:: Shashank.net :: Articles ::

Home

Articles

:: Shashank.net :: Articles ::

Preserve Cpanel Backups

Tuesday, 26 February 2008 18:00 administrator

Hello Friends,

I will be releasing my scripts collection one my one from now one and so I start with the backups script I created recently This script maintains cpanel backups for any number of days you want for one particular user. A multi user version of this script is coming soon.

The script goes as below :

#!/bin/bash

#===========================================================================#
# Script by Shashank Wagh						    #
# Shashank.net(C) 2008.							    #
# This script preserves cpanel backups for any number of days for a domain. #
# Version 0.2			      				            #
# This script is provided as it is. You should use it at your own risk.	    #
#===========================================================================#

### Please specify the four variables below ####

# user is the cpanel username to be packaged and saved
USER="cpanelusername"

# Please specify the mount mount of the parition for the backup.
# Command examples : /backup , /home2
BACKUPPAR="/backup"

# backupdir is the path to the place where these backups will be stored.
BACKUPDIR=$BACKUPPAR/userbackup/

# Number of days to keep backups
DAYS=30

# Changes than normal 
# Host /home does not have enough space so tarroot is /backup
# I am using cpanel's userbackup method so that we get cpanel's time stamp.
===================================================================
###   !!!! Warning: DO NOT edit anything below this line. !!!!  ###
===================================================================

diskcheck() {
	echo "[*] Checking backup partition usage"
	usage=`df -h | grep backup | tr -s " " " " | cut -d " " -f 5 | cut -d "%" -f 1`
	if [ $usage -gt 95 ]; then
	echo "[*] Backup partition full. Aborting backups"
	exit 0
	else
	echo "[*] Backup Partition check passed"
	fi
	} 
	
createbackup() {
	echo "[*] Checking Cpanel Users Homedir"
	if [ -d /home/$USER ]; then
	echo "[*] Homedir exists. Proceeding ..."
		else
	echo "[*] Homedir does not exist. Aborting script..."
	exit 0
	fi
	echo "[*] Generating backup .."
	/scripts/pkgacct $USER /backup userbackup
	mv /backup/backup-*-$USER.tar.gz $BACKUPDIR/
	echo "[*] Backup for $now moved to $BACKUPDIR"
	}

cleanbackups() {
	echo "[*] Checking for backups more than $DAYS old"
	for i in `find $BACKUPDIR -maxdepth 1 -type f -mtime +$DAYS`
	do
		echo "The backup file $i is more than $DAYS old. Removing file.."
		rm -rfv $i
	done
	echo "[*] Cleanup Completed"
	}
diskcheck
cleanbackups
createbackup

Thank you.

Last Updated on Wednesday, 14 May 2008 10:14

Mod_Security :: How To

Thursday, 12 October 2006 09:26 administrator

This guide is going to show you how to install and configure mod_security which will help protect your server from exploits that are passed though apache. Mod_security does this by inspecting the information sent in apache and filtering out all of the "bad" requests as determined by the set of rules specified in the httpd.conf. The ruleset that I use in this guide will block out most of the common exploits, including the nosanity phpbb worms. It should also block out most of the other common methods of hacking a server passed though php. First we will download and unzip mod_security.

Last Updated on Monday, 04 February 2008 18:19 Read more...

Extended Mod Security Rules

Wednesday, 07 July 2004 12:00 administrator

Continuing from the the "Mod_Security :: How To" article here are some more mod_security rules I think should be added.

<IfModule mod_security.c>
# Turn the filtering engine On or Off
SecFilterEngine On

# Change Server: string
SecServerSignature " "

# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On

# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off

Read more for the whole ruleset.

Last Updated on Monday, 04 February 2008 18:30 Read more...

How-To: Secure your temp directories

Wednesday, 07 July 2004 09:54 administrator

Every system needs temporary folders that any user is able to read and write BUT these directories should not be able to execute programs or scripts. Though this will only protect you from somebody running the script directly it will help with a large portion of the automated rootkits and trojans that script kiddies use. They will still be able to put the files on the system but they will be unable to execute them and create the back door. One of the biggest problems is php injection via apache in which people will have apache download and then run an exploit. Securing the temp directories is probably the single biggest thing you can do towards securing your server.

This guide will work fine with cPanel, ensim, plesk, and of course with no control panel. It is designed for Redhat but should work on any linux varient.

Last Updated on Monday, 04 February 2008 18:19 Read more...

Kernel Compile with Grsecurity Patch

Monday, 12 April 2004 09:54 administrator

This is a tutorial to compile kernel 2.6.11.12 with grsecurity. Works cool specially with exec logging you can trace just any minor activity on your server. Here are the commands I used for the compilation :

cd /usr/local/src/
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.24.5.tar.bz2
wget http://grsecurity.net/grsecurity-2.1.11-2.6.24.5-200804211829.patch.gz
tar xvfj linux-2.6.24.5.tar.bz2
gunzip grsecurity-2.1.11-2.6.24.5-200804211829.patch.gz
patch -p0 < grsecurity-2.1.11-2.6.24.5-200804211829.patch.gz
cd linux-2.6.24.5
cp /boot/config-'uname -r' .config
make menuconfig
make
make modules_install
make install
grubby --bootloader-probe
pico /etc/grub.conf
grub-install /dev/hda
reboot

Try at your own risk :D . Best of luck.

The new kernel and new patch is out. I would be updating this tutorial soon :)