Home Blog Page 9

Fixing time drift in the servers (syncing with time servers)


Sometimes the clock in the system may shows some drift ( lagging or leading) in time.  We can fix this by adjusting the tick rate in the server.

1. Compare the system time with that of any timeserver. You can use any of  the following command for this.

rdate -p rdate.cpanel.net ;date


rdate -p rdate.darkorb.net ;date

Here rdate prints the time in remote timeserver( rdate.cpanel.net or rdate.darkorb.net) and date will print the current system time.

2. To synchronize the time with remote server issue the following commands.

rdate -s rdate.cpanel.net ;date


rdate -s rdate.darkorb.net ;date

3. Now set the hardware clock in the server. Execute the following command for this.

hwclock –systohc

4. Now execute the same command (step1) after one or two minutes and see the drift in time. Check whether it increases or decreases.

5. Find the current tick rate using the following command. By default this will be 10000. You can interpret this as  10000 ticks causes one second in the server.

tick = 10000

6. If the the time drift increases positively you need to reduce the tick rate. You can adjust the tick rate using the following command.

tickadj 9995
tick = 9995

7. Continue the above steps until the issue resolved.



To fix the time drift issue, you can put a cronjob to sync the time with the time server.

Add the following entry in cronjob ( type crontab -e to edit cron jobs)

*/5 * * * * rdate -s rdate.cpanel.net;/sbin/hwclock -w >/dev/null 2>&1


*/5 * * * * rdate -s rdate rdate.darkorb.net;/sbin/hwclock -w >/dev/null 2>&1

Originally posted 2016-03-06 01:50:41.

Exim Error: Ratelimit database not available


If you find any of the following errors below in your /var/log/exim_mainlog log file. The fix below should resolve these errors
2013-12-22 03:16:00 Failed to get write lock for /var/spool/exim/db/ratelimit.lockfile: timed out
2013-12-22 03:16:00 H=[]:13468 temporarily rejected connection in "connect" ACL: ratelimit database not available

To fix these error , the exim cache database on the server needs to be flushed to stop this message.

Run the folllowing command on root:
[email protected] [~]# rm -fv /var/spool/exim/db/*
removed `/var/spool/exim/db/ratelimit’
removed `/var/spool/exim/db/ratelimit.lockfile’
removed `/var/spool/exim/db/retry’
removed `/var/spool/exim/db/retry.lockfile’
removed `/var/spool/exim/db/wait-dk_remote_smtp’
removed `/var/spool/exim/db/wait-dk_remote_smtp.lockfile’
removed `/var/spool/exim/db/wait-remote_smtp’
removed `/var/spool/exim/db/wait-remote_smtp.lockfile’

Then run the following command on root:
[email protected] [~]# service exim restart

If this doesn’t work , then run /scripts/upcp –force on the server and then check exim_mainlog for the changes.

Originally posted 2016-03-06 01:50:40.

Linux: Bash Find Matching All Dot Files


A dot-file is generally any file whose name begins with a full stop. In Linux it is also called as hidden file. How do I list all dot files in my home directory?

You can use the ls command to list all dot files in your current directory:

ls  .*

Sample outputs:

.bash_history  .bash_profile  .bashrc  .lesshst  .profile  .viminfo
checkfs  checkroot  interfaces	interfaces.new	scripts  securedata.keyfile
lost+found  root  root.user.only
cache  config
nas01-csh  nas01-fish  nas01-sh
id_rsa	id_rsa.pub  known_hosts

Another option is to use the find command:
$ find . -name ".*"
Sample outputs:


To list only matching dot files, enter:
$ find . -type f -name ".*"
Sample outputs:


To list only matching dot directories, enter:
$ find . -type d -name ".*"
Sample outputs:


Originally posted 2016-03-05 01:32:24.

List of cPanel Default Ports


The cPanel/WHM is one of the best control panel in this field. The simplicity itself, is the important point for this control panel. We already discussed a lot of topics for cPanel. The installation steps are also quite simple.

In computer networking, a port is a software construct serving as a communications endpoint in a computer’s host operating system. A port is always associated with an IP address of a host and the protocol type of the communication. Here are all default open ports in cPanel server. You must open all of these ports in the server firewall to run the cPanel perfectly. These default ports are configured as opened in the firewall like CSF for a cPanel server. Here we go:

20	FTP
21	FTP
22	SSH
37	rdate
587     SMTP
110	POP3
143	IMAP4
783	SpamAssassin
995	POP3 SSL
2095	Webmail
2096	Webmail SSL
53	DNS
3306	MySQL
2077	WebDAV
2078	WebDAV SSL
43	whois
113	ident
873	rsync
6666	IRC
2082	cPanel
2083	cPanel SSL
2086	WHM
2087	WHM SSL
2089	cPanel license

Originally posted 2016-03-04 01:23:37.

Install PNP4Nagios on Centos

The installation of PNP will be described in more detail. It is expected that nagios was compiled from source and is located in /usr/local/nagios.
Attention: The description applies to the developer version PNP 0.6.0.
Please note that PNP has to be configured after the installation.

Make and more

The installation of PNP is controlled by makefiles. The system is analyzed after invocation of ./configure and the detected values are tranferred to makefiles.

Please unpack PNP as user root:

wget http://sourceforge.net/projects/pnp4nagios/files/PNP-0.6/pnp4nagios-0.6.16.tar.gz/download
tar -xvzf pnp4nagios-0.6.16.tar.gz
cd pnp4nagios-0.6.16

By default rrdtool is not included in CentOS. You may need to install it for monitoringpurpose. You can either use source to compile or install using rpm.

To install using rpm all you need is following two commands.

For 32 bit systems

rpm -ivh http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.5.2-2.el5.rf.i386.rpm

For 64 bit systems

rpm -ivh http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
yum install rrdtool -y

./configure is to be called from the directory pnp4nagios.


Note: Without specifying any options user and group will be “nagios”. If you have different values then please use the parameters ”–with-nagios-user” and ”–with-nagios-group”, respectively. Using Icinga the call might be

./configure --with-nagios-user=icinga --with-nagios-group=icinga

Some lines run across the screen. The output at the end is important.

*** Configuration summary for pnp4nagios-0.6.16 11-21-2011 ***
General Options:
 ------------------------- -------------------
 Nagios user/group: nagios nagios
 Install directory: /usr/local/pnp4nagios
 HTML Dir: /usr/local/pnp4nagios/share
 Config Dir: /usr/local/pnp4nagios/etc
 Location of rrdtool binary: /usr/bin/rrdtool Version 1.4.4
 RRDs Perl Modules: FOUND (Version 1.4004)
 RRD Files stored in: /usr/local/pnp4nagios/var/perfdata
 process_perfdata.pl Logfile: /usr/local/pnp4nagios/var/perfdata.log
 Perfdata files (NPCD) stored in: /usr/local/pnp4nagios/var/spool
Web Interface Options:
 ------------------------- -------------------
 HTML URL: http://localhost/pnp4nagios
 Apache Config File: /etc/httpd/conf.d/pnp4nagios.conf
 Review the options above for accuracy. If they look okay,
 type 'make all' to compile.

The paths shown should be checked. If the displayed values aren’t correct you can change them calling ./configure with appropriate options.

Attention: “Location of rrdtool binary” means path including name of binary! If necessary it can be specified using the following syntax:

 ./configure --with-rrdtool=/usr/local/rrdtool-1.2.xx/bin/rrdtool
 ./configure --help

shows the supported options.


 make all

compiles the components like NPCD which are written in C

 make install

copies everything to the right places in the file system. The paths were already shows during ./configure.

After the installation of the program and HTML files you can copy a sample Apache configuration file to your web-server config directory

 make install-webconf

You can call

 make install-config

optionally. This way config files for process_perfdata.pl and npcd are copied to etc/pnp.

To install the NPCD Init script call

 make install-init

All these steps are combined in

 make fullinstall

Attention: After copying the configuration file for the web server you have to restart the web server (service httpd restart or /etc/init.d/apache2 restart, respectively).

Originally posted 2016-03-03 01:05:58.

How to Install and Configure maldet (Linux Malware Detect – LMD)

Maldet also known as Linux Malware Detect virus scanner for Linux.

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

To install LMD, download the package and run the enclosed install.sh script
Download maldetect package using wget

Go to the below path
cd /usr/local/src/

Download the tar file using the below link:
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

Extract the file using the below command
tar -xzf maldetect-current.tar.gz

go to the maldet folder
cd maldetect-*

Now, run the below command to install maldet.
sh ./install.sh or sudo sh ./install.sh

It will give below output
Linux Malware Detect v1.3.4
(C) 1999-2010, R-fx Networks <[email protected]>
(C) 2010, Ryan MacDonald <[email protected]>
inotifywait (C) 2007, Rohan McGovern <[email protected]>
This program may be freely redistributed under the terms of the GNU GPL

installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
cron.daily: /etc/cron.daily/maldet

maldet(32517): {sigup} performing signature update check…
maldet(32517): {sigup} local signature set is version 2010051510029
maldet(32517): {sigup} latest signature set already installed

Step 3: Configuring LMD

By default all options are fully commented in the configuration file, so configure it according to your needs. But before making any changes let’s have a detailed review of each option below.

  1. email_alert : If you would like to receive email alerts, then it should be set to 1.
  2. email_subj : Set your email subject here.
  3. email_addr : Add your email address to receive malware alerts.
  4. quar_hits : The default quarantine action for malware hits, it should be set 1.
  5. quar_clean : Cleaning detected malware injections, must set to 1.
  6. quar_susp : The default suspend action for users wih hits, set it as per your requirements.
  7. quar_susp_minuid : Minimum userid that can be suspended.

Open file /usr/local/maldetect/conf.maldet and make changes according to your needs
nano /usr/local/maldetect/conf.maldet

To update the maldet use the below commands.
maldet -u or maldet -d

To scan the files. perticular user
maldet -a /home/username/

It will scan all the files and provide you the output.

To scan all user under public_html paths under /home*/ this can be done with:
[email protected][~]# maldet --scan-all /home?/?/public_html

[email protected][~]-maldet --scan-all /home

To scan the same path but the content that has been created/modified in the last 5 days:
[email protected][~]# maldet --scan-recent /home?/?/public_html 5

To scan but forget to turn on the quarantine option, you could quarantine all malware results from a previous scan with:
[email protected][~]# maldet --quarantine SCANID

If you wanted to attempt a clean on all malware results from a previous scan that did not have the feature enabled, you would do with.
[email protected][~]# maldet --clean SCANID

If you had a file that was quarantined from a false positive or that you simply want to restore (i.e: you manually cleaned it), you can use the following:
[email protected][~]# maldet --restore config.php.2384
[email protected][~]# maldet --restore /usr/local/maldetect/quarantine/config.php.2384

Originally posted 2016-03-02 00:52:32.

How To Install Transmission BitTorrent Client on CentOS 6

In this tutorial we will show you how to install and configuration of Transmission on your CentOS 6 server. For those of you who didn’t know, Transmission BitTorrent Client features a simple interface on top of a cross-platform back-end. Transmission is licensed as a free software under the terms of the GNU General Public License (GPL), with parts under the MIT License. Transmission, like any other BitTorrent client allows users to download files from the Internet and upload their own files or torrents. By grabbing items and adding them to the interface, users can create queues of files to be downloaded and uploaded.

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple. I will show you through the step by step installation Transmission on CentOS 6.

Step 1. First, you need to enable EPEL repository on your system.

## RHEL/CentOS 6 64-Bit ##
wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
## RHEL/CentOS 6 32-Bit ##
wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm

Step 2. Install Transmission.

yum -y upgrade
yum -y install transmission transmission-daemon

Step 3. Configure Transmission.

Edit the settings.json file.

find / -name settings.json
nano /var/lib/transmission/.config/transmission/settings.json
"rpc-authentication-required": true,
"rpc-enabled": true,
"rpc-password": "mypassword",
"rpc-username": "mysuperlogin",
"rpc-whitelist-enabled": false,

Step 4. Start Transmission

service transmission start

Step 5. Accessing Transmission.

Transmission will be available on HTTP port 9091 by default. Open your favorite browser and navigate to http://yourdomain.com:9091 or http://server-ip:9091. You should be greeted with the Transmission WebUI. After logging in, you will notice that the value for the rpc-password inside the settings.json file will be hashed. If you are using a firewall, please open port 80 to enable access to the control panel.

You have successfully installed Transmission! Now, run the following command to view Transmission’s help guide:

transmissioncli -h

Congratulation’s! You have successfully installed Transmission. Thanks for using this tutorial for installing Transmission BitTorrent Client on CentOS 6 system. For additional help or useful information, we recommend you to check the official Transmission web site.

Originally posted 2017-02-03 08:05:12.

ConfigServer Firewall : Error starting CSF /sbin/ifconfig (ifconfig binary location) -v does not exist!

Having such issue starting/stopping CSF on RHEL/CentOS 7?

# csf -x

*WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny

You have an unresolved error when starting csf:
Error: /sbin/ifconfig (ifconfig binary location) -v does not exist!, at line 2510 in /usr/sbin/csf
You need to restart csf successfully to remove this warning, or delete /etc/csf/csf.error

This is caused by missing packages on your system. Basically the command “ifconfig” and LWP Perl module are absent from your system.

To resolve this matter, just install the missing packages with Yum as followed :

yum install net-tools perl-LWP-Protocol-https

Then delete CSF error file :

rm -f /etc/csf/csf.error

Originally posted 2017-02-02 21:08:14.

Error: Could not open command file ‘/usr/local/nagios/var/rw/nagios.cmd’ for update!

If you’re updating nagios, and/or you are trying to reschedule checks manually, and you get the error below:

Error: Could not open command file ‘/usr/local/nagios/var/rw/nagios.cmd’ for update!

Then it means that the permissions on the folder are messed up. Don’t bother setting up the permissions on the file itself, nagios.cmd,  since that file gets recreated very often, so:

chown nagios.nagcmd /usr/local/nagios/var/rw 
chmod g+rwx /usr/local/nagios/var/rw 
chmod g+s /usr/local/nagios/var/rw

This should get you up and running without problems.

Originally posted 2016-03-01 00:43:51.

How to install cron (crond, crontab)

Are you looking for crontab on a new install of CentOS 5? Well if you do a custom installation and don’t select anything then it will not be installed by default. In order to install it there just needs to be one package installed. See the below commands to install and setup crontab.

Use this command to install crontab, start the cron daemon, and turn it on at startup.

yum install vixie-cron crontabs
/sbin/chkconfig crond on
/sbin/service crond start

To edit crontab entries use the following command which will open up the crontab editor in vi the default text editor.

crontab -e

set default editor for crontab

export EDITOR=/usr/bin/nano

Originally posted 2016-02-29 00:42:04.