When checking a server access logs, you may wnat to see how many time an IP is requesting pages. Here is the command:
grep 123.123.123.123 /usr/local/apache/logs/error_log | wc -l 1018
Category: Administration
I recently had a challenge to look at code. The IP was redirecting to another IP and after testing decided to check the code. This is in Plesk:
# find /var/www/vhosts/domain.com/httpdocs/ -type f -exec grep -H '216.xx.bb.cc' {} \;
And voila! There were 2 files with the hardcoded IP in the config file. This will also work with other strings as well.
Log into the Linux server as the user you are going to use to connect with ssh. Generate the key.
ssh-keygen -t rsa -b 4096 -C "email@domain.com" Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: SHA256:3/dDa9R+zzDpGNt/EU9Jusj/snbKt3+B8F+ULnxXtWk email@domain.com The key's randomart image is: +---[RSA 4096]----+ | | | ..| | o *| | . . E+| | S . = =o=| | . + * O=| | . + @.*| | .@ %=| | ++@+#| +----[SHA256]-----+
Now copy the id_rsa key to your Windows desktop. This can be done by copying and pasting the contents of the file or using an SCP client such as PSCP which is supplied with the PuTTY install or FileZilla.
After an upgrade from PHP 5.4 to 5.6, I received an error when I run an app update:
Your requirements could not be resolved to an installable set of packages.
Problem 1 – This package requires php >=5.6 but your PHP version (5.4.45) does not satisfy that requirement.
Issue:
The shell cli is currently running on php5.4. You will need to specify what version the shell will use. This can be done by running the following command.
# echo "alias php='/opt/plesk/php/5.6/bin/php'" >> ~/.bashrc
The guide from Plesk
https://support.plesk.com/hc/en-us/articles/115003766853-How-to-specify-PHP-version-on-the-Plesk-server-for-command-line-command-php-for-user-
You can confirm here:
# php -v PHP 5.6.35 (cli) (built: Mar 30 2018 12:52:22) Copyright (c) 1997-2016 The PHP Group
How to replace php 5.4 with php 5.6.
Before installing PHP 5.6, apply any existing updates available for your distribution:
# yum check-update # yum update
Also, this is a good moment to get (and save somewhere) a list of our installed packages (in case we need to rollback):
# rpm -qa |grep php php-mbstring-5.4.16-36.1.el7_2.1.x86_64 php-mysql-5.4.16-36.1.el7_2.1.x86_64 (...) php-gd-5.4.16-36.1.el7_2.1.x86_64 php-odbc-5.4.16-36.1.el7_2.1.x86_64
Download and install the “repos” package:
# wget http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
# rpm -Uhv remi-release-7.rpm
Now enable the repository in Yum by setting enable=1 for the remi-php56 repo:
# nano /etc/yum.repos.d/remi.repo (...) [remi-php56] name=Remi's PHP 5.6 RPM repository for Enterprise Linux 7 - $basearch mirrorlist=http://rpms.remirepo.net/enterprise/7/php56/mirror enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi (...)
Replace PHP 5.4 with PHP 5.6
Install the packages not as a Software Collection but as “Replacement Packages”:
# yum update
This yum update command should upgrade all our PHP packages. If it does not upgrade them or we don’t have PHP already installed, then do:
# yum --enablerepo=remi-php56 install php-cli
Yum will remove the old packages and install the new ones.
Now, restart services:
# systemctl restart httpd # systemctl restart nginx # systemctl restart php-fpm
if you receive an Nginx error, then you may need to reconfigure it. See: https://geekdecoder.com/install-nginx-centos-7/
First, you need to download the file using Wget and then install it using RPM on your system to enable the EPEL repository.
RHEL/CentOS 7 64 Bit
# wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm # rpm -ivh epel-release-latest-7.noarch.rpm
## RHEL/CentOS 6 64-Bit ##
# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm # rpm -ivh epel-release-6-8.noarch.rpm
Check the installation
# yum repolist *epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64
Now, install stress
# yum install stress
To test, first run the uptime command and note down the load average. Next, run the stress command to spawn 8 workers spinning on sqrt() with a timeout of 20 seconds. After running stress, again run the uptime command and compare the load average.
# uptime 16:39:03 up 1 day, 18:32, 1 user, load average: 0.15, 0.24, 0.14
sudo stress --cpu 8 --timeout 20 stress: info: [65429] dispatching hogs: 8 cpu, 0 io, 0 vm, 0 hdd stress: info: [65429] successful run completed in 20s
Now uptime again
# uptime 16:40:18 up 1 day, 18:34, 1 user, load average: 1.35, 0.59, 0.27
Spawn 8 workers spinning on sqrt() with a timeout of 30 seconds
]# uptime
16:41:52 up 1 day, 18:35, 1 user, load average: 0.28, 0.43, 0.24
[root@server rogerp]# sudo stress –cpu 8 -v –timeout 30s
stress: info: [65654] dispatching hogs: 8 cpu, 0 io, 0 vm, 0 hdd
stress: dbug: [65654] using backoff sleep of 24000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] –> hogcpu worker 8 [65655] forked
stress: dbug: [65654] using backoff sleep of 21000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] –> hogcpu worker 7 [65656] forked
stress: dbug: [65654] using backoff sleep of 18000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] –> hogcpu worker 6 [65657] forked
stress: dbug: [65654] using backoff sleep of 15000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] –> hogcpu worker 5 [65658] forked
stress: dbug: [65654] using backoff sleep of 12000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] –> hogcpu worker 4 [65659] forked
stress: dbug: [65654] using backoff sleep of 9000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] –> hogcpu worker 3 [65660] forked
stress: dbug: [65654] using backoff sleep of 6000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] –> hogcpu worker 2 [65661] forked
stress: dbug: [65654] using backoff sleep of 3000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] –> hogcpu worker 1 [65662] forked
stress: dbug: [65654] <-- worker 65659 signalled normally
stress: dbug: [65654] <-- worker 65658 signalled normally
stress: dbug: [65654] <-- worker 65660 signalled normally
stress: dbug: [65654] <-- worker 65656 signalled normally
stress: dbug: [65654] <-- worker 65655 signalled normally
stress: dbug: [65654] <-- worker 65657 signalled normally
stress: dbug: [65654] <-- worker 65662 signalled normally
stress: dbug: [65654] <-- worker 65661 signalled normally
stress: info: [65654] successful run completed in 30s
[root@server rogerp]# uptime
16:43:10 up 1 day, 18:37, 1 user, load average: 1.87, 1.06, 0.49
[/bash]
One of the most common requests and inquirys is “Do I have the …xyz package or program installed?” Here is how to check.
Ubuntu/Debian
List all packages
# dpkg -l | less
# dpkg -s apache-perl
To check whether a package is installed or not:
dpkg -l | grep vlc
Use file /var/lib/dpkg/available to find out all package names available to you. Or use following command (list all packages in /var/lib/dpkg/status):
# dpkg-query -l
You can also try to match package name using wild cards:
# dpkg-query -l 'libc6*'
Use the following command to get exact status (whether it is installed or not):
# dpkg-query -W -f='${Status} ${Version}\n' apache-perl
CentOS and RPM based Distros
Under Red Hat/Fedora/CentOS/Suse Linux use the rpm command:
# rpm -qa | grep {package-name}
For example find out package mutt installed or not:
# rpm -qa | grep mutt
On a CentOS/RHEL use the following yum command to tell whether a package named htop is installed:
# yum list installed {PACKAGE_NAME_HERE}
[/bash]
# yum list installed htop
Here is a way to see what IP’s are accessing the website domain.com. Find the location of the access logs.
In a cpanel account:
# cd /home/domain.com/access-logs
Now run the following on the access logs…
# cat domain.com | awk '{print $1}' | sort | uniq -c | sort -rn | head
Here is the readout:
24 72.178.xxx.xx 18 216.xx.xxx.161 1 216.55.xxx.xx
If you do see excessive bots, try adding in a crawl rate/delay for the site with Bing Webmaster tools, Google Webmaster tools as well as setting that up in robots.txt ). Webcrawlers can carelessly crawl the site and hit it hard, just to index pages.
A good way to check the connectons to mail ports is to use netstat:
# netstat -anp | grep :25 tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2170/master tcp6 0 0 :::25 :::* LISTEN 2170/master
# netstat -anp | grep :465 tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 2170/master tcp6 0 0 :::465 :::* LISTEN 2170/master
# netstat -anp | grep :587 tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 2170/master tcp6 0 0 :::587 :::* LISTEN 2170/master
Knowing how to Whitelist and Blacklist IPs in your firewall can be very important when you want to allow or deny connection to your server, based on an IP address. Below we will cover how to allow and deny connections from IPs in IP Tables, Firewalld, and UFW.
IPTables:
Allowing or Denying connections from IPs in IP Tables is quite simple. To accept the connection, or whitelist the IP, you would use the following command (where 1.1.1.1 is the IP you want to allow through the Firewall):
# sudo iptables -A INPUT -s 1.1.1.1 -j ACCEPT
Denying the IP is very similar, just changing ACCEPT to DROP:
# sudo iptables -A INPUT -s 1.1.1.1 -j DROP
You can also change DROP or REJECT if you want your server to respond back to the request with a Rejection instead of just dropping the traffic all together.
Firewalld:
To whitelist IPs on Firewall-CMD, we’ll want to use the –add-source flag. We can whitelist an IP or an IP Subnets via the following commands:
# firewall-cmd --permanent --zone=public --add-source=1.1.1.1
Range:
# firewall-cmd --permanent --zone=public --add-source=1.1.0.0/16
Blocking an IP is a bit difficult, as it requires a more complex command. The command that you would want to use to block traffic from an IP would be:
# firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=1.1.1.1 reject"
Range:
# firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=1.1.0.0/16 reject"
We can also view all of the whitelisted IPs in our zone via:
# firewall-cmd --permanent --zone=public --list-sources
UFW:
Allowing and blocking IPs in UFW is very simple and straight forward. We can allow connections from a specific IP via the following command:
# sudo ufw allow from 22.33.44.55
Blocking and IP is just as simple, with the following command:
# sudo ufw deny from 22.33.44.55