Welcome to the world of Linux
02 Jul 2015 Leave a comment
in cpanel, CSF/IPTABLES, VPS Tags: cpanel, csf, lfd
Issue :
When I checked the status of lfd it’s shown as stopped.
root@ded17 [~]# /etc/init.d/lfd status
Status of lfd:lfd is stopped
I have tried to start it and that didn’t help.
Solution :
1. Open the csf configuration files.
# vi /etc/csf/csf.conf
2. Then change “Testing=0” to “Testing=1”
3. Now restart the lfd service.
That’s all…!!!!!
22 Jun 2014 Leave a comment
in cpanel, CSF/IPTABLES
1.Make sure clamavconnector is NOT installed in WHM > Manage Plugins as this will break MailScanner
2.Next you will need to create a user for clamav to use:
useradd clamav
Some OS’s require you to add the group as well:
groupadd clamav
Don’t worry if the user and/or group already exist.
3.Create and chown the /usr/local/share/clamav directory:
mkdir /usr/local/share/clamav
chown clamav:clamav /usr/local/share/clamav
4.Download the latest stable ClamAV distribution from http://www.clamav.net
5.Expand the distribution and cd into the resultant directory and build ClamAV using:
tar -xzf clamav-*
cd clamav*
./configure –disable-zlib-vcheck
make
make install
mv -fv /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
Vi /usr/local/etc/freshclam.conf
Comment out the line (put a # as the first character on the line) near the top that says simply:
Example
Vi /usr/local/etc/clamd.conf
Change the following line:
#LocalSocket /tmp/clamd.socket
to this:
LocalSocket /tmp/clamd
6.Run ldconfig to create the necessary links and cache to most recent shared libraries
ldconfig
7.Run freshclam to download the latest definitions:
freshclam
8.Install the example init script that we provide:
curl configserver.com/free/clamd -o /etc/init.d/clamd
chown root:root /etc/init.d/clamd
chmod +x /etc/init.d/clamd
chkconfig clamd on
service clamd restart
9. vi /etc/chkserv.d/clamav
Add the following line:
service[clamav]=x,x,x,service clamd restart,clamd,root
10. Create an empty log file for clamav updates:
touch /var/log/clam-update.log
chown clamav:clamav /var/log/clam-update.log
11.Add clamav to chkservd so that it will be monitored:
vi /etc/chkserv.d/chkservd.conf
clamav:1
12.At this point you can setup clamd in the MailScanner configuration:
vi /usr/mailscanner/etc/MailScanner.conf
Set the following options:
Virus Scanners = clamd
Clamd Socket = /tmp/clamd
13. Then restart MailScanner with:
service MailScanner restart
14. Now run
which clamscan
That’s all…..!!!
27 May 2014 Leave a comment
in cpanel, CSF/IPTABLES
I got the error ““csf: command not found” while executing command via command line.
[root@server]# csf
-bash: csf: command not found
[root@server]# csf -e
-bash: csf: command not found
Solution:
Step 1: At first, check if the CSF is installed or not on the server. If it is installed, most probably due to the absence of ‘perl scripts’ in WHM/cPanel.
Step 2: Take a back up of csf.conf, csf.allow and csf,deny files for our security.
Step 3: Update CSF by executing the following command
curl -s configserver.com/free/csupdate | perl
The config server firewall shoul be updated after executing the command. Then, try to run the csf command and it must be work properly.
That’s all………….!!!!!!!
14 Mar 2014 Leave a comment
in CSF/IPTABLES, VPS
Issue : while adding an iptable rule on the server i got the following error
[root@cape /]#iptables -A input -p tcp –dport 26 -j ACCEPT
iptables: No chain/target/match by that name
Solution :
1. Open the file /etc/sysconfig/iptables-config in the server
i.e: vi /etc/sysconfig/iptables-config
check for the entry IPTABLES_MODULES
It should bee seen like IPTABLES_MODULES=””
It means iptabel modules are not compiled to the server.
2. Now go to vpsnode and check the modules are available or not using lsmod command
lsmod | grep ipt
If it shows the modules do the following steps.
3.Open the file /etc/sysconfig/iptables-config in the node and check the entry IPTABLES_MODULES
it will shows like
IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ipt_owner ipt_REDIRECT”
4. Now copy it from the node and paste in to the file /etc/sysconfig/iptables-config of the server.
5. Restart iptables of the server after saving it.
That’s all………!!!!!!!
13 Mar 2014 Leave a comment
in cpanel, CSF/IPTABLES
I got the above error while entering to “ConfigServer Security & Firewall” in WHM.
Solution:
1. Login to WHM
2.Home » Plugins » ConfigServer Security & Firewall
3.set RESTRICT_SYSLOG to 3 , which is the default value
4.You can also set it from the csf configuration file.
i.e; # vi /etc/csf/csf.conf
search for “RESTRICT_SYSLOG”. It will be like RESTRICT_SYSLOG = “0”
Change it to RESTRICT_SYSLOG = “3”
That’s all…….!!!!!
19 Feb 2014 Leave a comment
in CSF/IPTABLES, VPS Tags: csf, iptables, openvz, vps
I got the above error while restarting csf in the server
root@vps [/]# /etc/init.d/csf start
Starting csf:You have an unresolved error when starting csf:
Error: The VPS iptables rule limit (numiptent) is too low (391/400) – stopping firewall to prevent iptables blocking all connections, at line 2282 in /usr/sbin/csf
Solution:
In this case, you need to increase the “Numiptent” value in the VPS configuration file which is located at /etc/sysconfig/vz-scripts/ directory. There is a restriction on the total number of IP packet filtering entries in the system and when the allotted limit is lower than the number of iptable rules set on your VPS, you will receive the above error message. You need to increase the “numiptent” value and restart the VPS.
To check fail count : cat /proc/user_beancounters
For changing the value of numiptent, Please go to vpsnode and enter the following command
#vzctl set vpsid –numiptent 1000:1000 –save
After that go to the vps server and restart csf
#csf -r
Thats all ……..!!!!!!!!!!!!!
07 Feb 2014 Leave a comment
in CSF/IPTABLES, VPS
Issue :When adding rules to iptables like the following, # iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE && iptables-save
I got the following error
FATAL: Module ip_tables not found.
iptables v1.4.7: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Solution :
Paste the following comamnd on node terminal
————-
modprobe iptables_module
modprobe ipt_helper
modprobe ipt_REDIRECT
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_SAME
modprobe ipt_REJECT
modprobe ipt_helper
modprobe ipt_owner
modprobe ip_tables
modprobe ipt_MASQUERADE
modprobe ipt_multiport
modprobe xt_multiport
modprobe ipt_state
modprobe xt_state
modprobe ipt_limit
modprobe xt_limit
modprobe ipt_recent
modprobe xt_connlimit
modprobe ipt_owner
modprobe xt_owner
modprobe iptables_module
modprobe ipt_helper
modprobe ipt_REDIRECT
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_SAME
modprobe ipt_REJECT
modprobe ipt_helper
modprobe ipt_owner
modprobe ip_tables
modprobe ipt_MASQUERADE
modprobe ipt_multiport
modprobe xt_multiport
modprobe ipt_state
modprobe xt_state
modprobe ipt_limit
modprobe xt_limit
modprobe ipt_recent
modprobe xt_connlimit
modprobe ipt_owner
modprobe xt_owner
————
Then add the following on the vps configuration file “etc/vz/conf/vpsid.conf”
IPTABLES=”ipt_LOG ipt_multiport ipt_REJECT ipt_state ipt_limit ipt_recent xt_connlimit ipt_owner iptable_nat ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_MASQUERADE”
Restart the vps node now.
Then try to run the command “iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save”
Thats all…..!!
05 Feb 2014 Leave a comment
in cpanel, CSF/IPTABLES, ftp
Solution:
1.Login to the server using SSH as root user
2.Open the file /etc/pure-ftpd.conf
3.Scroll down and look for the line that says “PassivePortRange 30000 35000″
4.Make sure it is not commented out (with a # at the front)
5.Save the file
6.Restart the FTP server
Also check the whether the port range is open or not in /etc/csf/csf.conf
Vi /etc/csf/csf.conf
It should be like this “TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,30000:50000”
After editing save and restart iptables
Thats all …!!!
05 Feb 2014 Leave a comment
in cpanel, CSF/IPTABLES
You can install csf firewall in cpanel servers using the following steps.
#cd /usr/local/src
#rm -fv csf.tgz
#get http://www.configserver.com/free/csf.tgz
#tar -xzf csf.tgz
#cd csf
#sh install.sh
Next, test whether you have the required iptables modules:
#perl /etc/csf/csftest.pl
Disable ‘TESTING’ mode in csf.conf .For that set TESTING = “0” in csf.conf otherwise lfd daemon won’t start.
#csf -r
#service lfd restart
Thats all……!!!!!!
03 Feb 2014 Leave a comment
in CSF/IPTABLES, VPS Tags: Maldet
You can remove the temporary files in maldet scan using the following command
# replace “\$tmpdir_paths” “” — /usr/local/maldetect/maldet
Tricks For Linux 
Recent Comments