QUICK CHECKS:
|
................................
GET CURRENT CPANEL VERSION:
cat /usr/local/cpanel/version
FIND DATE UPGRADED TO CURRENT VERSION (et al):
grep "11.60.0.13" /var/cpanel/updatelogs/*
CPANEL UPDATE LOGS:
ls -l /var/cpanel/updatelogs/
cat /var/cpanel/updatelogs/update.1477886041.log
LOGS:
ls -lah /var/log/
ls -lah /usr/local/cpanel/logs
ls -lah /usr/local/apache/logs
................................
TOP PROCESSES (CPU AND MEMORY USAGE):
/usr/local/cpanel/bin/dcpumonview
LIST USERS:
find /home -printf "%u\n" | sort -u
MONITOR ALL USERS:
top -c d2
MONITOR SPECIFIC USER:
top -c d2 -u michaelt
STATS FOR A USER PAST SEVERAL DAYS:
domain="modelsigninc.com"; for i in `seq 1 7 `; do let i=$i+1 ; let k=$i-1 ; let s="$(date +%s) - (k-1)*86400"; let t="$(date +%s) - (k-2)*86400"; echo `date -Idate -d @$s`; /usr/local/cpanel/bin/dcpumonview `date -d @$s +%s` `date -d @$t +%s` | sed -r -e 's@^<tr bgcolor=#[[:xdigit:]]+><td>(.*)</td><td>(.*)</td><td>(.*)</td><td>(.*)</td><td>(.*)</td></tr>$@Account: \1\tDomain: \2\tCPU: \3\tMem: \4\tMySQL: \5@' -e 's@^<tr><td>Top Process</td><td>(.*)</td><td colspan=3>(.*)</td></tr>$@\1 - \2@' | grep $domain -A3 ; done
................................
ERROR LOGS:
tail -500 /usr/local/cpanel/logs/error_log
grep "cpsrvd.pl" /usr/local/cpanel/logs/error_log | tail -500
grep '2015-10-31' /usr/local/cpanel/logs/error_log
tail -500 /usr/local/apache/logs/error_log
................................
LOGIN FAILURE DAEMON:
tail -500 /var/log/lfd.log
grep "216.67.172.242" /var/log/lfd.log
grep "^Oct 31" /var/log/lfd.log
zgrep "216.67.172.242" /var/log/lfd.log-20161031.gz
zgrep "^Oct 31" /var/log/lfd.log-20161031.gz
SERVICE STATUS LOGS:
grep "^\[2015-10-31" /var/log/chkservd.log
grep "Restarting lfd" /var/log/chkservd.log
SSH LOGINS:
cat /var/log/secure
cat /var/log/secure | grep 'refused connect'
cat /var/log/secure | grep '201.108.8.22'
FAILED LOGIN ATTAMPTS TO cPanel/WHM:
tail -500 /usr/local/cpanel/logs/login_log
ACCOUNT ACCESS LOGS:
ls -lah /home/michaelt/access-logs/
tail -500 /home/michaelt/access-logs/blog.wyorock.com
CPANEL ACCESS LOGS AND USER ACTIONS:
tail -500 /usr/local/cpanel/logs/access_log
grep "judy" /usr/local/cpanel/logs/access_log
suPHP APACHE MODULE AUDIT LOGS:
tail -50 /usr/local/apache/logs/suphp_log
LOGIN ATTEMPTS TO THE CPSRVD DAEMON:
tail -50 /usr/local/cpanel/logs/login_log
................................
|
|
................................
WORDPRESS:
COUNT HITS ON WORDPRESS wp-login.php:
cat /usr/local/apache/domlogs/michaelt/blog.wyorock.com | grep "wp-login.php" | wc -l
COUNT ATTEMPTED LOGINS ON WORDPRESS wp-login.php:
cat /usr/local/apache/domlogs/michaelt/blog.wyorock.com | grep "POST .*wp-login.php" | wc -l
GET COUNT OF HITS ON WORDPRESS wp-login.php BY IP AND MAIL RESULTS:
egrep "POST .*wp-login.php" /usr/local/apache/domlogs/michaelt/blog.wyorock.com | awk '{print $1,$4,$5,$6,$7,substr($0, index($0,$12))}' | awk '{print $1}' | sort -n | uniq -c | sort -n | sed 's/[ ]*//' | mail -s "Report" michael@wyoming.com
................................
MYSQL:
ls -lah /var/lib/mysql
MYSQL ERROR LOG:
tail -500 /var/lib/mysql/sundance.wyoming.com.err
.................................. |
SCRIPTS & SERVICES:
https://documentation.cpanel.net/display/ALD/WHM+Scripts
ALL CPANEL SERVICES:
service cpanel status
service cpanel restart
/etc/init.d/cpanel restart
APACHE:
service httpd status
service httpd restart
/etc/init.d/httpd restart
STOP, START, RESTART INDIVIDUAL SERVICES:
service XXXXXX stop
service XXXXXX start
service XXXXXX restart
/scripts/restartsrv_*
(/usr/local/cpanel/scripts)
/scripts/restartsrv_apache
/scripts/restartsrv_apache_php_fpm
/scripts/restartsrv_bind
/scripts/restartsrv_chkservd
/scripts/restartsrv_clamd
/scripts/restartsrv_cpanellogd
/scripts/restartsrv_cpdavd
/scripts/restartsrv_cphulkd
/scripts/restartsrv_cpipv6
/scripts/restartsrv_cpsrvd
/scripts/restartsrv_crond
/scripts/restartsrv_dnsadmin
/scripts/restartsrv_dovecot
/scripts/restartsrv_exim
/scripts/restartsrv_eximstats
/scripts/restartsrv_ftpd
/scripts/restartsrv_httpd
/scripts/restartsrv_imap
/scripts/restartsrv_inetd
/scripts/restartsrv_ipaliases
/scripts/restartsrv_mailman
/scripts/restartsrv_mydns
/scripts/restartsrv_mysql
/scripts/restartsrv_named
/scripts/restartsrv_nsd
/scripts/restartsrv_p0f
/scripts/restartsrv_pop3
/scripts/restartsrv_postgres
/scripts/restartsrv_proftpd
/scripts/restartsrv_pureftpd
/scripts/restartsrv_queueprocd
/scripts/restartsrv_rsyslogd
/scripts/restartsrv_spamd
/scripts/restartsrv_sshd
/scripts/restartsrv_syslogd
/scripts/restartsrv_tailwatchd
/scripts/restartsrv_tomcat
/scripts/restartsrv_xinetd |
|
| apache |
Restarts the Apache web server. |
| bind |
Restarts the BIND nameserver software. |
| chkservd |
Restarts cPanel’s TailWatch log processing service. |
| clamd |
Restarts the ClamAV antivirus software. |
| cpanellogd |
Restarts the cpanellogd daemon. |
| cpdavd |
Restarts cPanel’s WebDAV server. |
| cphulkd |
Restarts cPHulk. |
| cpipv6 |
Binds or rebinds the server's IPv6 addresses. Run this script with the --list flag to list all of the server's bound IPv6 addresses. |
| cpsrvd |
Restarts the cpsrvd daemon. |
| crond |
Restarts the crond daemon. |
| dnsadmin |
Restarts the dnsadmin daemon. |
| dovecot |
Restarts the Dovecot mail server. |
| entropychat |
Restarts the Entropy chat client. |
| exim |
Restarts the Exim mail exchanger. |
| eximstats |
Restarts the Exim mail statistics tracker. |
| ftpd or ftpserver |
Restarts the configured FTP service (ProFTPd or Pure-FTPd). |
| httpd |
Restarts the Apache web server. |
| imap |
Restarts the IMAP server (Dovecot). |
| inetd |
Restarts the super-server daemon that manages Internet services. |
| ipaliases |
Restarts the IP address aliasing software. |
| mailman |
Restarts Mailman. |
| mydns |
Restarts the MyDNS server. |
| mysql |
Restarts the MySQL database server. |
| named |
Restarts the BIND nameserver software. |
| nsd |
Restarts the NSD nameserver daemon. |
| p0f |
Restarts the passive OS fingerprinting service. |
| postgres or postgresql |
Restarts the PostgreSQL database service. |
| proftpd |
Restarts the ProFTPd server daemon. |
| pureftpd |
Restarts the Pure-FTPd server daemon. |
| queueprocd |
Restarts the queueprocd daemon. |
| rsyslogd |
Restarts the open-source log forwarder daemon. |
| spamd |
Restarts the Apache SpamAssassin™ daemon. |
| sshd |
Restarts the Secure shell daemon. |
| syslogd |
Restarts the Log forwarder daemon. |
| tailwatchd |
Restarts cPanel’s TailWatch log processing service. |
| tomcat |
Restarts the Apache Tomcat service. |
| xinetd |
Restarts the open-source super-server daemon. |
|
----------------------------------------------------
UNIQUE AND SORTED LIST OF OWNERS:
ls -l /home | awk '{print $3}' | sort | uniq
OR
ls -l /home | awk '{print $3}' | sort -u
OR
find /home -printf "%u\n" | sort -u
----------------------------------------------------
cPanel Resource Usage Stats:
Home -> Server Status -> Daily Process Log
/usr/local/cpanel/bin/dcpumonview
Get cPanel Resource Stats for 7 Days
domain="thedomain.com"; for i in `seq 1 7 `; do let i=$i+1 ; let k=$i-1 ; let s="$(date +%s) - (k-1)*86400"; let t="$(date +%s) - (k-2)*86400"; echo `date -Idate -d @$s`; /usr/local/cpanel/bin/dcpumonview `date -d @$s +%s` `date -d @$t +%s` | sed -r -e 's@^<tr bgcolor=#[[:xdigit:]]+><td>(.*)</td><td>(.*)</td><td>(.*)</td><td>(.*)</td><td>(.*)</td></tr>$@Account: \1\tDomain: \2\tCPU: \3\tMem: \4\tMySQL: \5@' -e 's@^<tr><td>Top Process</td><td>(.*)</td><td colspan=3>(.*)</td></tr>$@\1 - \2@' | grep $domain -A3 ; done
List Directory Sizes:
du --max-depth=1 /home/michaelt/public_html/wp-content | sort -n | awk 'BEGIN {OFMT = "%.0f"} {print $1/1024,"MB", $2}'
Monitor specific user using TOP
top -c d2 -u intermou
Monitor all users using TOP
top -c d2
----------------------------------------------------
Create account backup:
/usr/local/cpanel/scripts/pkgacct $user
/usr/local/cpanel/scripts/pkgacct michaelt
.......................
/usr/local/cpanel/scripts/pkgacct michaelt /backup
.......................
/usr/local/cpanel/scripts/pkgacct michaelt /backup/michaelt
/usr/local/cpanel/scripts/pkgacct michaelt /backup -skiphomedir
/usr/local/cpanel/scripts/pkgacct michaelt /backup -skipacctdb
/usr/local/cpanel/scripts/pkgacct michaelt /backup -incremental
----------------------------------------------------
Remove account:
/usr/local/cpanel/scripts/removeacct cpaneluser
----------------------------------------------------
Restore account:
/usr/local/cpanel/scripts/restorepkg $user [file]
/usr/local/cpanel/scripts/restorepkg /home/backup/cpmove-michaelt.tar.gz
The user should be terminated from the system prior to restoring a full backup, for the best results.
----------------------------------------------------
Backup all databases in one file:
mysqldump --all-databases > all_databases.sql
Backup all databases in individual files:
for i in `mysql -e "show databases;"`; do mysqldump $i > /folder_path/$i.sql; done
----------------------------------------------------
After "The following files were found to be altered from their original RPM:"
/usr/local/cpanel/scripts/check_cpanel_rpms --list-only
/usr/local/cpanel/scripts/check_cpanel_rpms --long-list
/usr/local/cpanel/scripts/check_cpanel_rpms --fix
----------------------------------------------------
cPanel backup.
+ precpbackup – Runs before the cPanel backup
+ cpbackup – cpanel back up
+ postcpbackup – Runs after cPanel backup
You must update /etc/cpbackup.conf for the precpbackup and postcpbackup script hooks to run. Use a text editor to specify PREBACKUP 1 in /etc/cpbackup.conf forprecpbackup, and POSTBACKUP 1 in /etc/cpbackup.conf for postcpbackup.
Rebuilding Apache and PHP.
+ easyapache – recompile/upgrade apache and/or php
Restarting services.
+ restartsrv – restart script for services
cpanel UPDATE
+ preupcp
+ upcp – updates cpanel to the latest version
+ postupcp
+ updatenow – updates the cPanel scripts
----------------------------------------------------
##################################################
suPHPfix Utility
http://ssullivan.org/projects/suphpfix
SEE: D:\_Michael\My Documents\_Companies\wyocom\cPanel\WordPress\suPHPFix\suphpfix_install.sh
suPHPfix (cPanel only) corrects common permission/ownership issues (as well as some PHP setting issues) that are commonly encountered when switching to CGI/FCGI/suPHP (with suexec enabled). suPHPfix also has the ability to restore cPanel accounts to the state they were in before it made any changes. This is useful when users decide CGI/FCGI/suPHP (with suexec enabled) is not for them and they wish to undo/revert all changes made by suPHPfix. By default due to security reasons, suPHPfix will not touch hardlinked files. If you want to modify hardlinked files anyways, please use the appropriate flags (described below).
prep
Sets public_html to 750 $cpuser:nobody
Removes group and world write from all files
Sets all directories to 755
Sets /$home/$cpuser to 711
Sets /$home/$cpuser/public_html/* to $cpuser:$cpuser
save-state
Records recursive permissions/ownerships states of /$home/$cpuser/public_html
restore-state
Restores recursive permissions/ownerships states of /$home/$cpuser/public_html in accordance with the last save-state
...........................................
FIND (PERMISSIONS):
find /home/*/public_html/ -type d -perm 777 > /root/badpermdir.txt
find /home/*/public_html/ -type f -perm 666 > /root/badpermfiles.txt
FIND (OWNERSHIP - nobody:
find /home/*/public_html/ -type f -user nobody -group nobody > /root/nobodyfiles.txt
find /home/*/public_html/ -type d -user nobody -group nobody > /root/nobodydirs.txt
##################################################