Riz Khan on January 9th, 2011

The VPS management control Panel SolusVM is a very good choice for OpenVZ and Xen based servers. It is a stable and feature rich control panel and has a very low cost compared to the Virtouzzo platform and Panel from the popular brand Parallels.

SolusVM use an Administrator user login to manage the VPSs, Clients and other options.

If you forget or lose your Admin passwrd you can reset the Admin password using below script and arguments :

php /usr/local/solusvm/scripts/pass.php --type=admin --comm=change --username=

For –username mention the admin username for SoluVM , the default Admin username is vpsadmin , however you can always have a custom admin name and you will need to mention the one you created during setup in this step.

You will get an output similar to this:

New password: gh@87BHFGer$

Choose a strong Password like above and press enter and the given password will be set as the new password for the admin user. Use the newly created password for SolusVM admin login and it should work fine now.

Tags: , ,

Virtouzzo is the popular Virtualization platform from Parallels ( formerly known as SWsoft ).

I discussed in one of my earlier articles on finding the hwid for buying licenses  How To : Find the hardware id ( hwid ) on a server for Virtouzzo license .

Parallels provides Virtouzzo licensing depending on your requirements, i.e you can get a license to support 3 vpss on a node or 20 ve license for running 20 vpss or 30 ve license and so on.

In this article I will discuss the common commands that can be used to check the license status and installing a new license in case it gets expired.

The main command used for viewing the license information is :

vzlicview

It provides detail information with fields like owner_name , status , version , owner_id , hwid , expiration, start_date , issue_date etc.

We can use the grep command to find our specific information, e.g. we can find the status of license using below command :

[root@VZServer ~]# vzlicview | grep status
status="ACTIVE"

[root@VZServer ~]#

Similarly you can check other fields in the license. In case your license has expired or it is going to expire in next few days, you will need to get a new license and install it. You can get the hwid from the server to get the new license issued.

The new license number has normally the format like VZ.012211XX.00YY and the file name containing the license is also same and usually comes as a zipped text file.

Once you have the license key file you can install the new license in following two ways using the main command vzlicload provided for loading the new licenses :

1. Using the below format you can load the license after uploading the license file to the server :

vzlicload -f "/full/path/to/license/file"

2. Using the below format you can load the license using the unique license key :

vzlicload -p product_key

The product key is the unique key like VZ.011221XX.00YY . Though please note that this later format of using product key only works with Virtouzzo version 4 and higher and will not work for Virtouzzo version below 4.

If you face any issues, you can ask in comment section and I will try to help !

Tags: , , ,

Introduction

LMD or the Linux Malware detect is yet another useful software application form RfxNetworks , it has been prepared keeping the specific share hosting requirements and malware scenario in mind.

RfxNetworks Defines is at follows :

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection.

The author of LMD declares the limited availability of existing open source free tools for Linux system that focus on malware detection as the driving force behind making this software.

The shared hosting environment has its own dynamics and LMD targets this specific environment considering the specific features of shared hosting.

There are so many new malware coming every day and these reside mostly in user level files which are not checked by most of the common antivirus software that mainly focus on server level vulnerabilities.

Installation and Configuration

In this article we will look into its installation and some basic configurations and usage details. Lets start with the installation.


wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzvf maldetect-current.tar.gz
cd maldetect-*
sh install.sh

After running the install script , the installation will complete with in seconds and you will be provided with successful installation output, in this information some of the main configuration and usage related information provided is   below :


...
installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
...

As you can see from above output the main configuration file for malware detect is located at below path :

/usr/local/maldetect/conf.maldet

The main cron is located at /etc/cron.daily/maldet

Before we move on to look into usage of this binary, LMD provide some ignore options that provide you a better control on what you want to do accordingly to your specific environment.

There are three ignore files available in LMD , below are their paths and usage details :


/usr/local/maldetect/ignore_paths
This is a line spaced file for paths that are to be execluded from search results

/usr/local/maldetect/ignore_sigs
This is a line spaced file for signatures that should be removed from file scanning

/usr/local/maldetect/ignore_inotify
This is a line spaced file for paths that are to be excluded from inotify monitoring

The main configuration file is fully commented so you can easily make setup most options by looking at the comments, below are some main options that you should set  :

email_alert
This is a top level toggle for the e-mail alert system, this must be turned on if you want to receive alerts.

email_addr
This is a comma spaced list of e-mail addresses that should receive alerts.

quar_hits
This tells LMD that it should move malware content into the quarantine path and strip it of all permissions. Files are fully restorable to original path, owner and permission using the –restore FILE option.

quar_clean
This tells LMD that it should try to clean malware that it has cleaner rules for, at the moment base64_decode and gzinflate file injection strings can be cleaned. Files that are cleaned are automatically restored to original path, owner and permission.

quar_susp
Using this option allows LMD to suspend a user account that malware is found residing under. On CPanel systems this will pass the user to /scripts/suspendacct and add a comment with the maldet report command to the report that caused the users suspension (e.g: maldet –report SCANID). On non-cpanel systems, the users shell will be set to /bin/false.

quar_susp_minuid
This is the minimum user id that will be evaluated for suspension, the default should be fine on most systems.

The rest of the options in conf.maldet can be left as defaults unless you clearly understand what they do and how they may influence scan results and performance.

Manual Scan and real-time monitoring

For complete details of commands you can check the command help using below :

maldet –help

If you are looking to scan all the public_html directories for all the users on the server then you can achieve this using below command  :

maldet –scan-all /home?/?/public_html

Note : Please note that LMD use ‘?’ as wild card instead of ‘*’ , thus the use of  ‘?’ in above command.

There are more options like –scan-recent which you can use to scan only recent files/changes and you have the option to mention number of days at the end of command which helps you scan for a recent time period.

Also there are other option parameters related to quarantine and cleanup, however please note that the quarantine option is disabled with default installation of LMD , if you want you can enable it from the main config.

There is also a real-time monitoring supported by LMD , however it will not work with CentOS4/RHEL4 as it requires inotify kernel parameter which is available in CentOS5/RHEL5 only.

Below is the help section related to real-time monitoring :

-m, –monitor USERS|PATHS|FILE

Run maldet with inotify kernel level file create/modify monitoring
If USERS is specified, monitor user homedirs for UID's > 500
If FILE is specified, paths will be extracted from file, line spaced
If PATHS are specified, must be comma spaced list, NO WILDCARDS!
e.g: maldet --monitor users
e.g: maldet --monitor /root/monitor_paths
e.g: maldet --monitor /home/mike,/home/ashton

You can initiate to monitoring for any user account as follows :

maldet –monitor /home/mike

And the monitoring will continue to run in background and the resultant logs will be reported in below log file :

/usr/local/maldetect/inotify/inotify_log

The daily scans through cron

The cronjob which is installed by LMD is located at path /etc/cron.daily/maldet as I mentioned earlier in the post and this cron is used to perform a daily update of signatures, keep the session, temp and quarantine data to no more than 14d old and run a daily scan of recent file system changes.

The above information should be enough to get your started !

You can find more details on the official site for this RfxNetwork project at below link :

http://www.rfxn.com/projects/linux-malware-detect/

Have a Happy Malware Hunting ! :)

Tags: , , ,

Riz Khan on December 22nd, 2010

cPanel has some excellent videos explaining different areas of cPanel management for both Resellers and Server Admins.

There is a set of four videos that explain the Resellers and the branding managment. This set of videos mainly explain the following areas :

  • Resellers , what they are and how they can benefit the revenue stream of hosting providers
  • A good starting tour of cPanel branding Editor
  • Customizations beyond and out of the branding Editor
  • Mass Deployment of Branding

These videos are recommended for Hosting Providers, System Administrator and the Resellers themselves.

Below is the link to the first video of this series and from within this you can view next videos in sequence :

Happy Learning and Kudos to cPanel for doing a good Job !

Tags: , , , , ,

Parallels the vendor of Virtualization platform Virtouzzo use a hardware id to maintain and associate the Virtouzzo licenses.

You will need this hardware id ( hwid ) when you install a license on new server/node or when you upgrade the license on an existing node for any reason, e.g. increasing the license from 20 vps support to 30 vps support or if you change the network card on the server.

This hardware id is located at /proc/vz/hwid and you can get the info using below command :

cat /proc/vz/hwid

e.g.

[root@vznode ~]# cat /proc/vz/hwid
1DF8.F514.74DB.1867.C81D.07B5.74A8.A38E
[root@vznode ~]#

In some cases it may report multiple ids, you should use the first one in that case. I will address installing licenses , checking limits and related issues on virtouzzo nodes in an another post.

Happy Licensing :)

Tags: , , , ,

Samba is normally used when you want to share disk space between Linux and Windows machines. The Network File System protocol (NFS) is used when disks/directories need to be shared between different Linux servers, and for that its a preferred choice.

The data storage disks on Linux  contain files stored in filesystems with a standardized directory structure.  The new  disks are added by attaching or mounting the directories of their filesystems to a directory of an already existing filesystem. This essentially makes the new hard disk to transparently appear as a subdirectory of the filesystem to which it is attached.

NFS was developed to allow a computer systems to access directories on remote computers by mounting them on a local filesystem as if they were a local disk. The systems administrator on the NFS server has to define the directories that need to be activated or exported for access by the NFS clients.

This helps if you have cluster of systems or if you are looking to keep some data like big videos or data collection on one shared file server and want clients to access them on central repository.

NFS is reasonably easy to setup. For the NFS server setup you will need install the nfs-utils and rpcbind rpm package. On CentOS , RHEL or any RHEL family distros that support yum, it can be installed as below :


yum install nfs-utils rpcbind

The main configuration file for nfs is /etc/exports , which essentially defines below three things :
– What will be exported
– To Whom it will be available
– The properties of export, like readonly or read-write etc

A sample /etc/export file will look like below :


/etc/exports
/data/files *(ro,sync)
/home 192.168.1.0/24(rw,sync)
/data/videos hostOne.domain.com(rw,sync)
/data/databases hostTwo.domain.com(rw,sync)

This /etc/exposts file does following :

– Exports /data/files to all network/systems with read-only option
– Exports /home to network 192.168.1.0/24 with read-write option
– Exports /data/videos to computer system hostOne.domain.com with read-write option
– Exports /data/databases to computer system hostTwo.domain.com with read-write option

There are other options as well that you can mention on either a per-host or per-network basis, including the no_root_squash option which will not prevent root on a client machine from writing files to the server as root; by default, NFS will map any requests from root on the client to the ‘nobody’ user on the server.

The other two files which control the exports on the server are /etc/hosts.allow and /etc/hosts.deny .
This is particularly necessary if you are using wildcards or broad network specifications in /etc/exports; using hosts.allow and hosts.deny you can fine-tune which clients do and don’t have access. For instance, you may add in /etc/hosts.deny:


portmap:ALL

and then in /etc/hosts.allow:

portmap: 192.168.1.1, 192.168.1.2, 192.168.1.3

This would only allow the hosts specified in /etc/hosts.allow to connect to the portmap service. You can get it more fine tuned and also add entries for lockd, rquotad, mountd, and statd.

Then you can start the NFS sharing on the server , which would require starting following services :

Finally, to start NFS sharing, on the server you need to start a few services:

( before starting the services they should be enabled on run level 3 to 5 , using chkconfig –level 35 SERVICENAME on )


service portmap start
service nfs start
service nfslock start
service rpcbind start

To check if the service is running correctly you can run below command , it will list the services and should list mountd , nfs and portmapper :


[root@LinuxServer tmp]# rpcinfo -p localhost
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100021 1 udp 1024 nlockmgr
100021 3 udp 1024 nlockmgr
100021 4 udp 1024 nlockmgr
100005 1 udp 1042 mountd
100005 1 tcp 2342 mountd
100005 2 udp 1042 mountd
100005 2 tcp 2342 mountd
100005 3 udp 1042 mountd
100005 3 tcp 2342 mountd
[root@LinuxServer tmp]#

To see what filesystems are exported you can use the 'exportfs' command, and when ever you make any changes to the /etc/exports then you will need to run 'exportfs -ra' so that NFS re-reads the configuration.

Now your NFS server is setup and ready to accept connections from the remote client. Testing can be done from the client by mounting one of the exported partitions , this can done in following way :

mkdir /mnt/files
ls /mnt/files
mount -t nfs 192.168.1.100:/data/files /mnt/files

If mount works and mounts the remote filesystem successfully then it means its all working correctly.

You can add the mount command to /etc/fstab to make sure the mounts remain after the reboots.

NFS is very easy to use and works pretty good and can be used to solve many sharing requirements.

Do try it , its easy and quick !

Tags: , , , , ,