Server admin info for cPanel, Plesk and linux!

HELP! My server is constantly crashing!

There are a lot of things that may cause a server to crash, this guide is going to primarily look at the hardware side of crashing. There are many things that might be causing the server to crash from a software standpoint such a process that runs out of control or uses too many resources. There are a few things that might be going wrong with a server. Normally the component that goes wrong is the hard drive, simply because it is use so much and is a moving part. The RAM on a server will occasionally go but this is more common when the server is moved around or the RAM moved because it has a chance of being statically shocked. On the less common side of things you could have the CPU, powersupply, ethernet card, or motherboard going out.

The below has been known to fix most cPanel mail issues. They can range from spamd failed messages to exim just flat out not working at all.

/scripts/perlinstaller Digest::SHA1
/scripts/perlinstaller --force Mail::SpamAssassin
/scripts/fixspamassassinfailedupdate
/scripts/updatenow
/scripts/installspam --force
/scripts/exim4 --force

/etc/rc.d/init.d/exim restart
/scripts/restartsrv spamd
/etc/rc.d/init.d/chkservd restart

This guide was designed for PSFservers using centos 3.4 but it will work fine for just about any server install of centos or RHEL.

This guide is going to be using a text mode install simply because it is the most compatible. Note that in doing so the mouse is not going to work! Simply use the tab and arrow keys to move. The install itself is pretty simple but if you have any problems please email me or post them below.

A firewall is a very good idea for a server. Though many people think that a firewall is instant protection that will do everything it really is not. A firewall will help prevent some things but it is not going to stop everything. It is just one piece of the security network that is being woven. I recommend advanced protection firewall (APF) by rfxnetworks. APF will block unused outgoing and incoming ports. It can also be configured to use information from some block lists. The below port list will work for cPanel. For the other control panels you will need to add in the administration ports.

HotSaNIC is a very nice tool which combines all sorts of very important system graphs into a simple and easy to understand webpage. It allows the admin to take a quick glance at the graphs to see what may or may not be working with the system. With the new APPS graph it is also possible to watch as more processes are started which can be helpful in tracking down why the server load is increasing. For instance if you see a huge load spike but you see that the number of exim processes has gone up significantly at the same time you can start to investigate.

I built this guide on a cPanel server but it will work fine on an ensim box as well. I don't recall the plesk mailserver off the top of my head but changing that small part will make it work great fine plesk.

A HUGE THANKS TO FOGGY!! Much of this guide has been copied from the original posted here: http://forums.ev1servers.net/showthread.php?p=70160 . I have cleaned it up a little and updated it for the latest version of hotsanic.

Though a newcomer in the server management and server administration field Total Server Solutions (TSS) has been around for a few months and has proven itself. I formed TSS with other 3 friends back in January and since then we have been very successful in keeping our current clients and adding more. If you would like your server secured, monitored 24/7 or even just checked out by TSS stop by the website and put in a ticket. We strive hard to work with all of our clients on a personal level providing the best support possible. We will always give you a straight answer.

I have provided a lof of what we do free on this website in an effort to give back to the same community that has given me so much. Please support me by using TSS if you need somebody else to work with you for server administration. Thanks for visiting eth0.us and I hope you find everything that you need!

HELP! My server is under a DDOS attack!

Ok first of all this guide is not going to be entirely comprehensive on everything you need to do towards optimizing a server and figuring what is causing the server to overload. All of the guides in my HELP! series are not meant to replace a professional only give you a general idea of what you can do. If after reading this do not think that there is nothing you can do, it may be you simply have to hire somebody to take a look at it. It is very hard to write every single thing that might be wrong and sometimes it just takes a lot of experience to see what is wrong. The first thing to do is determine what bottleneck is slowing your system down. There are many things that can be causing the load on a server run out of control but the main things are CPU limitations, memory (RAM), or I/O of your disks. Typically people will look at the "uptime" of their server to give a general idea of if it is a load problem causing issues with a server. In general a load of ~1 for each cpu is reasonable, if you have 2 cpus with hyperthreading linux will see them as 4 which means your load can be around 4 without any major problems. That being said it is very possible that your server handles even double what the uptime load shows without any problems. The load from uptime has a lot of factors that go into it and if you are interested in finding out more I would suggest looking on google. When writing this guide i am assuming that your server is optimized so if I say you are running low on RAM you probably need to optimize it some more or get RAM for it.

How-To: Compile a monolithic 2.6.9 kernel with grsecurity

This guide was designed for the ev1 configurated poweredge servers. I have tested it on the the 2.0 and 2.4 Ghz Xeons, and 2.0 Ghz celeron. It should also work fine with the P4 2.0 Ghz + but I have personally not tested one yet. I do not have any plans to test this kernel on any older systems though as long as they network card support is built in it will probably work. I started this as a project to increase the performance and security of my servers. The 2.6.x kernel has many improvements that have dramatically dropped the load on the servers I have tested this on so far. In addition to that the kernel does not support loadable modules, the definiation of monolithic, which removes one method of possible vulnerabilities as well as more efficient. Though there are no studies directly linking grsecurity to increased security it only adds additional security to your system with very few negative drawbacks. I think that is worth the extra time to configure in grsecurity in the chance that it may possibly block a possible cracker.

How-To: Compile a 2.6.9 Kernel

This guide is to be used completely at your own risk! It was designed with an ev1 dual xeon hardware configuration in mind but will also work on some of the P4 modals. I am not going to try and support every possible hardware combination. I started this because I wanted a kernel for my own use but decided to share my work. Upgrading a kernel from rpm is easy and doing it as i have below is pretty easy as I have already done much of the hard configuration work. I was able to use the following guide on multiple servers with no problem and I know that it works. The key that makes this much easier is that you are using the .config file I have already created which contains all of the variables and configuration options. If you would like to view the .config file and offer any input please feel free! I have a little experience with compiling kernels but I am sure there are a few more things here and there I can remove.

How-To: Compile a monolithic 2.6.10 kernel with grsecurity and secfix patch

Note 2.6.10 is an old version of the kernel however, this guide will work with the latest 2.6.11.7 and grsecurity if you get those instead of the files described. If you go that route the patch described below for a specific vulnerability is not requied.


This guide was designed for the ev1 configurated poweredge servers. I have tested it on the the 2.0 and 2.4 Ghz Xeons, and 2.0 and 3.0 Ghz celeron. It should also work fine with the P4 2.0 Ghz + but I have personally not tested one yet. I do not have any plans to test this kernel on any older systems though as long as they network card support is built in it will probably work. If you post here with specific problems on boot I can try to add the needed modules to my config. I started this as a project to increase the performance and security of my servers. The 2.6.x kernel has many improvements that have dramatically dropped the load on the servers I have tested this on so far. In addition to that the kernel does not support loadable modules, the definiation of monolithic, which removes one method of possible vulnerabilities as well as more efficient. Though there are no studies directly linking grsecurity to increased security it only adds additional security to your system with very few negative drawbacks. I think that is worth the extra time to configure in grsecurity in the chance that it may possibly block a possible cracker.

This kernel is patched against the following vulerability: http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt. This is the root level exploit that was release January 7th. It is *HIGHLY* suggested that you upgrade ASAP. This particular exploit along with a worm much like the phpBB worm could be disasterous yeilding full root access.

Updated Feb 6th for instructions on updating grub
Updated Feb 2nd for rpm problems with RH9

Grsecurity is a set of patches and options that works to help increase the security of a server at the kernel level. Here is a very basic guide of how to download it and patch your kernel. This guide is meant to be used alongside of my generic 2.6.10 kernel guide if you are not familiar with the process of compiling a kernel. This guide can also be adapted to the latest 2.6.11.7 and version of grsecurity just fine.

How-To: Compile and configure a 2.6.10 kernel



Note 2.6.10 is an old version of the kernel however, this guide will work with the latest 2.6.11.7 and grsecurity if you get those instead of the files described. If you go that route the patch described below for a specific vulnerability is not required.

My previous guides use a very specific config file that only works for a few different servers. This guide is meant to be a lot more generic and should work on more servers. I have taken the default config from a redhat 2.4 kernel and kept all the driver configuration. I have removed the extra support such as USB and sound that are not needed on a server. I also explain how to remove some of the drivers that are not necessary such as scsi/ide support depending on what type of drives you have. If you do not want to deal with the menuconfig you can simply compile it and not configure it. I hope that this guide will help alleviate some of the problem with segfaulting that some of the configurations have. If you would like to compile in grsecurity please follow my 2.6.10 grsecurity guide.

This guide has taken me a long time to create. If you have used it for your donate please consider donating :) With that being said good luck with compiling your new kernel.

*********************WARNING********************



This guide is no longer going to be updated as it is too large and complex to maintain. Instead all of the other guides on the right will continue to be updated. I am going to leave it up just because some people still look at it for a general idea of what to do with a new server. I would suggest that you not actually follow these directions as the versions may be old.


First and foremost I want to say that this is not going to make your server 100% cracker proof, there is always a possibility that somebody will find a way in. I have listed a lot of things you can do to protect your server and that will help you secure it. While securing your server you have to find a median between what is secure and what restricts your clients or websites. You can easily make your server 100% secure from remote attacks by unplugging the ethernet cable, but chances are you will not get much good with it. This is not a complete guide and I will update it when I find time or it needs it. Overall it is a very good start and it is probably more then most servers have.

If you have any problems with the guide please post them and I will try and help/update the guide. I have not included everything you can do but it is a very good start. If you need somebody to secure server please feel free to private message or email me.

Updated 7/17 for the latest version of openssh. Thanks goes to DXtremz for pointing out the compiling error with open ssh and then even providing the fix! :)

First step we will enable telnet so if something screws up you can still access the server:

-----command-----
pico -w /etc/xinetd.d/telnet
-----command-----

The purpose of syctl hardening is to help prevent spoofing and dos attacks. This short guide will show what I have found to be a good configuration for the sysctl.conf configuration file. The most important of the variables listed below is the enabling of syn cookie protection. Only place the bottom two if you do not want your server to respond to ICMP echo, commonly referred to as ICMP ping or just ping requests.


NOTICE: Make sure that eth0 is your primary interface, if it is not replace eth0 with eth1 in the code below.

-----command-----
pico -w /etc/sysctl.conf
-----command-----

Now paste the following into the file, you can overwrite the current information.

How-To: Secure your temp directories


Every system needs temporary folders that any user is able to read and write BUT these directories should not be able to execute programs or scripts. Though this will only protect you from somebody running the script directly it will help with a large portion of the automated rootkits and trojans that script kiddies use. They will still be able to put the files on the system but they will be unable to execute them and create the back door. One of the biggest problems is php injection via apache in which people will have apache download and then run an exploit. Securing the temp directories is probably the single biggest thing you can do towards securing your server.