar.gz file1 file2 folder1 folder2

How to extract a compressed tar.gz file in Linux?

tar -xzf tar-file-name.tar.gz

Here is the command explanation:

• tar – the tar command.
• x – extract the archive.
• z – uncompress the archive using gzip.
• f – use archive file.
• tar-file-name.tar.gz – the name of the tar.gz to create.

The tar command will extract all the files/folders in the archive to the current directory.

How to extract a compressed tar.bz2 file in Linux?

Extracting tar.bz2 (bzip2 file) is very similar to the way you extract tar.gz file. Instead of using the -z flag you need to use the -j flag for the bzip2 format

tar -xjf tar-file-name.tar.gz

Here is the command explanation:

• tar – the tar command.
• x – extract the archive.
• j - filter the archive through bzip2
• f – use archive file.
• tar-file-name.tar.gz – the name of the tar.gz to create.

The tar command will extract all the files/folders in the archive to the current directory.

login as: root
root@server’s password:
Server refused to allocate pty
stdin: is not a tty

After a quick google search I came across the fix.

[root@node /]# vzlist -a
VEID      NPROC STATUS  IP_ADDR         HOSTNAME
1337         78 running 69.10.59.80     grumpy.thelinuxnoob.com
[root@node /]# vzctl exec 1337 /sbin/MAKEDEV ptyp
[root@node /]# vzctl exec 1337 /sbin/MAKEDEV tty
[root@node /]# vzctl exec 1337 /sbin/MAKEDEV pty

The issue should now be resolved and you can SSH into the VPS.

wget http://layer1.cpanel.net/perl588installer.tar.gz
tar -xvzf perl588installer.tar.gz
cd perl588installer
./install

cp -Rpf /var/lib/mysql /var/lib/mysql.BAK
Login to WHM –> Tweak Settings –> MySQL -> 5.0  and Save settings
/scripts/mysqlup –force
/scripts/perlinstaller –force Bundle::DBD::mysql
/scripts/realperlinstaller –force DBD::mysql
Recompile PHP

You’re done

This will force a hacker to have to guess 2 seperate passwords to gain root access.
(you do have 2 seperate passwords for admin and root right?)
What happens is you’ll first need to login as your admin user in SSH, then switch to the super user with the su command to get root.

We also will be forcing the use of SSH protocol 2, which is a newer, more secure SSH protocol
Just a couple more ways to help your server stay safe from the bad guys. If you’re using cPanel make sure you add your admin user to the ‘wheel‘ group so that you will be able to ‘su -‘ to root, otherwise you may lock yourself out of root.

1. SSH into your server as ‘admin‘ and gain root access by su

2. Copy and paste this line to edit the file for SSH logins
pico -w /etc/ssh/sshd_config

3. Find the line
Protocol 2, 1

4. Uncomment it and change it to look like
Protocol 2

5. Next, find the line
PermitRootLogin yes

6. Uncomment it and make it look like PermitRootLogin no

7. Save the file Ctrl+X then Y then enter

8. Now you can restart SSH
/etc/rc.d/init.d/sshd restart

Now, no one will be able to login to root with out first loggin in as admin and ’su -’ to root, and you will be forcing the use of a more secure protocol. Just make sure you remember both passwords!

Getting in

start a new screen session: screen
.. with session name: screen -S <name>
attach to a running session: screen -r
.. to session with name: screen -r <name>
the “ultimate attach”: screen -dRR (Attaches to a screen session. If the session is attached elsewhere, detaches that other display. If no session exists, creates one. If multiple sessions exist, uses the first one.)

Escape key

All screen commands are prefixed by an escape key, by default C-a (that’s Control-a, sometimes written ^A). To send a literal C-a to the programs in screen, use C-a a.

Getting out

detach: C-a d
detach and logout (quick exit): C-a D D
exit screen: exit all of the programs in screen.
force-exit screen: C-a C-\ (not recommended)

Help

See help: C-a ? (lists keybindings)

Window Management

create new window: C-a c
change to last-visited active window: C-a C-a (commonly used to flip-flop between two windows)
change to window by number: C-a <number> (only for windows 0 to 9)
change to window by number or name: C-a ' <number or title>
change to next window in list: C-a n or C-a <space>
change to previous window in list: C-a p
see window list: C-a ” (allows you to select a window to change to)
show window bar C-a w (if you don’t have window bar)
close current window: Close all applications in the current window (including shell)
kill current window: C-a k (not recommended)
rename current window: C-a A

Split screen

split display: C-a S
jump to next display region: C-a tab
remove current region: C-a X
remove all regions but the current one: C-a Q

Misc

redraw window: C-a C-l
enter copy mode: C-a [ (also used for viewing scrollback buffer)
paste: C-a ]
monitor window for activity: C-a M
monitor window for silence: C-a _
enter digraph: C-a C-v
lock (password protect) display: C-a x
enter screen command: C-a :