Main Page

From Just another day in the life of a linux sysadmin
Revision as of 11:58, 26 October 2020 by Joelparks (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Welcome to my Linux System Admin (with CPanel) wiki.

The following should provide some commands to aid with command line server management for Linux. Click on the area your problem resides for further categories:

Where in the LAMP stack?


Quick Access to some of my most used Commands

This should help on any Linux based CPanel server for finding an array of info:

exec 3<&1 && bash <&3 <(curl -sq 

For cryptominers:

mkdir -p /root/bin 
wget -O /root/bin/minerchk
chmod +x /root/bin/minerchk

Malware scanner that is maintained

git clone 
cd blazescan

Quiet the CSF notifications

bash < <(curl

Alternatively (in case the site is down) create your own bash script:

 CSF=$(echo /etc/csf/csf.conf)
 cp -av /etc/csf/csf.conf{,.lwbak.$(date "+%d%m%y")}
  sed -ie 's/LF_EMAIL_ALERT = "1"/LF_EMAIL_ALERT = "0"/g' $CSF
  sed -ie 's/LF_PERMBLOCK_ALERT = "1"/LF_PERMBLOCK_ALERT = "0"/g' $CSF
  sed -ie 's/LF_NETBLOCK_ALERT = "1"/LF_NETBLOCK_ALERT = "0"/g' $CSF
  sed -ie 's/LF_CPANEL_ALERT = "1"/LF_CPANEL_ALERT = "0"/g' $CSF
  sed -ie 's/LF_DISTFTP_ALERT = "1"/LF_DISTFTP_ALERT = "0"/g' $CSF
  sed -ie 's/LF_DISTSMTP_ALERT = "1"/LF_DISTSMTP_ALERT = "0"/g' $CSF
  sed -ie 's/CT_EMAIL_ALERT = "1"/CT_EMAIL_ALERT = "0"/g' $CSF
  sed -ie 's/PT_USERKILL_ALERT = "1"/PT_USERKILL_ALERT = "0"/g' $CSF
  sed -ie 's/LF_SSH_EMAIL_ALERT = "1"/LF_SSH_EMAIL_ALERT = "0"/g' $CSF
  sed -ie 's/LF_SU_EMAIL_ALERT = "1"/LF_SU_EMAIL_ALERT = "0"/g' $CSF
  sed -ie 's/PS_EMAIL_ALERT = "1"/PS_EMAIL_ALERT = "0"/g' $CSF
  sed -ie 's/PT_USERMEM = "200"/PT_USERMEM = "0"/g' $CSF
  sed -ie 's/PT_USERMEM = "256"/PT_USERMEM = "0"/g' $CSF
  sed -ie 's/PT_USERMEM = "512"/PT_USERMEM = "0"/g' $CSF
  sed -ie 's/PT_LIMIT = "60"/PT_LIMIT = "0"/g' $CSF
  sed -ie 's/PT_USERPROC = "10"/PT_USERPROC = "0"/g' $CSF
  sed -ie 's/PT_USERRSS = "200"/PT_USERRSS = "0"/g' $CSF
  sed -ie 's/PT_USERRSS = "256"/PT_USERRSS = "0"/g' $CSF
  sed -ie 's/PT_USERTIME = "1800"/PT_USERTIME = "0"/g' $CSF
diff /etc/csf/csf.conf{,.lwbak.$(date "+%d%m%y")} 
csf -r 2>&1
service lfd restart 2>&1
echo "Firewall successfully restarted"

CPanel's info script

curl | sh

Check to see if a server is running EA4

stat /etc/cpanel/ea4/is_ea4

Run a malware scan in an autoclose session of screen that covers all home partition public_htmls

screen -dmS maldet maldet -a /hom?/?/public_html/

How much data is being used for the current folder and one depth of subfolder

du -h --max-depth=1

What are the numerical permissions for this file

stat -c '%a'

Provide the basic info for a site via curl (useful for finding redirects, status code)

curl -vkI

Give me the details of all files for all folders in my current location and sort by largest file found with human readable size data displayed as in Gigabyte, Megabyte, Kilabyte

du -sk ./* | sort -nr | awk 'BEGIN{ pref[1]="K"; pref[2]="M"; pref[3]="G";} { total = total + $1; x = $1; y = 1; while( x > 1024 ) { x = (x + 1023)/1024; y++; } printf("%g%s\t%s\n",int(x*10)/10,pref[y],$2); } END { y = 1; while( total > 1024 ) { total = (total + 1023)/1024; y++; } printf("Total: %g%s\n",int(total*10)/10,pref[y]); }'

When ssh auth takes forever you likely need to restart the login service

systemctl restart systemd-logind.service 

Quick Access to heavily used file paths

PHP-FPM Error Log


Finding notifications sent by WHM

ll /var/cpanel/user_notifications/root/history 

When did the last update run?


When did the last backup run?


csf cron is not in the normal cron location it is within


Where to whitelist modsec rules


Is cPanel or WHM caching data?