TranscendLinux.com

Download the latest Apache 2.2 sources from http://httpd.apache.org/download.cgi

Untar the sources, and configure and install:

./configure --prefix=/usr/local/apache2 --enable-mods-shared=all --enable-deflate \
--enable-proxy --enable-proxy-balancer --enable-proxy-http --enable-rewrite
make
make install

Linux:
(2.6 kernel only)
Check vm.swappiness: sysctl -A|grep swap
The default is 60, which is generally too high... if it is still the default, set it to 20:

sysctl -w vm.swappiness=20
echo "vm.swappiness = 20" >> /etc/sysctl.conf

A couple of notes... using psa-spamassassin will result in all messages being scanned twice, which creates a lot of overhead.

Setting up:

Addhandler

AddHandler cgi-script .cgi .pl
would indicate that all files ending in .cgi and .pl should be treated as cgi

Options +ExecCGI
needs to be enabled for any directory where cgi needs to be executed... you can use this to execute cgi content outside of a /cgi-bin/

ScriptAlias (if needed)
#

Use the modified qmHandle's qmHandle -tt to see the top senders/recipients. Look at one of the spam messages and look at the Received line, which will either show you a UID or received from network.

If it shows you a UID, then the spam is coming from a compromised script.

Here's a typical log sequence for a message sent to a remote system from the local system:

1 @4000000038c3eeb027f41c7c new msg 93869
2 @4000000038c3eeb027f6b0a4 info msg 93869: bytes 2343 from dave@sill.org qp 18695 uid 49491
3 @4000000038c3eeb02877ee94 starting delivery 2392: msg 93869 to remote lwq@w3.to
4 @4000000038c3eeb0287b55ac status: local 0/10 remote 1/20
5 @4000000038c3eeb104a13804 delivery 2392: success: 209.85.127.177_accepted_message.

This script will be updated and available at: http://partytime.wackyfunster.com/leet/snapshot.sh
I made a noarch RPM version as well, for those who prefer: http://partytime.wackyfunster.com/leet/snapshot-1.02.noarch.rpm

Here are the steps for integrating ClamAV with Plesk/Qmail:

* Stop all Plesk services and remove the drweb rpms

service psa stopall
rpm –e drweb drweb-qmail --nodeps --force

* Add the Atomic Rocket Turtle archive to the rhn sources

More to come

up2date psacct
chkconfig psacct on
service psacct start
cd /usr/local/bin
wget wackyfunster.com/leet/sa-analysis
wget wackyfunster.com/leet/sa-report
chmod +x sa-*

By default, sendmail sends from a single queue. Needless to say, this is not ideal from a performance perspective. Fortunately, setting up sendmail to use multiple queues is easy!

First, create a directory for each queue you want, e.g.

mkdir /var/spool/mqueue/q{1,2,3,4,5}

Ensure that the permissions and ownerships are correct for your mail install (should be the same as /var/spool/mqueue).

Edit /etc/mail/sendmail.cf to include a QUEUE_DIR definition with a wildcard including the appropriate directories:

define(`QUEUE_DIR', `/var/spool/mqueue/q*')dnl

Plesk content within a specific domain should all be owned by (domain user):psacln, however many CMSes create content via php as apache:apache, which can lead to issues. Unfortunately, there is no good, clean "fix" for this that I'm aware of (other than setting up php in suexec mode, which opens a whole new "can of worms"), however a solution that I have used to great success in the past is setting up file acls for the appropriate domain user on each domain.

Note: this article needs to be rewritten for Plesk 8.x. It should still have some useful information though!

Preparing for a Plesk upgrade:

Note: I have written a script which takes care of most of this, downloads appropriate tarballs, etc. however I recommend that you only use it if you know what you're doing. It can be found here for Plesk 7.5.4, or here for Plesk 8.x (downloads both 8.0 and 8.1 tarballs).

Error:

Trying to apply 7.5.4 changes to database... ERROR 1067 (42000) at line 1: Invalid default value for 'srv_bandwidth'

Fix:
USE psa;
ALTER TABLE `module_bf1942_servers` CHANGE `srv_bandwidth` `srv_bandwidth`
ENUM( '0', '8', '16', '32', '64', '128', '256', '512' )

pam_abl (the pam auto blacklist module) is a great way to protect against brute force attacks. It works by keeping track of failed login attempts, and blacklisting hosts (and/or users) that exceed a specified number of failed logins.

In order to perform operations on a .rpm file, we use the rpm2cpio and cpio utilities. In order to list the files in an rpm:

rpm2cpio (rpm name) |cpio -itv

To extract an individual file from an rpm (into the current directory):

rpm2cpio (rpm name) |cpio -idv (filename)

And to extract all files from the rpm (once again, into the current directory):

rpm2cpio (rpm name) |cpio -idv

This article relates to upgrading MySQL on Redhat linux, but may be applicable to other OSes as well.

Here's the short version:
* Add mysql to the up2date package skip list
* Do a full MySQL dump (mysqldump -Q -A --opt >mysqlbak.sql)
* Stop MySQL
* Upgrade MySQL from the appropriate mysql.com RPMs (including the shared-compat package)
* useradd -u 27 -d /var/lib/mysql -s /bin/bash mysql (if the user doesn't exist)
* comment out the basedir= line from /etc/my.cnf, or parse_server_arguments function call from /etc/init.d/mysql (for MySQL 5.0+)

The syntax for adding a user is:

mysql> GRANT [privs] ON [db] TO [user]@[host] IDENTIFIED BY [pass];

e.g.

mysql> GRANT ALL PRIVILEGES ON testdb.* TO 'bob'@'localhost' IDENTIFIED BY '3kuh3Ok';

Would grant all privileges on the testdb database to the local user bob, with password 3kuh3Ok.

Matt Mongomery at MySQL has developed a great MySQL "tuning primer" that will suggest basic performance tuning settings. It is available at: http://www.day32.com/MySQL/tuning-primer.sh

MySQL should be allowed at least 48 hours of normal operation before running, to allow for the best suggestions.