===================== Some c-panel Study============================================
This are my personnel notes If want it to very short just to refer if we forget. So I do not care if you do not understand. This are some C-panel things which we did at our office. If you want a lengthy documentation then Google it.
Command to know c-panel installed on the server
root@cp1 [/home/admin]# /usr/local/cpanel/cpanel -V
11.26.20-STABLE_49708
root@cp1 [/home/admin]#
(1) How to check extenstion available on cPanel server
We can run following command from shell to check extenstion available on server but make sure that you have logged in as root user.
root@server [~]# /scripts/phpextensionmgr list
It will give followings result.
root@server [~]# /scripts/phpextensionmgr list
Available Extensions:
EAccelerator
IonCubeLoader
Zendopt
SourceGuardian
PHPSuHosin
(2) How to add nameservers from shell.
Most of the time on cPanel dedicated server we add nameservers from WHM but some time we are not able to access WHM. In that case we can add nameservers from shell by using root login details.
Login in to server as root user and run following commands.
root@server[~]#/scripts/adddns –domain ns1.your_domain.com –ip=111.222.222.1
root@server[~]#/scripts/adddns –domain ns2.your_domain.com –ip=111.222.222.2
You can use your domain name instead of your_domain.com in above command with the respective ips which you want to use for your nameservers.
root@server[~]#service named restart
or
root@server[~]#/etc/init.d/named restart
(3) How to turn off CGI execution server wide
Most servers owners do not allow there clients to run cgi. We can disable the cgi by using following code in server main Apache configuration file.
Login in to shell as root user and open httpd.conf file and following line.
Options -ExecCGI
And restart apache service.
(4) Horde Failed to connect to localhost:25 error message
On Shared server as well as on Dedicated server some time we are facing large connection issue to SMTP port 25 at that time mostly we disable SMTP port 25 and enable any other port for SMTP but after changing SMTP port mostly we receive following error message in Horde webmail.
There was an error sending your message: Failed to connect to localhost:25 [SMTP: Invalid response code received from server (code: 421, response: Too many concurrent SMTP connections; please try again later.)]
To resolve above error simply change SMTP port from 25 to new SMTP port in following file.
root@server [/usr/local/cpanel/base/horde/imp/config]# Pico servers.php
And change following line
From
‘smtpport’ => 25,
To
‘smtpport’ => 26,
I have taken new port as 26 for example you can use any port as per your requirement.
(5) How to disable root login and enable key authentication on Dedicated server?
How to disable root login and enable key authentication on Dedicated server?
Refer following steps to disable direct root login.
1. SSH into your server as root user.
2. Open file sshd_config in your favorite editor
pico /etc/ssh/sshd_config
3. Find the line
Protocol 2, 1
4. Uncomment line and change it to look like
Protocol 2
5. Now find the line
PermitRootLogin yes
6. And Uncomment libe and make it look like as
PermitRootLogin no
7. Save the file sshd_config file,
8. Restart SSH service
/etc/rc.d/init.d/sshd restart
Once root login disabled on server generate authentication key by using following steps.
1. Add user for example we will add user support
useradd support
2.Assigne user support in wheel group.
usermod -G wheel support
3. Set correct permission for sudoers files.
chmod 644 /etc/sudoers
4. Now open sudoers file and set followings line in sudoers file.
pico /etc/sudoers
# User privilege specification
root ALL=(ALL) ALL
# Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
5. Make sure that sudo file binery file is secure.
chmod 4111 /usr/bin/sudo
If you are not sure about sudo binery path then run commamd to confirm the path.
which sudo
6.Now create .ssh directory in support users home directory.
cd /home/support
mkdir .ssh
7. Now generate the key by using PuTTYgen software and save the key on your local machine as support.ppk file.
8. Create authorized_keys file in .ssh directory and copy content from file support.ppk to authorized_keys file.
9. Confirm permission and ownership for files.
cd /home
ll | grep support
The ownership shuold be
drwx—— 7 support support 4096 Jul 10 03:44 support
cd /home/support
ll | grep .ssh
drwxr-xr-x 2 root root 4096 Jul 12 3:34 .ssh/
ll .ssh
The ownership shoud be
drwxr-xr-x 2 root root 4096 Jul 12 03:22 ./
drwx—— 7 support support 4096 Jul 12 03:44 ../
-rw-r–r– 1 root root 224 Jul 12 03:40 authorized_keys
Note : Do not close current Shell until you are able to access server with the support.ppk key
If you have any doubts feel free to contact me:
ashraf.mohammed83@gmail.com