File Integrity Check
Aug 4, 2008
I use tripwire for a long time on my FreeBSD servers
one thing that's bugging me is that it takes like 20 minutes to check the system with the default config:
so I'd like to know:
1) is there currently some other tool that does tripwire job better?
2) anyone has a list of "probably changed files when a server is hacked", or something like that?
I mean, I'll be happy if tests can take 2 minutes instead of 20 and I detect intrusion 99% of the times instead of 99,9%
so "key files/dirs" would probably be enough instead of checking a lot of dirs with recursion
View 9 Replies
ADVERTISEMENT
Jan 15, 2008
Are the following file from Cpanel? Cpanel just update itself (set to automatic update to stable release) and got the following file integrity check.
/usr/bin/chattr: FAILED
/usr/bin/encode_keychange: FAILED
/usr/bin/gdb: FAILED
/usr/bin/gdbserver: FAILED
/usr/bin/gdbtui: FAILED
/usr/bin/lsattr: FAILED
/usr/bin/snmpbulkget: FAILED
/usr/bin/snmpbulkwalk: FAILED
/usr/bin/snmpdelta: FAILED
/usr/bin/snmpdf: FAILED
/usr/bin/snmpget: FAILED
/usr/bin/snmpgetnext: FAILED
/usr/bin/snmpinform: FAILED
/usr/bin/snmpnetstat: FAILED
/usr/bin/snmpset: FAILED
/usr/bin/snmpstatus: FAILED
/usr/bin/snmptable: FAILED
/usr/bin/snmptest: FAILED
/usr/bin/snmptranslate: FAILED
/usr/bin/snmptrap: FAILED
/usr/bin/snmpusm: FAILED
/usr/bin/snmpvacm: FAILED
/usr/bin/snmpwalk: FAILED
/usr/bin/uuidgen: FAILED
/usr/bin/wbemexec: FAILED
/usr/bin/xmlcatalog: FAILED
/usr/bin/xmllint: FAILED
/usr/sbin/ext2online: FAILED
/usr/sbin/filefrag: FAILED
/usr/sbin/mklost+found: FAILED
/usr/sbin/snmpd: FAILED
/sbin/badblocks: FAILED
/sbin/blkid: FAILED
/sbin/debugfs: FAILED
/sbin/dumpe2fs: FAILED
/sbin/e2fsck: FAILED
/sbin/e2image: FAILED
/sbin/e2label: FAILED
/sbin/findfs: FAILED
/sbin/fsck: FAILED
/sbin/fsck.ext2: FAILED
/sbin/fsck.ext3: FAILED
/sbin/logsave: FAILED
/sbin/mke2fs: FAILED
/sbin/mkfs.ext2: FAILED
/sbin/mkfs.ext3: FAILED
/sbin/resize2fs: FAILED
/sbin/tune2fs: FAILED
View 5 Replies
View Related
Jul 4, 2007
i got this message from my provider after asking for a reboot:
Quote:
Your server had an EXT3 FS error scrolling across the screen.
I rebooted and the server mounted clean, but you may end up needing a file system check (FSCK).
I want to do that myself so i can schedule the downtime after midnight, what are the procedures to fix this erros to avoid the need to reboot the server often
am using CENTOS with cpanel & whm
View 2 Replies
View Related
Mar 14, 2008
I have a centos server & whenever I reboot it, it goes into File System check and takes about 1 hr to turn online.
The irony is, I reboot the server only when the load goes high (esp when traffic is high).. And the server is down for long times when traffic is high.
The server config is pretty good, but it shows these problems once in 15-20 days.
View 3 Replies
View Related
Apr 16, 2008
Apache error log for a subdomain
[Thu Apr 17 00:02:24 2008] [crit] [client 69.113.17.156] (13)Permission denied: /home/user/public_html/subdir/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
However, there is no htaccess file in that directory anyway
/home/user/public_html/subdir
Server is Centos 5 / Cpanel
View 5 Replies
View Related
May 29, 2007
I installed system integrity monitor problem
It says:
[05/29/07 21:35:15]: HTTP service is online.
[05/29/07 21:35:15]: HTTP url request failed, assuming offline.
[05/29/07 21:35:15]: HTTP offline, restart limit exceeded.
How do i increase this so called restart limit?
System integrity monitor on server.dealsreferals.com has taken action in responce to an event. Recent event logs are enclosed below for your inspection. There has been 23 events today, if an average of 1000 events is reached, e-mail alerts will be terminated for the duration of the day.
- Events Summary:
Total event count: 23
Average event count: 2
- Service Summary:
FTP [online - 0 events]
HTTP [offline - 11 events]
DNS [online - 1
1 events]
SSH [restarted - 1 events]
MYSQL [restart failed - 1 events]
XINET [restarted - 1 events]
- System Summary:
LOAD [25.71 - status good - 17 events]
NETWORK [eth0 - online - 0 events]
- SIM Log:
[05/29/07 21:30:12]: XINET service is online.
[05/29/07 21:35:15]: LOAD 25.71 (status good)
[05/29/07 21:35:15]: NETWORK is online.
[05/29/07 21:35:15]: FTP service is online.
[05/29/07 21:35:15]: Error in http.chk, $LPATH_NT not found.
[05/29/07 21:35:15]: HTTP service is online.
[05/29/07 21:35:15]: HTTP url request failed, assuming offline.
[05/29/07 21:35:15]: HTTP offline, restart limit exceeded.
[05/29/07 21:35:15]: DNS service is online.
[05/29/07 21:35:15]: SSH service is offline.
[05/29/07 21:35:15]: Restarted SSH service (1 SSH events today).
[05/29/07 21:35:15]: MYSQL service is offline.
[05/29/07 21:35:15]: MYSQL restart failed, could not find /etc/init.d/mysqld.
[05/29/07 21:35:15]: XINET service is offline.
[05/29/07 21:35:15]: Restarted XINET service (1 XINET events today).
- System Log:
May 29 21:35:48 server smartd[2510]: smartd received signal 15: Terminated May 29 21:35:49 server smartd: smartd shutdown failed May 29 21:35:54 server xinetd[14167]: Exiting...
May 29 21:35:54 server xinetd: xinetd shutdown succeeded May 29 21:35:54 server bandmin: Shutting down bandmin:
May 29 21:36:01 server bandmin: �[60G
May 29 21:36:01 server bandmin:
May 29 21:36:01 server rc: Stopping bandmin: succeeded May 29 21:36:05 server sshd: Stopping sshd failed May 29 21:36:06 server acpid: acpid shutdown succeeded May 29 21:36:07 server crond: crond shutdown succeeded May 29 21:36:07 server autofs: Stopping automount:
May 29 21:36:08 server sshd: succeeded
May 29 21:36:12 server xinetd: xinetd shutdown failed May 29 21:36:16 server xinetd: xinetd startup succeeded
===============================================================================
SIM 2.5-3 <sim@r-fx.org> 05/29/07 21:35:15
View 5 Replies
View Related
Jul 29, 2008
If I have a company watching my integral services, do I need SIM? Are there benefits to keeping it and having outsourced monitoring alongside it?
View 5 Replies
View Related
May 20, 2014
I wrote a script to test the integrity of my DNS and run it from time to time on my server...
I just ran it today and it discovered I suddenly have 5 domains with SOA-records that doesn't point to itself. They point to the secondary nameserver.
They are records that exist for years and were for sure correct before (I know this because of that script).
If I do a "restore defaults" it isn't corrected and if I switch to slave and then back to master it doesn't change either...
The file /var/named/run-root/var/obfuscated.com is updated, but the slave-DNS stays in that file...
The only way I'm able to correct it is by deleting the NS-record with the slave DNS and adding it again.
I assume there's some mechanism that scans the NS-records and then decides to make that one the SOA. This has always worked fine... also on this server.
View 6 Replies
View Related
Jan 6, 2009
I have 35 clients hosting on my dedicated server.
I am going to be ending my service as a host provider, and I need to transfer all of my clients to a new host.
Many of my clients sites were written 3-4 years ago in php while global vars was still off, and so many of the sites might not function correctly if I just pop them to a new host.
My first solution would be to bypass the php .ini file with a public_html/ based ini that would override any newer server settings.
Does anyone know of a good host that could take my clients? And also support the php version locally to the shared account?
I need a host that is reliable, and honest.
Am I going about this the right way?
I am open to any suggestions or advice on this.
I should probably add, all of my clients pay on an annual basis from $89-$140. None of my clients run video sites or any heavy media stuff.
View 11 Replies
View Related
Jul 30, 2006
Dedicated server has 2 HDD but I am not going to pay another $25/month for the hardware RAID solution (already stretched too far).
My plan is to install FreeBSD 6 and use Gmirror to establish a raid-1 "soft" mirror.
Advantages: Entire drive is mirrored including the OS. Drives can be remotely inserted or removed from the mirror set using a console command so its possible to uncouple the mirror and perform software updates on a single drive then re-establish the mirror only after the updates have proved successful.
Disadvantages: Lower I/O than hardware solution (not a problem for me) others???
I rarely see people consider software raid for a tight-budget server and I am wondering why? Could it be that other OS's dont have a solution as good as gmirror? Or is it just that crappy soft-raid in the past has left a bitter taste in admins mouths? Or perhaps admins need the extra I/O of hardware?
View 3 Replies
View Related
Dec 30, 2014
When I am syncing plans with subscription, it shows
Error: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '16-servicePlanId' for key 'PRIMARY'
Which table should I check for the problem in mysql database?
View 2 Replies
View Related
Feb 10, 2015
I'm build Plesk Panel for Linux and Presence Builder, I don't want my user can upload their website to hosting via File Manager. How can I do it...
View 2 Replies
View Related
Jul 1, 2009
I would like to know how to check load via ssh and check files causing load?
I want the ssh codes for 2 different set of control panels, one with cpanel+whm and other with kloxo+hypervm
and I would also know how to check the files causing the load, such as some files could have been interrupted while processing, so they could be causing load some times, so I want to stop such processes if any are running on the vps on my friends accounts
View 5 Replies
View Related
May 26, 2008
Say I have 2 websites and they all use file.php which is located on mainserver.com/file.php.
I want to use the file like this:
website1.com/file.php
website2.com/file.php
View 2 Replies
View Related
Mar 6, 2008
Rapidly growing error logs showing the same message
$ug-non-zts-20020429/ffmpeg.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20020429//usr/local/lib/php/extensions/no-debug-non-zts-20020429/ffmpeg.so: cannot open shared object file: No such file or directory in Unknown on line 0
root@server [~]# ls /usr/local/lib/php/extensions/no-debug-non-zts-20020429
./ ../ eaccelerator.so*
root@server [~]# ls /usr/local/lib/php/extensions/no-debug-non-zts-20020429
./ ../ eaccelerator.so*
Using cpanel 11 / centos 4
View 1 Replies
View Related
Jun 16, 2008
i have a server with centos,
i need to edit the hidden file .htaccess from the file management tool of cpanel,
but the hidden files not shown,
ow can i modify the setting and let the files shown in the file management tool of cpanel?
View 6 Replies
View Related
Sep 17, 2014
How can we stop Plesk resetting the file permissions on a dll file that is found in
C:Program Files (x86)
??
Specifically,
we have a file, jmail.dll,
here
C:Program Files (x86)Dimacw3JMail
By default Plesk permissions are set to DENY for PSACLN.
But the JMail plugin cannot work with these permissions !
We change this to be ALLOW for READ & EXECUTE and DENY for WRITE.
And everything works fine.
But every time Plesk does an update it reverts it back !
This means that a number of our customers contact forms stop working !
View 12 Replies
View Related
Nov 22, 2008
I'm trying to do this
/usr/bin/gzip -p /home/mysite/public_html/shop/feeds/myfile.xml.zip > /home/mysite/public_html/shop/feeds/myfile.xml
But it just tells me
/usr/bin/gzip: invalid option -- p
X-Powered-By: PHP/5.2.5
Content-type: text/html
How do I find the correct option to unzip first file to second file?
View 8 Replies
View Related
Oct 10, 2014
i manage linux apache webserver with a few wordpress blogs and from time to time i see someone inject a malicious .php file into wp-content/uploads/2014/10/ directory.
i think its some bad plugin or theme, but these is more blogs, i ugrade, update, WP, but
how can i setup some monitor to tell me which php file (or even line in php file) injected that malicious .php ? I have linux root access so i can setup anything
View 3 Replies
View Related
Jul 9, 2007
Today I found some cstomer on the servers make a link for named it file.txt and link it to other customer php file.
so that customer have the ability to show the other custoer file content when visiting the url because it is a text wile originally it is a php file.
the php file was a config file, so now he know the database password , and because he is in the same server he can use that databse.
the question , how to avoide this prolem in the future?
notes , the SuExec is rnning and the open_basedir protection is enabled, but the problem still exists.
View 12 Replies
View Related
Apr 10, 2008
i recently purchased a VPS from internetvps.com, but im not sure what OS of linux it is. How can you check the OS of the server?
View 10 Replies
View Related
Jun 7, 2007
Let's say I have a VPS with 512 MBs of RAM.
How do I check in shell that this is indeed the case?
I read in some places that "top" and "free -m" and such can help.
But these gave me way more than 512.
Here is the output from my "free -m". Total shows here 3886 MBs of MEM??? That is almost 4 Gigs. Please someone explain this.
total used free shared buffers cached
Mem: 3886 3721 164 0 17 542
-/+ buffers/cache: 3161 724
Swap: 6142 2020 4121
View 4 Replies
View Related
Mar 20, 2007
Quote:
Nobody Check 1.0.3 Current on cPanel
Tue Mar 20 16:00:02 SGT 2007 on blue.mydomain.com
Server Load: 16:00:02 up 21 days, 14:02, 0 users, load average: 2.73, 2.20, 2.08
Warning: Malicious Nobody Process Found
=========================================
Options: kill bad proc=1 logging lvl=1
SCAN SUMMARY
========================================
Clean Processes: 57
DETECTED Malicious Processes: 1
DETECTION DETAILS
========================================
DETECTION: Process 4221 with name php and path /usr/bin/php
Process ID: 4221 has been killed
Restuls for PID: 4221
total 0
dr-xr-xr-x 3 easyzz easyzz 0 Mar 20 16:00 .
dr-xr-xr-x 291 root root 0 Feb 27 10:01 ..
dr-xr-xr-x 2 easyzz easyzz 0 Mar 20 16:00 attr
-r-------- 1 easyzz easyzz 0 Mar 20 16:00 auxv
-r--r--r-- 1 easyzz easyzz 0 Mar 20 16:00 cmdline
lrwxrwxrwx 1 easyzz easyzz 0 Mar 20 16:00 cwd -> /home/easyzz/public_html
-r-------- 1 easyzz easyzz 0 Mar 20 16:00 environ
lrwxrwxrwx 1 easyzz easyzz 0 Mar 20 16:00 exe -> /usr/bin/php
dr-x------ 2 easyzz easyzz 0 Mar 20 16:00 fd
-rw-r--r-- 1 easyzz easyzz 0 Mar 20 16:00 loginuid
-r-------- 1 easyzz easyzz 0 Mar 20 16:00 maps
-rw------- 1 easyzz easyzz 0 Mar 20 16:00 mem
-r--r--r-- 1 easyzz easyzz 0 Mar 20 16:00 mounts
lrwxrwxrwx 1 easyzz easyzz 0 Mar 20 16:00 root -> /
-r--r--r-- 1 easyzz easyzz 0 Mar 20 16:00 stat
-r--r--r-- 1 easyzz easyzz 0 Mar 20 16:00 statm
-r--r--r-- 1 easyzz easyzz 0 Mar 20 16:00 status
dr-xr-xr-x 3 easyzz easyzz 0 Mar 20 16:00 task
-r--r--r-- 1 easyzz easyzz 0 Mar 20 16:00 wchan
Netstat:
Environ:
Hello, I got this notification from the 'Nobody Check'.
Is there anything I need to be aware of? ..
View 3 Replies
View Related
May 22, 2007
confirm this is only 1gig of ram?
Mem: 1034096 985128 48968 0 157944 559136
-/+ buffers/cache: 268048 766048
Swap: 2040212 160 2040052
Total: 3074308 985288 2089020
View 3 Replies
View Related
Oct 3, 2009
have some E_Books in PDF I want to convert them to word document format
Also need a share hosting for this
View 14 Replies
View Related
Nov 26, 2008
how to put a .FLV format file on a web page with out using the .swf file?
View 4 Replies
View Related
Apr 20, 2009
I'm running CSF on a Cpanel server and have questions about new features in CSF
Apache Check
Check Apache weak SSL/TLS Ciphers (SSLCipherSuite)
Results
Cipher list []. Due to weaknesses in the SSLv2 cipher you should disable SSLv2 in WHM > Apache Configuration > Global Configuration > SSLCipherSuite > Add -SSLv2 to SSLCipherSuite and/or remove +SSLv2. Do not forget to Save AND then Rebuild Configuration and Restart Apache, otherwise the changes will not take effect in httpd.conf
Can someone explain this in laymen terms? I know this is new in Cpanel. I'm already running Apache 2.2, PHP 5.2.9 with suPHP enabled and mod_security as well (these rules: [url]
Also, what exactly are these CSF checks?
Check csf PT_SKIP_HTTP option
This option disables checking of processes running under apache and can limit false-positives but may then miss running exploits
Check csf SAFECHAINUPDATE option
This option closes a window of opportunity that opens when dynamic chain updates occur
View 3 Replies
View Related
Jun 11, 2009
how to check using SSH if the HD is SSD drive in a linux box?
View 1 Replies
View Related
Jul 18, 2009
How can we be sure that we are facing ddos attacks any good command which will make me 100 percent sure that there is ddos attacks on server ?
View 12 Replies
View Related
Feb 26, 2009
Is it possible to run a hardware check on my VPS?
For instance DFT (Drive Fitness Test) or Memtest?
I'm running HyperVM and WHM.
View 3 Replies
View Related
