cPanel Scripts
 
 
QUICK CHECKS:
 

................................

GET CURRENT CPANEL VERSION:
cat /usr/local/cpanel/version

FIND DATE UPGRADED TO CURRENT VERSION (et al):
grep "11.60.0.13" /var/cpanel/updatelogs/*

CPANEL UPDATE LOGS:
ls -l /var/cpanel/updatelogs/
cat /var/cpanel/updatelogs/update.1477886041.log

LOGS:
ls -lah /var/log/
ls -lah /usr/local/cpanel/logs
ls -lah /usr/local/apache/logs

................................

TOP PROCESSES (CPU AND MEMORY USAGE):
/usr/local/cpanel/bin/dcpumonview

LIST USERS:
find /home -printf "%u\n" | sort -u

MONITOR ALL USERS:
top -c d2

MONITOR SPECIFIC USER:
top -c d2 -u michaelt

STATS FOR A USER PAST SEVERAL DAYS:
domain="modelsigninc.com"; for i in `seq 1 7 `; do let i=$i+1 ; let  k=$i-1 ; let s="$(date +%s) - (k-1)*86400"; let t="$(date +%s) - (k-2)*86400"; echo `date -Idate -d @$s`; /usr/local/cpanel/bin/dcpumonview `date -d @$s +%s` `date -d @$t +%s` | sed -r -e 's@^<tr bgcolor=#[[:xdigit:]]+><td>(.*)</td><td>(.*)</td><td>(.*)</td><td>(.*)</td><td>(.*)</td></tr>$@Account: \1\tDomain: \2\tCPU: \3\tMem: \4\tMySQL: \5@' -e 's@^<tr><td>Top Process</td><td>(.*)</td><td colspan=3>(.*)</td></tr>$@\1 - \2@' | grep $domain -A3 ; done



................................

ERROR LOGS:

tail -500 /usr/local/cpanel/logs/error_log
grep "cpsrvd.pl" /usr/local/cpanel/logs/error_log | tail -500
grep '2015-10-31' /usr/local/cpanel/logs/error_log

tail -500 /usr/local/apache/logs/error_log

................................

LOGIN FAILURE DAEMON:
tail -500 /var/log/lfd.log
grep "216.67.172.242" /var/log/lfd.log
grep "^Oct 31" /var/log/lfd.log
zgrep "216.67.172.242" /var/log/lfd.log-20161031.gz
zgrep "^Oct 31" /var/log/lfd.log-20161031.gz

SERVICE STATUS LOGS:
grep "^\[2015-10-31" /var/log/chkservd.log
grep "Restarting lfd" /var/log/chkservd.log


SSH LOGINS:
cat /var/log/secure
cat /var/log/secure | grep 'refused connect'
cat /var/log/secure | grep '201.108.8.22'


FAILED LOGIN ATTAMPTS TO cPanel/WHM:
tail -500 /usr/local/cpanel/logs/login_log

ACCOUNT ACCESS LOGS:
ls -lah /home/michaelt/access-logs/
tail -500 /home/michaelt/access-logs/blog.wyorock.com

CPANEL ACCESS LOGS AND USER ACTIONS:
tail -500 /usr/local/cpanel/logs/access_log
grep "judy" /usr/local/cpanel/logs/access_log

suPHP APACHE MODULE AUDIT LOGS:
tail -50 /usr/local/apache/logs/suphp_log


LOGIN ATTEMPTS TO THE CPSRVD DAEMON:
tail -50 /usr/local/cpanel/logs/login_log


................................

      ................................

WORDPRESS:

COUNT HITS ON WORDPRESS wp-login.php:
cat /usr/local/apache/domlogs/michaelt/blog.wyorock.com | grep "wp-login.php" | wc -l

COUNT ATTEMPTED LOGINS ON WORDPRESS wp-login.php:
cat /usr/local/apache/domlogs/michaelt/blog.wyorock.com | grep "POST .*wp-login.php" | wc -l

GET COUNT OF HITS ON WORDPRESS wp-login.php BY IP AND MAIL RESULTS:
egrep "POST .*wp-login.php" /usr/local/apache/domlogs/michaelt/blog.wyorock.com | awk '{print $1,$4,$5,$6,$7,substr($0, index($0,$12))}' | awk '{print $1}' | sort -n | uniq -c | sort -n | sed 's/[ ]*//' | mail -s "Report" michael@wyoming.com


................................

MYSQL:

ls -lah /var/lib/mysql

MYSQL ERROR LOG:
tail -500 /var/lib/mysql/sundance.wyoming.com.err

..................................
 
 
SCRIPTS & SERVICES:
https://documentation.cpanel.net/display/ALD/WHM+Scripts
 
ALL CPANEL SERVICES:
service cpanel status
service cpanel restart
/etc/init.d/cpanel restart


APACHE:
service httpd status
service httpd restart
/etc/init.d/httpd restart


STOP, START, RESTART INDIVIDUAL SERVICES:
service XXXXXX stop
service XXXXXX start
service XXXXXX restart

/scripts/restartsrv_*    
(/usr/local/cpanel/scripts)

/scripts/restartsrv_apache
/scripts/restartsrv_apache_php_fpm
/scripts/restartsrv_bind
/scripts/restartsrv_chkservd
/scripts/restartsrv_clamd
/scripts/restartsrv_cpanellogd
/scripts/restartsrv_cpdavd
/scripts/restartsrv_cphulkd
/scripts/restartsrv_cpipv6
/scripts/restartsrv_cpsrvd
/scripts/restartsrv_crond
/scripts/restartsrv_dnsadmin
/scripts/restartsrv_dovecot
/scripts/restartsrv_exim
/scripts/restartsrv_eximstats
/scripts/restartsrv_ftpd
/scripts/restartsrv_httpd
/scripts/restartsrv_imap
/scripts/restartsrv_inetd
/scripts/restartsrv_ipaliases
/scripts/restartsrv_mailman
/scripts/restartsrv_mydns
/scripts/restartsrv_mysql
/scripts/restartsrv_named
/scripts/restartsrv_nsd
/scripts/restartsrv_p0f
/scripts/restartsrv_pop3
/scripts/restartsrv_postgres
/scripts/restartsrv_proftpd
/scripts/restartsrv_pureftpd
/scripts/restartsrv_queueprocd
/scripts/restartsrv_rsyslogd
/scripts/restartsrv_spamd
/scripts/restartsrv_sshd
/scripts/restartsrv_syslogd
/scripts/restartsrv_tailwatchd
/scripts/restartsrv_tomcat
/scripts/restartsrv_xinetd
     
apache Restarts the Apache web server.
bind Restarts the BIND nameserver software.
chkservd Restarts cPanel’s TailWatch log processing service.
clamd Restarts the ClamAV antivirus software.
cpanellogd Restarts the cpanellogd daemon.
cpdavd Restarts cPanel’s WebDAV server.
cphulkd Restarts cPHulk.
cpipv6 Binds or rebinds the server's IPv6 addresses. Run this script with the --list flag to list all of the server's bound IPv6 addresses.
cpsrvd Restarts the cpsrvd daemon.
crond Restarts the crond daemon.
dnsadmin Restarts the dnsadmin daemon.
dovecot Restarts the Dovecot mail server.
entropychat Restarts the Entropy chat client.
exim Restarts the Exim mail exchanger.
eximstats Restarts the Exim mail statistics tracker.
ftpd or ftpserver Restarts the configured FTP service (ProFTPd or Pure-FTPd).
httpd Restarts the Apache web server.
imap Restarts the IMAP server (Dovecot).
inetd Restarts the super-server daemon that manages Internet services.
ipaliases Restarts the IP address aliasing software.
mailman Restarts Mailman.
mydns Restarts the MyDNS server.
mysql Restarts the MySQL database server.
named Restarts the BIND nameserver software.
nsd Restarts the NSD nameserver daemon.
p0f Restarts the passive OS fingerprinting service.
postgres or postgresql Restarts the PostgreSQL database service.
proftpd Restarts the ProFTPd server daemon.
pureftpd Restarts the Pure-FTPd server daemon.
queueprocd Restarts the queueprocd daemon.
rsyslogd Restarts the open-source log forwarder daemon.
spamd Restarts the Apache SpamAssassin™ daemon.
sshd Restarts the Secure shell daemon.
syslogd Restarts the Log forwarder daemon.
tailwatchd Restarts cPanel’s TailWatch log processing service.
tomcat Restarts the Apache Tomcat service.
xinetd Restarts the open-source super-server daemon.
 
---------------------------------------------------- 
UNIQUE AND SORTED LIST OF OWNERS:
ls -l /home | awk '{print $3}' | sort | uniq
OR
ls -l /home | awk '{print $3}' | sort -u 
OR
find /home -printf "%u\n" | sort -u 
 
----------------------------------------------------
cPanel Resource Usage Stats:
Home -> Server Status -> Daily Process Log 
/usr/local/cpanel/bin/dcpumonview 
 
 
Get cPanel Resource Stats for 7 Days
domain="thedomain.com"; for i in `seq 1 7 `; do let i=$i+1 ; let k=$i-1 ; let s="$(date +%s) - (k-1)*86400"; let t="$(date +%s) - (k-2)*86400"; echo `date -Idate -d @$s`; /usr/local/cpanel/bin/dcpumonview `date -d @$s +%s` `date -d @$t +%s` | sed -r -e 's@^<tr bgcolor=#[[:xdigit:]]+><td>(.*)</td><td>(.*)</td><td>(.*)</td><td>(.*)</td><td>(.*)</td></tr>$@Account: \1\tDomain: \2\tCPU: \3\tMem: \4\tMySQL: \5@' -e 's@^<tr><td>Top Process</td><td>(.*)</td><td colspan=3>(.*)</td></tr>$@\1 - \2@' | grep $domain -A3 ; done
 
List Directory Sizes:
du --max-depth=1 /home/michaelt/public_html/wp-content | sort -n | awk 'BEGIN {OFMT = "%.0f"} {print $1/1024,"MB", $2}'
 
 
Monitor specific user using TOP
top -c d2 -u intermou
 
Monitor all users using TOP
top -c d2
 
----------------------------------------------------
Create account backup:
/usr/local/cpanel/scripts/pkgacct $user
/usr/local/cpanel/scripts/pkgacct michaelt
....................... 
/usr/local/cpanel/scripts/pkgacct michaelt /backup
....................... 
/usr/local/cpanel/scripts/pkgacct michaelt /backup/michaelt
/usr/local/cpanel/scripts/pkgacct michaelt /backup -skiphomedir
/usr/local/cpanel/scripts/pkgacct michaelt /backup -skipacctdb
/usr/local/cpanel/scripts/pkgacct michaelt /backup -incremental 
----------------------------------------------------
Remove account:
/usr/local/cpanel/scripts/removeacct cpaneluser
 
----------------------------------------------------
Restore account:
/usr/local/cpanel/scripts/restorepkg $user [file]
 
/usr/local/cpanel/scripts/restorepkg /home/backup/cpmove-michaelt.tar.gz

The user should be terminated from the system prior to restoring a full backup, for the best results.

 

----------------------------------------------------
Backup all databases in one file:
mysqldump --all-databases > all_databases.sql

Backup all databases in individual files:
for i in `mysql -e "show databases;"`; do mysqldump $i > /folder_path/$i.sql; done
 
----------------------------------------------------
After "The following files were found to be altered from their original RPM:"
 
/usr/local/cpanel/scripts/check_cpanel_rpms --list-only
/usr/local/cpanel/scripts/check_cpanel_rpms --long-list
/usr/local/cpanel/scripts/check_cpanel_rpms --fix
----------------------------------------------------
 
cPanel backup.

+ precpbackup – Runs before the cPanel backup
+ cpbackup – cpanel back up
+ postcpbackup – Runs after cPanel backup

You must update /etc/cpbackup.conf for the precpbackup and postcpbackup script hooks to run. Use a text editor to specify PREBACKUP 1 in /etc/cpbackup.conf forprecpbackup, and POSTBACKUP 1 in /etc/cpbackup.conf for postcpbackup.

Rebuilding Apache and PHP.

+ easyapache – recompile/upgrade apache and/or php

Restarting services.

+ restartsrv – restart script for services

cpanel UPDATE

+ preupcp
+ upcp – updates cpanel to the latest version
+ postupcp

+ updatenow – updates the cPanel scripts 
 
---------------------------------------------------- 
 
 
##################################################
 
suPHPfix Utility
 
http://ssullivan.org/projects/suphpfix
SEE: D:\_Michael\My Documents\_Companies\wyocom\cPanel\WordPress\suPHPFix\suphpfix_install.sh

suPHPfix (cPanel only) corrects common permission/ownership issues (as well as some PHP setting issues) that are commonly encountered when switching to CGI/FCGI/suPHP (with suexec enabled). suPHPfix also has the ability to restore cPanel accounts to the state they were in before it made any changes. This is useful when users decide CGI/FCGI/suPHP (with suexec enabled) is not for them and they wish to undo/revert all changes made by suPHPfix. By default due to security reasons, suPHPfix will not touch hardlinked files. If you want to modify hardlinked files anyways, please use the appropriate flags (described below).

prep
    Sets public_html to 750 $cpuser:nobody
    Removes group and world write from all files
    Sets all directories to 755
    Sets /$home/$cpuser to 711
    Sets /$home/$cpuser/public_html/* to $cpuser:$cpuser

save-state
    Records recursive permissions/ownerships states of /$home/$cpuser/public_html

restore-state
    Restores recursive permissions/ownerships states of /$home/$cpuser/public_html in accordance with the last save-state 
 
...........................................
 
FIND (PERMISSIONS):
find /home/*/public_html/ -type d -perm 777 > /root/badpermdir.txt
find /home/*/public_html/ -type f -perm 666 > /root/badpermfiles.txt

FIND (OWNERSHIP - nobody:
find /home/*/public_html/ -type f -user nobody -group nobody > /root/nobodyfiles.txt
find /home/*/public_html/ -type d -user nobody -group nobody > /root/nobodydirs.txt 
 
##################################################