Enabling second level quotas on openVZ/virtuozzo/VPS

Many VPS hosting providers have quota issue with their VPS provided to customers, they always get complaints regarding the quotas especially on cPanel/WHM based servers. As cPanel/WHM based servers require File system quotas must be enabled to calculate Disk space usage for the hosted accounts and this very important to get this issue fixed in order to limit the disk space usage for any hosted account.installing cpanel/WHM

Following below instructions enables you to get this issue sorted if you have OpenVZ/Virtuozzo VPS you should follow these instructions to enable 2nd level-quotas support to get disk space usage issue sorted.

Lets start fixing this:

Login to your main node’s SSH with root access where you have hosted VPS’.

Just find out the exact ID of your VPS for which you want to enable the second level-quotas by executing below stated command:

# vzlist

It will list all the online Virtual Private Servers, remember the one you want to enable second level quotas for.

Now execute following below command on the required VPS ID.

# vzctl set VPS_ID --quotaugidlimit NUMBER --save

Read More

Enable GeoIP on LiteSpeed web server

This tutorial explains how to install/configure/enable GeoIP location feature on litespeed web server.
Note: You can only use this feature with enterprise license of litespeed web server.

Follow these steps to get it enabled:

First of all download GeoIP location database from official web site (maxmind):

Login to your server via SSH with root access, and execute following commands:
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gunzip GeoLiteCity.dat.gz
cp GeoLiteCity.dat /usr/local/share/GeoIP/

Now you have downloaded GeoIP location database, next is to enable it from LiteSpeed control panel.

Follow these steps:

liteSpeed admin console->Server->General
->Enable IP GeoLocation: Yes

liteSpeed admin console->Server->General
->IP to GeoLocation DB: Add
DB File Path: /usr/local/share/GeoIP/GeoIPCity.dat
DB Cache Type: MemoryCache

Last step is to add a line in .htaccess file of your hosting account directory (public_html in cPanel)

GeoIPEnable On

Well you have configured/enabled GeoIP location system.

Now just make a test on it:
Create a php file on your hosting account, and paste below code in it:

<?
$countryName = $_SERVER["GEOIP_COUNTRY_NAME"];
$countryCode = $_SERVER["GEOIP_COUNTRY_CODE"];

echo $countryName.'<br/ >'.$countryCode;
?>

Now run this file from browser it should return your country name and country code.

Checking Bash Vulnerability and Fixing it

There has been a critical vulnerability found in Bash. The vulnerability affects Linux/Unix distributions that use or have Bash installed. For additional information on this vulnerability please visit the following link:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

We advise all our clients to keep their servers & software updated constantly to make sure their servers are at minimal risk of potential vulnerabilities. For this particular vulnerability we recommend reading the following links and taking action as soon as possible:

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://access.redhat.com/articles/1200223

To test if your version of Bash is vulnerable, run the following command:

$ env x='() ; echo vulnerable' bash -c "echo this is a test"

If the output of the above command looks as follows:

vulnerable
this is a test

You are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function.

If you run the above example with the patched version of Bash, you should get an output verifying you are not vulnerable:

$ env x='() ; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

To fix this issue just update your bash by following command:

yum update bash -y

Now check bash again:

$ env x='() ; echo vulnerable' bash -c "echo this is a test"

It should return :

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

OR

this is a test

libkeyutils.so.1: cannot open shared object file: no such file or directory on centos 6 x64 – Resolution

Today one of my VPS customer got following error : libkeyutils.so.1: cannot open shared object file: no such file or directory on centos 6

He was not able to login to SSH, SSHD server kept on denying with the message : connection to ssh refused.

While inspecting his VPS from node panel i came to know the server is hacked and hacker removed/changed libkeyutils.so.1 and libkeyutils.so.1.3 both are not present in lib64 directory, hacker just deleted them.
Please note these files are necessary files and are responsible for any connections inbound/outbound, so if they are not present or corrupted your server cannot connect to other computers.

Following is the solution to this issue :

Login to your main node (SSH), or your VPS by SSH console provided by your VPS provider.

Now go to /lib64 directory to check if libkeyutils.so.1 and libkeyutils.so.1.3 files are there or not. If files are there just delete them, the file libkeyutils.so.1 is symbolic link to libkeyutils.so.1.3 file. You should delete both of them by :

rm -f /lib64/libkeyutils.so.1 /lib64/libkeyutils.so.1.3

Now you would need to download RPM for libkeyutils.so.1 from centos web site:

wget ftp://ftp.muug.mb.ca/mirror/centos/6.4/os/x86_64/Packages/keyutils-libs-1.4-4.el6.x86_64.rpm

Please note, this is the step you might need assistance from your VPS provider, just ask them to place this RPM in your /lib64 directory as you cannot download it. Wget also does not work without libkeyutils.so.1 file.

Once the RPM package is downloaded, you would need to execute following command in lib64 directory:

rpm -ivh --replacefiles --replacepkgs keyutils-libs-1.4-4.el6.x86_64.rpm

This will replace package library files as well as other files, and now restart SSH by:

service sshd restart

and reboot your server:

reboot

Suggestion: Install config server firewall immediately once you get back the SSH access, your VPS will not get hack again, it takes only 2 minutes:

http://configserver.com/free/csf/install.txt

Disable Sym links on linux WHM/cPanel

Disabling SYM links is not a tough task on WHM/cPanel based servers, however you might not found proper way to do this, here is the quick code for disabling symlinks.

Why disabling symlinks is necessary for non-root users?

Gaining access to other accounts hosted on cPanel/WHM hosting servers is done by symbolic links, hackers usually create symbolic links on an hacked account to gain access to files hosted on other accounts so other accounts can be accessible through those symbolic links. To deal with this issue system administrator should disable symbolic links creation for non-root users.

  • Login to WHM/cPanel server via SSH with root access.
  • execute following commands:
  • $ wget http://layer1.rack911.com/before_apache_make -O
  • $ /scripts/before_apache_make
  • $ chmod 700 /scripts/before_apache_make
  • And then recompile apache by previous saved profile:
  • $ /scripts/easyapache

That is all, you can also check for any symbolic links already created:

  • $ find /home*/*/public_html -type l

    This will output directories and files those are sym linked.

Have fun!