Home Blog

ConfigServer Firewall : Binary location for [/usr/bin/host] in csf.conf is either incorrect, is not installed or is not executable

The following error may occur while reloading CSF (csf -r) :

*WARNING* Binary location for [HOST] [/usr/bin/host] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will break csf and lfd functionality

In this particular case, CSF was installed on a CentOS 7 server and there wasn’t any “host” executable under /usr/bin.

To resolve this issue, just install the missing package which is provided by Bind Utilities (bind-utils) :

yum install bind-utils

Originally posted 2017-01-30 21:06:28.

Linux / UNIX: Create Large 1GB Binary Image File With dd Command

How do I create 1 GB or 10 GB image file instantly with dd command under UNIX / Linux / BSD operating systems using a shell prompt?

You can use dd command to create image files for network or file system testing. First, make sure you’ve sufficient disk space to create a image file using dd:


$ df -H
To create 1MB file (1024kb), enter:
$ dd if=/dev/zero of=test.img bs=1024 count=0 seek=1024
To create 10MB file , enter:
$ dd if=/dev/zero of=test.img bs=1024 count=0 seek=$[1024*10]
To create 100MB file , enter:
$ dd if=/dev/zero of=test.img bs=1024 count=0 seek=$[1024*100]
$ ls -lh test.img

To create 10GB, file:
$ dd if=/dev/zero of=10g.img bs=1000 count=0 seek=$[1000*1000*10]
Sample output:

0+0 records in
0+0 records out
0 bytes transferred in 0.000014 secs (0 bytes/sec)

Verify file size (note bs factor in original dd command):
$ ls -lh 10g
-rw-r–r– 1 root wheel 9.3G Jun 2 12:07 10g.img

Originally posted 2016-02-26 00:11:21.

CentOS: yum Command Reinstall Package


How do I re-install a package using the yum command under CentOS Linux server?

You can use the yum command with the reinstall option. This will reinstall the identical versioned package as currently installed. The syntax is as follows:

yum reinstall packageName
yum reinstall packageName1 packageName2

In this example reinstall a package called keepalived, type:
# yum reinstall keepalived
Sample outputs:

Loaded plugins: product-id, rhnplugin, subscription-manager
Updating certificate-based repositories.
Setting up Reinstall Process
Resolving Dependencies
--> Running transaction check
---> Package keepalived.x86_64 0:1.2.2-2.el6 will be reinstalled
--> Finished Dependency Resolution
Dependencies Resolved
 Package                             Arch                            Version                                 Repository                     Size
 keepalived                          x86_64                          1.2.2-2.el6                             epel                          147 k
Transaction Summary
Reinstall     1 Package(s)
Total download size: 147 k
Installed size: 380 k
Is this ok [y/N]: y
Downloading Packages:
keepalived-1.2.2-2.el6.x86_64.rpm                                                                                         | 147 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : keepalived-1.2.2-2.el6.x86_64                                                                                                 1/1
Installed products updated.
  keepalived.x86_64 0:1.2.2-2.el6

Originally posted 2016-02-24 23:55:53.

Nginx Redirect URL With HTTP/1.1 301 Moved Permanently Header

How do I redirect old ugly urls such as http://example.com/store/view.jsp?product=foo with clean url – http://example.com/store/view/product/foo using nginx reverse proxy?

You need to use HttpRewriteModule under nginx web server. This module makes it possible to change URI using regular expressions (PCRE), and to redirect and select configuration depending on variables. The syntax is as follows to chage URI in accordance with the regular expression and the replacement string.

rewrite regex replacement flag

Please note that directives are carried out in order of appearance in the configuration file. Here is sample configuration for the same:

# rewrite urls
rewrite ^/store/view/product/(.*) /store/view.jsp?product=$1  permanent;
## Uncomment the following line to redirect old urls with HTTP/301 ##
# rewrite "^/store/view.jsp?product=(.*)$" ^/store/view/product/$1 permanent;

Here is another example with try_files directive which checks for the existence of files in order, and returns the first file that is found:

### Add inside server { ... } directive block ###
### Only works with Nginx version 0.7.65+ ###
        location / {
                index store.php;
                try_files $uri $uri/ @ourcleanurls;
        # rewrite urls #
        location @ourcleanurls {
                rewrite ^/media/(.*) /includes/cache/helper.php?m=$1&images=1 last;
                rewrite ^/css/(.*) /includes/cache/helper.php?m=$1&css=1 last;
                rewrite ^/js/(.*) /includes/helper.php?m=$1&js=1&c=false last;
                rewrite ^/(.*) /store.php?pid=$1 last;

You need to reload the nginx server using the following command:
# /usr/local/nginx/sbin/nginx -s reload

How Do I Test New Changes?

You can use the curl command to test new changes including HTTP/1.1 301 Moved message:
$ curl -I http://example.com/store/view/product/foo
$ curl -I http://example.com/store/view.jsp?product=foo

Originally posted 2016-02-23 23:39:21.

Migrate from Mysql to MariaDB in cPanel/WHM

MariaDB is “An enhanced, drop-in replacement for MySQL”. Below you will find some steps on how to affectively stop cPanel/WHM from maintaining MySQL and begin utilizing MariaDB for any and all database activity on your server but please note that, cPanel/WHM no longer maintains MySQL on your system it is on the Systems Administrator to manage and maintain any updates and maintenance on the database software. We recommend only experienced systems administrators perform the steps below and we are not responsible for any possible data loss.

Step 1: Backup existing MySQL data

Make sure to save all existing data just in case there are any issues.

cp -Rf /var/lib/mysql /var/lib/mysql-old
mv /etc/my.cnf /etc/my.cnf-old

Step 2: Disable the targets so cPanel no longer handles MySQL updates

The following will mark the versions of MySQL we distribute as uninstalled so they are no longer maintained by cPanel/WHM

/scripts/update_local_rpm_versions --edit target_settings.MySQL50 uninstalled
/scripts/update_local_rpm_versions --edit target_settings.MySQL51 uninstalled
/scripts/update_local_rpm_versions --edit target_settings.MySQL55 uninstalled

Step 3: Remove existing MySQL RPM’s so theres a clean slate for MariaDB

Important: The below command will uninstall the MySQL RPM’s!

/scripts/check_cpanel_rpms --fix --targets=MySQL50,MySQL51,MySQL55
[20130623.211100]   The following RPMs are unneeded on your system and should be uninstalled:
[20130623.211100]   MySQL55-client.5.5.31-1.cp1136
[20130623.211100]   MySQL55-devel.5.5.31-1.cp1136
[20130623.211100]   MySQL55-server.5.5.31-1.cp1136
[20130623.211100]   MySQL55-shared.5.5.31-1.cp1136
[20130623.211100]   MySQL55-test.5.5.31-1.cp1136
[20130623.211100]   Removing 0 broken rpms: 
[20130623.211100]   rpm: no packages given for erase
[20130623.211100]   No new RPMS needed for install
[20130623.211100]   Uninstalling unneeded rpms: MySQL55-test MySQL55-server MySQL55-client MySQL55-shared MySQL55-devel

Step 4: Create a yum repository for MariaDB

Access https://downloads.mariadb.org/mariadb/repositories and select the DISTRO and place the repo content to /etc/yum.repos.d/MariaDB.repo

EX (In my cause):

#nano /etc/yum.repos.d/MariaDB.repo

# MariaDB 5.5 CentOS repository list - created 2013-06-23 21:13 UTC
# http://mariadb.org/mariadb/repositories/
name = MariaDB
baseurl = http://yum.mariadb.org/5.5/centos6-amd64

Step 5: install MariaDB using the  following command

yum install MariaDB-server MariaDB-client MariaDB-devel

##If you are having any dependency problem, please remove php from the /etc/yum.conf file and then run yum  command again. Please add it back to yum conf once the package is installed. 

/etc/init.d/mysql start
/etc/init.d/mysql restart

Final Step: Rebuild easyapache/php to ensure modules are intact/working

/scripts/easyapache --build


Originally posted 2016-02-22 23:25:29.

Install EPEL Repo on a CentOS and RHEL 7

How do I install the extra repositories such as Fedora EPEL repo on a Red Hat Enterprise Linux server version 7.x or CentOS Linux server version 7.x?

You can easily install various packages by configuring a CentOS 7 or RHEL 7 system to use Fedora EPEL repos and third party packages. Please note that these packages are not officially supported by either CentOS or Red Hat, but provides many popular packages and apps.

How to install RHEL EPEL repository on Centos 7 or RHEL 7

The following instuctions assumes that you are running command as root user on a CentOS/RHEL 7 system and want to use use Fedora Epel repos.

Install the extra EPEL repositories

The command is as follows to download epel release for CentOS and RHEL 7 using wget command:

cd /tmp
wget http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm
ls *.rpm

To install epel-release-7-0.2.noarch.rpm, type:

sudo yum install epel-release-7-0.2.noarch.rpm

Sample outputs:

Loaded plugins: amazon-id, rhui-lb
Examining epel-release-7-0.2.noarch.rpm: epel-release-7-0.2.noarch
Marking epel-release-7-0.2.noarch.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-0.2 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
 Package             Arch          Version         Repository                         Size
 epel-release        noarch        7-0.2           /epel-release-7-0.2.noarch         22 k
Transaction Summary
Install  1 Package
Total size: 22 k
Installed size: 22 k
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : epel-release-7-0.2.noarch                                               1/1
  Verifying  : epel-release-7-0.2.noarch                                               1/1
  epel-release.noarch 0:7-0.2

List your new repos

Once installed you should see epel repo using the following yum repolist command
$ sudo yum repolist
Sample outputs:

Loaded plugins: amazon-id, rhui-lb
repo id                                         repo name                            status
epel/x86_64                                     Extra Packages for Enterprise Linux  4,444
rhui-REGION-client-config-server-7/x86_64       Red Hat Update Infrastructure 2.0 Cl     1
rhui-REGION-rhel-server-releases/7Server/x86_64 Red Hat Enterprise Linux Server 7 (R 4,457
repolist: 8,902

Search and install package

To list all available packages under a repo called epel, enter:
$ sudo yum --disablerepo="*" --enablerepo="epel" list available
$ sudo yum --disablerepo="*" --enablerepo="epel" list available | grep 'package'
$ sudo yum --disablerepo="*" --enablerepo="epel" list available | less

Example: Search and install htop package from epel repo on a CentOS/RHEL 7.x

The commands are as follows:

## search it ##
sudo yum search htop
## get more info, if found ##
sudo yum info htop
## install it ##
sudo yum install htop

And, there you have it, a larger number of packages to install from EPEL repo on a CentOS and Red Hat Enterprise Linux (RHEL) version 7.x.

Originally posted 2016-02-21 23:12:55.

Linux: Finding and locating files with find command part # 2


In the first part we talked about find command basic usage.

Now let us see how to use find command
(a) To gain lots of useful information about users and their files

(b) Monitor and enhance the security of system using find command

Finding all set user id files

setuid (“suid”) and setgid are access right flags that can be assigned to files and directories on a Unix based operating system. They are mostly used to allow users on a computer system to execute binary executables with temporarily elevated privileges in order to perform a specific task.
# find / -perm +u=s
# find / -perm +4000

Finding all set group id files

# find / -perm +g=s
# find / -perm +2000

Finding all large directories

To find all directories taking 50k (kilobytes) blocks of space. This is useful to find out which directories on system taking lot of space.
# find / -type d -size +50k


Finding all large files on a Linux / UNIX

# find / -type f -size +20000k


However my favorite hack to above command is as follows:
# find / -type f -size +20000k -exec ls -lh {} \; | awk '{ print $8 ": " $5 }'

/var/log/kern.log: 22M
/sys/devices/pci0000:00/0000:00:02.0/resource0: 128M
/sys/devices/pci0000:00/0000:00:00.0/resource0: 256M
/opt/03Jun05/firefox-1.0.4-source.tar.bz2: 32M

Above command will find all files block size greater than 20000k and print filename followed by the file size. Output is more informative as compare to normal find command output 😀

Originally posted 2016-02-20 22:56:28.

Install and Configure CSF (Config Server Firewall) on CentOS/Cpanel

CSF : It is the abbreviation of Config Server Security & Firewall. CSF is for configuring or managing your server firewall easily and simply. Here is some useful steps to Install , configure and uninstall csf on server with CentOS.

Installation Process:
SSH to your server and do the following steps as root user.
Step 1: Downloading csf package.

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz

Step 2: Remove already installed firewall settings
Execute the following command to remove already installed firewall like APF (Advanced Policy Firewall) or BFD (Brute Force Detection) from server.

[[email protected] #] sh /tmp/csf/remove_apf_bfd.sh 

Step 3: Installation

[[email protected] #] tar -xzf csf.tgz 
[[email protected] #] cd csf 
[[email protected] #] sh install.sh 

You will get an output like below pasted if that was a successful installation.

*WARNING* TESTING mode is enabled - do not forget to disable it in the configuration
`/etc/csf/csfwebmin.tgz' -> `/usr/local/csf/csfwebmin.tgz'

Installation Completed

Then, check whether your server have required IP tables modules by using the following command.

[[email protected] #] perl /usr/local/csf/bin/csftest.pl 

Step 4: Configure CSF
Once the installation process is completed we need to enable the csf to work it properly. ‘csf -e’[csf -x for disabling csf] command is using to enable csf on server.

[[email protected] csf]# csf -e
Starting lfd:[  OK  ]
csf and lfd have been enabled
*WARNING* TESTING mode is enabled - do not forget to disable it in the configuration

The ‘csf -e’ output sounds, the csf is configured in testing mode on your server. You need to edit the conf file for enabling it.

[[email protected] #] vim /etc/csf/csf.conf
Then change the value of 'TESTING' from 1 to 0

Important configuration options
All cofiguration options are located under the directory “/etc/csf” . Some usefull and importent configuration files are listed below.

csf.conf : Configuration file for controlling CSF.
csf.allow : Allowed IP’s and CIDR addresses list on the firewall.
csf.deny : Denied IP’s and CIDR addresses list on the firewall.
csf.ignore : Ignored IP’s and CIDR addresses list on the firewall.
csf.*ignore : The list of various ignore files of users, IP’s.

Removing csf and lfd is even more simple:

cd /etc/csf
sh uninstall.sh

Originally posted 2016-02-19 22:55:48.

How to Install MongoDB on CentOS and cPanel

MongoDB is one of those technologies that you should be paying attention to because it’s changing the way that developers interact with databases.

MongoDB is officially a “NoSQL” database. Thanks to its architecture and BSON structure, it can scale more easily than other popular database servers like MySQL.

MongoDB helps you to integrate database information into your apps easier and faster. That’s why it’s becoming the number one NoSQL solution, chosen by many popular websites like eBay, NY Times, SourceForge and many others.

In this guide, you will learn how to install MongoDB on a WHM/cPanel WHM server.

Technical requirements

  • Root access via SSH
  • PHP-pear for full pecl support
  • PHP-devel package installed to compile extension manually

Installing MongoDB via MongoDB Repo

There are lot of RPM repos that offer MongoDB packages. It is recommended to always use the MongoDB official repo to get the latest stable and secure versions.

Install the MongoDB repo:

cd /etc/yum.repos.d

Create mongodb.repo file:

nano -w mongodb.repo

Paste this code inside:

name=MongoDB Repo

Save the file by pressing CTRL + O to write the file, and then CTRL + X to exit.

Install MongoDB using Yum

yum install mongo-10gen mongo-10gen-server

At this point, you should have MongoDB installed on your CentOS + cPanel box.

Configure MongoDB to automatically start after reboot:

chkconfig mongod on

Start MongoDB:

service mongod start

Now, you should have the MongoDB system daemon fully running on your Linux environment. However, that’s not enough for most applications, as addressed by the second part of this tutorial,  installing the MongoDB app support for PHP.

Install MongoDB PHP Extension

Use the powerful PECL command to install your MongoDB PHP extension:

pecl install mongo

Restart Apache to apply changes:

service httpd restart

Verify installation with this command:

php -i | grep mongo -i

If you see the MongoDB extension in the output, then you are all set!

What if you don’t have the PECL command available?

There is an alternative way to install the MongoDB PHP extension by compiling manually. Example:

mkdir $HOME/mongo
cd $HOME/mongo
wget https://github.com/mongodb/mongo-php-driver/zipball/master
unzip master
cd mongodb-mongo-php-driver-07be50e/
make install

Add the extension to your /usr/local/lib/php.ini file:


Restart Apache to ensure that this module is recognized by the web server:

service httpd restart

Again, check against PHP to ensure that it is fully loaded:

php -i | grep mongo -i

What are your experiences working with MongoDB? Do you notice any difference when comparing this software with MySQL or other traditional SQL solutions?

Originally posted 2016-02-18 22:47:49.

Log the Total Number of Connections to a Port From an IP Address

Is there any log entries to find-out directly the total number of connections in server?

In some high connection high load servers, this log would be helpful to monitor and tune the server with number of connections on it. We can simply sort out the total number of connections in a port by using the command netstat. There isn’t any log entries with total number of connections. But, we will get the history of resource usage information by installing sar (Systat) on the server. Then, we can create a cronjob to monitor the server connections. In this post I am explaining the method to create a log for total number of connection to server. Before creating a script and setting cron, you must have the idea to use the command “netstat” to list total number of connections in server.

By considering the service Apache, we can sort it by using the port 80.

netstat -ntlp|grep :80|wc -l


netstat -ntlp|grep :80|wc -l

If you want to monitor the total connection to your Apache service at times, create a cronjob to save this to a file as a log. Here I am using the command “date” to get the time details when the “netstat” taking the connection log. Please do follow these steps to create a log with connection details.

Step 1 : Create a file to get the log.

touch connection.txt

Step 2 : Create a script for the same.

2.1 –> Use the command ‘date’ for time details.
2.2 –> Use ‘echo’ to print your instructions.
2.3 –> Use ‘netstat’ for connection details.


echo "Time"
echo "Total no: of connection in port 80"
netstat -ntlp|grep :80|wc -l
echo ""

Step 3 : Change the file permission as executable.

chmod 755 connections.log

Step 4 : Test the script from the location.

Fri Jul 18 01:11:02 MSD 2014
Total no: of connection in port 80

Step 5 : Create a file to log the connection information.

touch connections.log

Step 6 : Create a cronjob to execute this periodically.

crontab -e

*/30 * * * * /root/connection.txt >> connections.log


This will save the total number of connections to the file connections.log.

Sample output

Originally posted 2016-02-17 22:39:39.