Simple script for starting, reloading and stopping nginx.

Simple script for starting, reloading and stopping nginx.

For simple use put it in one of the folders listed when running.

echo $path

The script

#!/bin/bash
binpath=/usr/local/nginx/sbin

if [[ -z $1 ]]
then
$binpath/nginx
action=start
elif [[ $1 == "start" ]]
then
$binpath/nginx
action=start
else
$binpath/nginx -s $1
action=$1
fi

if [[ $? == 0 ]]
then
echo "$action successfull"
else
echo "$action failed"
fi

Then use it the following ways.

nginx
nginx start
nginx reload
nginx stop

A quick howto on mod_security rules.

e-sign-568474-m
no image caption

This howto does not cover installation of mod_security, it will only cover the finer points about rules and how to write your own custom ones ūüôā
A ModSecurity rule does consist of the following.

Always consult the reference manual when writing rules, it covers everything you need. https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual

Directive : Eg. SecRule for rules duh…
Scanfiler : REQUEST_URI or USERAGENT etc. full list here.
Scantarget : For example this can be googlebot when checking for useragent.
Action : What to do if filter fount a hit, Eg. Deny, Pass, Allow, log. It also has to contain a unique ID. full list here.

Some actions and scanfilters have prerequisites to work, and they are mostly documented in reference manual.
To start with you can add the following modsecurity rules in modsec config before including custom rules.

SecDataDir /tmp/sectmp
SecTmpDir /tmp
SecAuditLogDirMode 0777
SecPcreMatchLimit 1500
SecPcreMatchLimitRecursion 1500
SecCollectionTimeout 28800
SecRequestBodyAccess On
SecStreamInBodyInspection On
SecHashEngine On
SecRequestBodyInMemoryLimit 1310720

With this set you can forexample store connection ip adresses for up to 8 hours (28800 sec.) and to make a comparison you can say this is a form of session, which you can store session data upon.
With ModSecurity you can have a rule which store a variable on top of a ip, with this you can for example store how many times in the last 10 minutes someone has visited a page on you webpage.

Lets make an example like that.

First we need to start storing a “Session” for every visiting ip address.
This you can do with ACTION initcol like so.

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},id:1370

Then we can start storing information, lets say we will store how many times googlebot visit us total for up to 8 hours, when it will be reset.

SecRule REQUEST_HEADERS:User-agent "googlebot" "phase:1,nolog,id:1371,setvar:ip.counter=+1,pass"

We can then use this information to block googlebot requests if over 10 requests in last 8 hours.

SecRule ip:counter "@gt 10" "phase:1,log,msg:'googlebot has been blocked due to over 10 requests.',deny,id:1372"

You can also use AND in rules, in modsec this is done by using chains. Chained rules do not require ID.
Let say we will only block googlebot when it has over 10 requests and is visiting a specific file.

SecRule ip:counter "@gt 10" "phase:1,log,msg:'googlebot has been blocked due to over 10 requests.',deny,id:1372,chain"
SecRule REQUEST_URI "somefile.php" "t:none"

With this you should have grasped how modsecurity rules are written, and with the reference manual you can start doing magic ūüôā

Add custom build parameters for apache / php in cPanel.

In this example i will show how to install libvpx and compile php with vpx for webp support in php.

First we need to install the libraries from distros package repository.

yum install libvpx.x86_64 libvpx-devel.x86_64

Then we enter cPanels folder for custom options for easyapache.

cd /var/cpanel/easy/apache/rawopts

Then we need to make a file to add the options to, in this example we call it all_php5

nano all_php5

Then append the following text to file.

--with-vpx-dir

And now you can just recompile apache / php with easyapache and our cusom option will be compiled.

If you get any errors while running easyapache after adding a custom option like this its probably linked to missing library or not supported option for your version of php.
Check documentation on php.net.

Let nagios run binary as root under nrpe (non tty)

Enter edit mode for sudoers.

visudo

Add the following at the bottom.

Defaults:nagios !requiretty
nagios ALL = NOPASSWD: /usr/sbin/exim

And thats that.

Some explanation.

Normally   defaults requiretty  is set earlier in the file, which stops sudo from running while not under a tty (shell) we override this for nagios user by setting   defaults:nagios !requiretty as showed over.

Visudo is a command for opening /etc/sudoers in your distros default editor.

NOPASSWD does so command¬†does’nt need password to run sudo.

Add new harddrive to linux based vm while running

Scan for new disks, change hostX to active controller

echo "- - -" > /sys/class/scsi_host/hostX/scan

Check if system catched new disk.

fdisk -l

Add partition to new disk. change sdX with new disk identifier.

fdisk /dev/sdX
n (new partition)
p (primary partition)
1 (first partition)
[enter] (start at fist byte)
[enter] (end at last byte)
w (write changes)
Partition the new patition with a filesystem
mkfs.ext3 /dev/sdX#

Add automount of the new partition, edit and add to /etc/fstab.

/dev/sdX# /home2 ext3 defaults 1 0