ANDREW PENG

Here’s a handy set of instructions that you can use if you accidentally got yourself banned or locked out of the cPanel/WHM login interface due to repeated failed login attempts. This assumes that you have access to the server’s command line and root access to the MySQL server, and will clear the IP address blacklist and the locked user accounts list.

First log into your server, and select the cphulkd database:

mysql cphulkd;

Now you want to clear the IP address blacklist:

DELETE FROM `brutes`;

After clearing the IP address blacklist, you might want to also clear the account locks so you can log back in:

DELETE FROM `logins`;

An alternate way of gaining access back to the server is to add YOUR IP address into the whitelist:

INSERT into `whitelist` values (123.123.123.123);

Now you can exit the MySQL command line, and it should all be back to normal!

quit;

Thanks to Rocky and Butch over at Gillman Southwest Subaru, here’s my car on the road to recovery. Good news; after tearing the car down, they concluded there was actually no frame damage at all! Bad news is my rear driver’s side axle boot is torn. The axle itself appears to be fine, but no idea if the grease was contaminated.

When administering a Linux server, especially when several people share root access (with sudo, don’t give out that root password!) – it’s important to know when other root users are logged in. This is also a simple form of intrusion detection, since as soon as someone logs into the root shell an email will be dispatched out.

This only happens when the .bashrc file is executed; just using the “sudo” command will not trigger this, but “sudo su – ” will. I also used “chattr +i” to the .bashrc file to set the immutable bit, so the file cannot be modified or changed, not even by the root user. On my server, it also sends a text message to my phone as soon as someone logs in as root. The message will show the username that executed the sudo command, and the IP address that the user is remotely logged in from.

echo -e “`date`\n`who -m –ips|awk ‘{print $1″ “$5}’|sed -e ‘s|(||g’ -e ‘s|)||g’ -e ‘s|-|.|g’|cut -d: -f1`” | mail -s “root login alert” email@yourdomain.com

Here’s what the script outputs in the message that it emails:

Tue May 18 15:22:23 CDT 2010

username 123.123.123.123

Here is a little bit of shell script as a crontab that you can use to automate the checking of Ksplice kernel updates.  This particular one does the following:

1. Activates at midnight every day, server time
2. Checks if there are updates
3. If there are updates available to the kernel, to automatically apply the update
4. Once the update is applied, email the updates applied to the specified email address “youremail@address.com”

This script does not output anything if there are no updates to apply. Happy scripting!

0 0 * * * uptrack=`/usr/sbin/uptrack-upgrade -y`; uptrackCheck=`echo $uptrack | grep -o "Nothing to be done."`; if [[ $uptrackCheck != "Nothing to be done." ]]; then echo "$uptrack" | mail -s "Ksplice kernel upgraded" youremail@address.com; fi;

Some things that you can do to make it more interesting:

• Also have it send you a text message on your phone, by emailing the SMS gateway of your service provider
• Check more often, by modifying the crontab entry (don’t make it too often that you get blacklisted for abuse!)

iPhones are nice. I like my Touch Pro 2 though.

Some jerk ran into my car while I was at a party, then took off. Since everyone was inside or in the backyard, no one actually saw who did it. My insurance doesn’t have uninsured motorist collision coverage, so it’s all going to be out-of-pocket.

Edit: Just got a call back from the body shop. The estimated bill is going to be $6200 for the repairs. Minor frame damage, but the body shop says this kind of frame damage is easily repairable and shouldn’t be a concern, once fixed properly.