Check latest version of EasyApache
/scripts/easyapache --latest-versions
Update cpanel
/scripts/upcp
Verify License
/usr/local/cpanel/cpkeyclt
Check what account owns a domain
/scripts/whoowns domain.com
Check cpanel users virtualhost information (deprecated as of 11.38)
/scripts/uf cpaneluser
Do the hostname check
/scripts/ipcheck --verbose
Disable/enable
/usr/local/cpanel/bin/cphulk_pam_ctl --disable
/usr/local/cpanel/bin/cphulk_pam_ctl --enabled
Clear the cphulk db manually
mysql
connect cphulkd;
delete from brutes;
delete from logins;
quit
Regenerate default service SSL's
Re-run all stats for the users:
for each in `ls /var/cpanel/users|grep -v system`; do echo $each; /scripts/fixwebalizer $each; done
Check for spam being sent from Authenticated users
for each in find /var/spool/exim/input/ -type f -name "*-H" ; do egrep "auth_" $each && egrep "To: " $each && egrep "Subject: " $each && echo $each | cut -d "/" -f 7- | cut -d "-" -f -3 && echo ;
donecat /var/log/exim_mainlog|grep -v '/var/spool/exim'|grep -v 'exim -bpc' | egrep '/home/user
grep -i "term" /var/log/exim_mainlog | awk '{print $1 " " $3}' | grep -v SMTP
Check for email account password changes (Password change audit)
grep passwdpop /usr/local/cpanel/logs/access_log | grep HIDDEN | sed "s/\(.*\)\"GET .*email=\(.*\)&domain=\(.*\)&.*&.*/\1\2@\3/g"
Additional scripts for spam investigation/email issues
grep -A 1 'cwd=/home' /var/log/exim_mainlog | egrep -B 1 "<=" | grep -A1 boudreau
egrep -o '([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}' /var/log/exim_mainlog | grep --file=<(awk -F: '/[.]/{print $1}' /etc/userdomains) | sort | uniq -c | sort -nk 1
grep -i "gmail" /var/log/exim_mainlog | awk '{print $1 " " $3}' | grep -v SMTP
grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n
Determining spam source
Tracking outbound spam
How to turn it off for a single domain
echo "
<IfModule mod_security.c>
SecFilterEngine Off
</IfModule>
" >> /usr/local/apache/conf/userdata/std/2/cpaneluser/domain.com/mod_security.conf
/scripts/ensure_vhost_includes --user=cpaneluser
A semaphore is an inter-process communication tool that is used by Apache to communicate with its child processes. Semaphore marks memory locations as locked and may not release it upon completion of process. In most case, if parent process dies before the child.
semaphores - ipcs -s | grep apache | cut -d " " -f2 | xargs ipcrm sem
ipcs -s | grep nobody | perl -e ‘while (<STDIN>) { @a=split(/\s+/); print `ipcrm sem $a[1]`}’
To list Apache Modules
/usr/local/apache/bin/httpd -D DUMP_MODULES
/usr/local/apache/bin/httpd -l
mysqladmin proc | sed -e 's/|//g' -e '/-/d' | awk '{print $2}' | sort | uniq -c | sort -nk 1
Show the current PHP handler for Apache
/usr/local/cpanel/bin/rebuild_phpconf --current
Set PHP handler
/usr/local/cpanel/bin/rebuild_phpconf DEFAULTPHP PHP4_Handler PHP5_Handler SUEXEC
To set PHP 5 as the default PHP version, set no handler for PHP4, set suphp for PHP5 and enable suexec you would run the following
/usr/local/cpanel/bin/rebuild_phpconf 5 none suphp 1
Find backups for all users
awk '{ print $2 }' /etc/trueuserdomains | sort | uniq | while read user ; do find /backup/ -type f -print; done
New backups script for cPanel
/usr/local/cpanel/bin/backup
Package all accounts on the server
for i in $(ls /var/cpanel/users | cut -d / -f 5); do /scripts/pkgacct $i /backupfolder; done
List all users under /home
exec ls /home/ | sed 's/\([0-9]\+\).*/\1/g' | sort -n
As of cPanel & WHM Version 11.38, system administrators can remove all bind mounts for a particular user with the following command (replace username with the cPanel user's name):
/usr/local/cpanel/3rdparty/bin/perl -MCpanel::Filesys::Virtfs -e 'Cpanel::Filesys::Virtfs::clean_user_virtfs("username");'
Look for files uploaded/POSTed to a users account
grep POST /etc/httpd/domlogs/USER/*