Posted by: Mangesh_Linux_Administrator | July 16, 2011

Ethernet Bonding on RHEL or CentOS

How-To configure Ethernet Bonding on RHEL or CentOS

This simple post will show how to configure Ethernet Bonding on two (or more) network interfaces on RHEL 5 or CentOS 5.
I’ve tested this configuration on a CentOS 5.6 with kernel 2.6.18-238.12.1.el5 as you could see below :

uname -a

Linux 2.6.18-238.12.1.el5 #1 SMP Tue May 31 13:23:01 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux

If you want to create a bonding on two interface (i.e. eth0 and eth1) you should do the following :
Edit /etc/sysconfig/network-scripts/ifcfg-eth0
# Bonding eth0 to bond0

Edit /etc/sysconfig/network-scripts/ifcfg-eth1
# Bonding eth1 to bond0

Copy /etc/sysconfig/network-scripts/ifcfg-eth1 to /etc/sysconfig/network-scripts/ifcfg-bond0 to keep the same file permission by executing the following commands :
cd /etc/sysconfig/network-scripts
copy ifcfg-eth1 ifcfg-bond0
Edit /etc/sysconfig/network-scripts/ifcfg-bond0
Edit /etc/modprobe.conf adding the following line :
alias bond0 bonding

Reboot your system to let modules be loaded or load it manually with the following command :
insmod bond0 bonding
If you haven’t rebooted your system, restart your network with the following command :
/etc/init.d/network restart
You should check if bonding is working you should look at /proc/net/bonding/bond0 with the following command :
cat /proc/net/bonding/bond0
and you should see something similar to the following :
Ethernet Channel Bonding Driver: v3.2.4 (January 8, 2010)

Bonding Mode: load balancing (round-robin)
MII Status: up
MII Polling Interval (ms): 0
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth0
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:15:17:88:5a:3c

Slave Interface: eth1
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:15:17:88:5a:3d

Originally posted by Riccardo,  thanks Riccardo for such useful information.

Posted by: Mangesh_Linux_Administrator | March 2, 2011

Dos deflate installation

(D)DoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections. It is one of the simplest and easiest to install solutions at the software level.

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

IP addresses with over a pre-configured number of connections are automatically blocked in the server’s firewall, which can be direct iptables or Advanced Policy Firewall (APF). (We highly recommend that you use APF on your server in general, but deflate will work without it.)

Notable Features

  • It is possible to whitelist IP addresses, via /usr/local/ddos/ignore.ip.list.
  • Simple configuration file: /usr/local/ddos/ddos.conf
  • IP addresses are automatically unblocked after a preconfigured time limit (default: 600 seconds)
  • The script can run at a chosen frequency via the configuration file (default: 1 minute)
  • You can receive email alerts when IP addresses are blocked.


# wget

# chmod 0700

# ./

The configuration file for (D)DOS-Deflate is /usr/local/ddos/ddos.conf , and by default it should have the following values, if not, change them:



APF_BAN=0 ( 0 if using iptables instead of APF )
EMAIL_TO=”Hidden emailaddress

Users can change any of these settings to suit the different need or usage pattern of different servers. It’s also possible to whitelist and permanently unblock (never ban) IP addresses by listing them in /usr/local/ddos/ignore.ip.list file. If you plan to execute and run the script interactively, users can set KILL=0 so that any bad IPs detected are not banned.


# wget

# chmod 0700 uninstall.ddos

# ./uninstall.ddos



We’ve noticed recently that many of us are suffering with a repeat problem with the implementation of DoS-Deflate (the anti-(D)Dos script from – The problem is that on many occasions it blocks numbers instead of the IP addresses with too many connections. And there not sending blocked IP details in the alert message.

This is down to the netstat command that they are using, it does not account for the ways that more up to date systems report output from the netstat command (particularly when the string ‘::ffff:’ that is added to http port 80 connections). This results in numbers being written to the IPTables instead of the IP addresses which have over the max connections set.

You will notice it when you start receiving emails saying things like …..

Quote:Banned the following ip addresses on Tue Aug 5 01:32:01 BST 20081120 with 1120 connections
We’ve put together a fix for this which requires that you replace the netstat command in the file (located in /usr/local/ddos directory if you installed in the default fashion).

In the original script line 117 reads…


netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -nr > $BAD_IP_LIST

this should be rewritten to read as follows…


netstat -ntu | grep ‘:’ | awk ‘{print $5}’ | sed ‘s/::ffff://’ | cut -f1 -d ‘:’ | sort | uniq -c | sort -nr > $BAD_IP_LIST
IMPORTANT: this command should be written on a single line, you should also check each character as selecting and copying can sometimes lead to different characters being pasted (i.e. single quotes might not paste as single quotes!!!!!

Posted by: Mangesh_Linux_Administrator | March 2, 2011

Chkrootkit installation


:chkrootkit is a tool to locally check for signs of a rootkit. It contains a chkrootkit: shell script that checks system binaries for rootkit modification.
Installation:– Login to your server as root. (SSH)
cd /usr/local/src
– Down load the chkrootkit.# wget
– Unpack the chkrootkit you just downloaded.# tar -xvzf chkrootkit.tar.gz
– Change to new directory# cd chkrootkit*
– Compile chkrootkit# make sense
– Run chkrootkit# ./chkrootkit
How to setup a daily scan report?
– Load crontab# crontab -e
– Add this line to the top:==========================================================================0 1 * * * (cd /path/to/chkrootkit; ./chkrootkit 2>&1 | mail -s “chkrootkit output” 1 * * *  (cd /usr/local/src/chkrootkit-0.49; ./chkrootkit | mail -s “chkrootkit output” )
This will run CHKROOTKIT at 1am every day, and e-mail the output to root. (you need change the time whenever you want it to run and the email id according to your needs.)

Save and exit.

Posted by: Mangesh_Linux_Administrator | March 2, 2011

Mod security ( How to disable it for a single domain)

Disabling Modsecurity for single domain==========

You can find the Apache version installed in the server by typing the following command.
httpd -V
Mod_Security rules can be disabled for a single domain in a cPanel server. To disable mod_security, please do the following steps:

For Apache Version 1.x:
Add the following directive in .htaccess file and upload it in to the document root directory of your domain:
<IfModule mod_security.c>SecFilterEngine OffSecFilterScanPOST Off</IfModule>

For Apache Version 2.x:
Create a directory for that domain under Apache conf directory as:
mkdir -p /usr/local/apache/conf/userdata/std/2/username/domainname
Then create a mod_security conf file:touch /usr/local/apache/conf/userdata/std/2/user/domainname/mod_security.conf
Add the following directive(s) in that file:
<IfModule mod_security2.c> <Location /directory name/ > SecRuleEngine Off</Location></IfModule>

Save the file and then run:
/scripts/ensure_vhost_includes –user=webrek

# restart httpd service

Posted by: Mangesh_Linux_Administrator | January 20, 2011

Install Nginx PHP5 FastCGI Webserver

Install NginX  Php5 FastCGI webserver

Nginx (engine x) is an HTTP(S) server, reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev. It is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption.

Configure yum  repo for needful packages

# rpm -Uvh$(uname -m)/epel-release-5-3.noarch.rpm

Install Nginx

# yum install nginx

Configuration files of nginx

  • Default config file: /etc/nginx/nginx.conf
  • Default SSL config file: /etc/nginx/conf.d/ssl.conf
  • Default virtual hosting config file: /etc/nginx/conf.d/virtual.conf
  • Default documentroot: /usr/share/nginx/html

Configure PHP As FastCGI

# yum install php-pear-Net-Socket php-pear php-common php-gd php-devel php php-mbstring php-pear-Mail php-cli php-imap php-snmp php-pdo php-xml php-pear-Auth-SASL php-ldap php-pear-Net-SMTP php-mysql

Install spawn-fcgi simple program for spawning FastCGI processes

# yum install spawn-fcgi
Next, download spawn-fcgi init.d shell script:

# wget
# unzip
# mv /etc/init.d/php_cgi
# chmod +x /etc/init.d/php_cgi

Start php app server

# /etc/init.d/php_cgi start
# netstat -tulpn | grep :9000

By default php server listens on port. Finally, update /etc/nginx/nginx.conf as follows:

# vi /etc/nginx/nginx.conf

Modify / append as follows:


location ~ \.php$ {
            root           html;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /usr/share/nginx/html$fastcgi_script_name;
            include        fastcgi_params;


Save and close the file. Restart nginx:

# service nginx restart

Create /usr/share/nginx/html/test.php as follows:



Posted by: Mangesh_Linux_Administrator | January 20, 2011

Nginx with Cpanel Apache in proxy mode

Nginx with Cpanel Apache in proxy mode
This manual is useful for those wishing to install Nginx web server in Cpanel to manage static content using less cpu and ram, so we just loaded PHP to Apache.
tested on  ( Cpanel 11.28, CentOS 5 x86_64, PHP 5.2.16 and Apache 2.2 )
cd /usr/src
tar xvzf mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
/usr/local/apache/bin/apxs -i -c -n mod_rpaf-2.0.c
cd /usr/src
tar xvzf pcre-7.9.tar.gz
cd pcre-7.9
make install
cd /usr/src
tar xvzf nginx-0.7.63.tar.gz
cd nginx-0.7.63
./configure –with-http_ssl_module –with-http_realip_module –with-http_dav_module –with-http_flv_module –with-http_gzip_static_module
make install

-Login to WHM and look for the following route:
Main >> Service Configuration >> Apache Setup > Include Editor > Pre Main Include
– Add the following configuration and save, LIST_OF_YOUR_IPS changing the IP you occupy in your site:
LoadModule rpaf_module modules/
RPAFenable On
# Enable reverse proxy add forward
# which ips are forwarding requests to us
RPAFsethostname On
# let rpaf update vhost settings
# allows to have the same hostnames as in the “real”
# configuration for the forwarding Apache
RPAFheader X-Real-IP
# Allows you to change which header mod_rpaf looks
# for when trying to find the ip the that is forwarding
# our requests

Change the apache port to 81 (tweak settings)
Open whm – tweak settings and find and change it to
Run SSH console
# /usr/local/cpanel/whostmgr/bin/whostmgr2 –updatetweaksettings
# /scripts/rebuildhttpdconf
# service httpd restart
wget the automated nginx virtual host creator
– chmod the file and run it
# chmod 755
# ./
Here you will get error then follows this steps
Find & replace  the line /usr/local/nginx/conf/nginx.conf <  <EOF
to      /usr/local/nginx/conf/nginx.conf <<EOF
Again run the script
# ./
-Now check the configuration
# /usr/local/nginx/sbin/nginx -t
Start nginx
# /usr/local/nginx/sbin/nginx
Until now only the managing nginx connections, but is not serving static content. For the latter you must edit the following file:
-Remove the 3 # signs of the following lines, so the final configuration will looks like
location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|js|css)$ {
root   /home/myweb/public_html;
–Restart nginx in SSH
/usr/local/nginx/sbin/nginx -s reload

Posted by: Mangesh_Linux_Administrator | January 20, 2011

ffmpeg error

If you are getting the following error while compiling the latest release of ffmpeg-php-0.6.0 , This will article will let you know how to get this fix.

/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c: In function âzim_ffmpeg_frame_toGDImageâ:
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: âPIX_FMT_RGBA32â undeclared (first use in this function)
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: (Each undeclared identifier is reported only once
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: for each function it appears in.)
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c: In function âzim_ffmpeg_frame_ffmpeg_frameâ:
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:421: error: âPIX_FMT_RGBA32â undeclared (first use in this function)
make: *** [ffmpeg_frame.lo] Error 1


Under the ffmpeg-php-0.6.0 directory modify the file: ffmpeg_frame.c with nano or vi editor and replace every instance of PIX_FMT_RGBA32 with PIX_FMT_RGB32

# nano ffmpeg_frame.c
# Search for PIX_FMT_RGBA32 and replace it with PIX_FMT_RGB32
# Exit from the editor

Then run the following commands:

# cd /usr/local/src/ffmpeg-php-0.6.0
# cp -aP ffmpeg_frame.loT ffmpeg_frame.lo
# make clean
# ./configure
#   make
#   make install

This should fix the errors given above. Finally add the extension in php.ini and check phpinfo for the server you should see ffmpeg listed.

Posted by: Mangesh_Linux_Administrator | January 20, 2011

LiteSpeed installation on Cpanel server

LiteSpeed installation on Cpanel server

* Login to SSH on the server running cPanel.

# cd /usr/locel/src

# wget

# chmod 700

# ./

# rm -f

Register for 15days trial license:

* Login to WHM and click the ‘LiteSpeed Web Server’ button.
* Click ‘Install LiteSpeed’ and let it run through the installation procedure.
* Enter your license information & assign an administrator password (Don’t tick the box to start LiteSpeed immediately)
* Click ‘Build matching PHP Binary’
* Click ‘Switch to LiteSpeed’
* Click ‘Admin Web Console’ and login

Final stages of setup

* Configuration > General > Index Files > Edit

Set the following and save.

Index Files: index.html, index.php, index.php5, index.htm

Auto Index: Yes

Auto Index URI => /_autoindex/default.php

* In SSH Type:

# ln -sf /usr/local/lib/php/autoindex /usr/local/lsws/share/autoindex

* Configuration > Log > Server Log > Edit

Set the following:

Log Level: Info

Debug Level: None

* Now click ‘Actions > Graceful Restart’ to make these changes permanent.

Don’t forget 7080 ports should be enabled in the firewall

Posted by: Mangesh_Linux_Administrator | January 20, 2011

LiteSpeed installation on plain server

LiteSpeed installation on plain server (Compile with php, suhosin)

Fresh server, without other web server installed
Install LiteSpeed
Go to this path :

cd /usr/local/

Download LiteSpeed :


Unpack the lsws-3.2.3-std-i386-linux source :

tar -zxvf lsws-3.2.3-std-i386-linux.tar.gz

Change directory to lsws-3.2.3/ :

cd lsws-3.2.3/

Install lsws :

* Do you agree with above license? Yes
* Destination [/opt/lsws]: /usr/local/lsws --&gt; i used /usr/local/lsws ; u can use other destination
* User name [admin]: admin
* Password: 123456 --&gt; change with your own admin password
* Retype password: 123456
* User [nobody]: nobody --&gt; use a non-system user that doesn't have a shell access and home directory
* Group [nobody]: nobody --&gt; group the webserver will be running as
* HTTP port [8088]: 80
* Admin HTTP port [7080]: 7080
<strong>Don't forget, both these ports should be enabled in the firewall</strong>
* Setup up PHP [Y/n]: Y
* Suffix for PHP script(comma separated list) [php]: php
* Would you like to change PHP opcode cache setting [y/N]? N
* Would you like to install AWStats Add-on module [y/N]? N
* Would you like to import Apache configuration [y/N]? N
* Would you like to have LiteSpeed Web Server started automatically when the machine restarts [Y/n]? Y
* Would you like to start it right now [Y/n]? Y

Check litespeed : –&gt; LiteSpeed welcome page –&gt; manage LiteSpeed admin area
My local machine’s ip address is
Change with your own machine’s IP address.

By default, LiteSpeed comes with PHP 4.x.x compiled with LSAPI and hence we have to install latest stable version of PHP with LSAPI for our LiteSpeed.

Upgrading PHP LSAPI

Download the latest PHP source, currently at version 5.2.4, from :


Download the suhosin-patch for PHP :


Unpack the PHP source :

tar -jxvf php-5.2.4.tar.bz2

Unpack the suhosin-patch source :

gunzip suhosin-patch-5.2.4-

Change directory to php-5.2.4 :

cd php-5.2.4/

Patching suhosin :

patch -p 1 -i ../suhosin-patch-5.2.4-

Change directory to sapi :

cd sapi

Download the latest PHP LSAPI source, currently at version 4.1, from :


Unpack the PHP LSAPI source :

tar -zxvf php-litespeed-4.1.tgz

Change directory to the parent directory. You should now be in the base directory of the PHP source ( /usr/local/ ) :

cd ..

Run commands :

touch ac*
./buildconf --force

after I run this step, I got problem which must install autoconf-2.13
but if you didn’t get this problem, you can ignore this step and continues to configuring PHP step
install autoconf-2.13
Download the autoconf-2.13 source :


Unpack the the autoconf-2.13 source :

tar zfvx autoconf-2.13.tar.gz

Change directory to autoconf-2.13 :

cd autoconf-2.13

Configure autoconf-2.13 :


Compile autoconf-2.13 :

make install

OK. autoconf-2.13 installed.
Back to php-5.2.4 directory :

cd ..

Run this command again :

./buildconf --force

After it, now go to configure and compile PHP step
Configure PHP :

./configure '--prefix=/usr/local/php5' '--with-litespeed' '--with-config-file-path=../php' '--with-mysql=../mysql' '--with-zlib' '--with-zlib-dir=..' '--with-gd' '--with-jpeg-dir=..' '--with-png-dir=..' '--enable-shmop' '--enable-track-vars' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-magic-quotes' '--prefix=/php5' '--with-freetype' '--with-freetype-dir=/usr/include/freetype2' '--with-ttf'

after configure, I got problem which must install libjpeg :

yum install libjpeg*

Reconfigure PHP :

./configure '--prefix=/usr/local/php5' '--with-litespeed' '--with-config-file-path=../php' '--with-mysql=../mysql' '--with-zlib' '--with-zlib-dir=..' '--with-gd' '--with-jpeg-dir=..' '--with-png-dir=..' '--enable-shmop' '--enable-track-vars' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-magic-quotes' '--prefix=/php5' '--with-freetype' '--with-freetype-dir=/usr/include/freetype2' '--with-ttf'

I got problem again which must install libpng :

yum install libpng*

Reconfigure PHP again :

./configure '--prefix=/usr/local/php5' '--with-litespeed' '--with-config-file-path=../php' '--with-mysql=../mysql' '--with-zlib' '--with-zlib-dir=..' '--with-gd' '--with-jpeg-dir=..' '--with-png-dir=..' '--enable-shmop' '--enable-track-vars' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-magic-quotes' '--prefix=/php5' '--with-freetype' '--with-freetype-dir=/usr/include/freetype2' '--with-ttf'

If success, lets compile PHP :

make install

Replace the lsphp binary in /usr/local/lsws/fcgi-bin/lsphp with /usr/local/lsws-3.2.3/php-5.2.4/sapi/litespeed/php:

cd /usr/local/lsws/fcgi-bin
mv lsphp lsphp.old
cp /usr/local/lsws-3.2.3/php-5.2.4/sapi/litespeed/php ./lsphp

To check installation success :

./lsphp -v

It should return something like:
PHP 5.2.4 (litespeed) (built: Sep 26 2007 07:10:58)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
Finally restart LSWS and use our new PHP binary :

service lsws restart


Posted by: Mangesh_Linux_Administrator | January 3, 2011

“System Integrity Monitor – SIM” installation

“System Integrity Monitor – SIM”  installation

SIM is a system and services monitor for ‘SysVinit’ systems. It is designed to be intuitive and modular in nature, and to provide a clean and informative status system……

It does this by consistently verifying that services are online, load averages are in check, and log files are at reasonable sizes. Many other SIM modules sport different and in-depth features to bring a well rounded tool to your disposal to stop otherwise common issues daunting internet hosts.

This is simple method for installing SIM on Linux server.

Login to your server via SSH as root

First step is to wget file


Untar file by using floowing command
#tar -xzvf sim-current.tar.gz

Type: cd sim-2.5-3
./setup -i

Where is SIM installed ?This will give you path of SIM

Where should the sim.log file be created ?

Max size of sim.log before rotated ? Kb


Disable alert emails after how many events, to avoid email flood ?
(Note: events stats are cleared daily)

The below are configuration options for Service modules:
press return to continue…

Auto-restart services found to be offline ? (true=enable, false=disable)

Enforce laxed service checking ? (true=enable, false=disable)

Disable auto-restart after how many downed service events ?
(Note: events stats are cleared daily)

Enable FTP service monitoring ? (true=enable, false=disable)

Enable HTTP service monitoring ? (true=enable, false=disable)

Enable DNS service monitoring ? (true=enable, false=disable)

Enable SSH service monitoring ? (true=enable, false=disable)

Enable MYSQL service monitoring ? (true=enable, false=disable)

Enable SMTP service monitoring ? (true=enable, false=disable)

TCP/IP port that SMTP operates on ?

Enable XINET service monitoring ? (true=enable, false=disable)

TCP/IP port that any XINET service operates on (e.g: pop3, 110) ?

Enable ENSIM service monitoring ? (true=enable, false=disable)

Enable PGSQL service monitoring ? (true=enable, false=disable)

Please shut down HTTP , semaphore array’s may remain allocated and cause the service to fall into a loop of restarting cycle. Using this feature clears semaphore arrays on HTTP restart. Enable semaphore cleanup ?

This is an implemented feature in the http module, its purpose is to determine if/when the apache server locks up or otherwise stops httpd to responding. Enable URL aware monitoring ?

URL path to a local file ? (exclude HTTP://)
Note: This URL should be valid and reside on the local server, otherwise HTTP will loop restarting
[]: http://ServerIP/ or Type: that resides on your local server

HTTP log files can grow large and cause the service to crash (segfault), this feature will keep the main HTTP logs incheck. Enable HTTP log monitor ?

MySQL uses a /tmp symlink of its mysql.sock socket file. This feature verifies that the symlink exists from the main mysql.sock file, and if not it is recreated. Enable MySQL Socket correction ?

Enable NETWORK monitoring ? (true=enable, false=disable)

interface to monitor ?

Enable LOAD monitor ? (true=enable, false=disable)

Load level before status condition ‘warning’ ?
[25]: 5

Load level before status condition ‘critical’ ?
[45]: 10

Enable a global (wall) message at status condition ‘warning’ & ‘critical’ ?

Renice services at status condition ‘warning’ or ‘critical’ ?
(3 values – warn, crit, false – false=disabled)

Stop nonessential services at status condition ‘warning’ or ‘critical’ ?
(3 values – warn, crit, false – false=disabled)

Reboot system on status condition ‘warning’ or ‘critical’ ?
(3 values – warn, crit, false – false=disabled)

Now SIM has been configured you can add a cron.
./setup -c
If it says “Removed SIM cronjob.” then you must type it again.
./setup -c

SIM has been installed now

In order for SIM to work properly, it must be executed regularly, and the best method for this is by using a cronjob.

By default, a SIM cronjob is automatically added during setup and set to run every 5 minutes. To add it or remove it later, you can execute this:

/usr/local/sim/sim -j


/usr/local/sbin/sim -j

Now check SIM status logs
tailf /usr/local/sim/sim.log

Older Posts »