This is part third and final part in my PHP command line tutorial series. If you didn’t see parts 1 and 2:

Command Line PHP: Part 1

Command Line PHP: Part 2

More File and Disk Functions

Getting Disk Space and Usage

The disk_total_size and disk_free_space functions can tell you how much disk space you have and how much is available, respectively:

$disksize = disk_total_space("/");
$size = round(number_format($disksize / 1024 / 1024 / 1024, 2));

$diskfree = disk_free_space("/");
$freesize = round(number_format($diskfree / 1024 / 1024 / 1024, 2));

echo "Total Disk Size: $size GB\n";
echo "Free Disk Space: $freesize GB";

Finding Files

A little-known function called glob works sort of like the locate command, in that it will find files that match a certain string, but it only looks in the current folder and is not recursive. For example, the below code will search for all files in the current folder that end with .txt:

foreach (glob("*.txt") as $file) {
echo "$file size " . filesize($file) . "\n";
}

You can also use something like this example to run as a loop and recursively search through folders.

Getting File Path Information

The famous pathinfo function can give you information about a file on your system:

$file = "/etc/php5/cli/php.ini";
if(file_exists($file)){
$info = pathinfo($file);
print_r($info);
}

This will print out an array like below:

Array
(
[dirname] => /etc/php5/cli
[basename] => php.ini
[extension] => ini
[filename] => php
)

Which you can echo out values to and use in your scripts, for example:

$file = "/etc/php5/cli/php.ini";
if(file_exists($file)){
$info = pathinfo($file);
$dir = $info[dirname];
chdir($dir);
echo "Changed directory to" . getcwd();
}

There are also similar functions that will provide the same information, individually:

$file = "/etc/php5/cli/php.ini";

echo "Absolute File Name: " . realpath($file) . "\n";
echo "File Name: " . basename($file) . "\n";
echo "File path: " . dirname($file) . "\n";

This will return:

Absolute File Name: /etc/php5/cli/php.ini
File Name: php.ini
File path: /etc/php5/cli

Some Random Script Fragments and Functions

Prompt a user for input:

fwrite(STDOUT, "Hello...\nWhat is your name? ");
$name = trim(fgets(STDIN));
fwrite(STDOUT, "Hello, $name!\n");

Print out your username and date:

$me = exec('whoami');
echo "Hello, " . $me . " The time is currently " .date("r") . "\n";

Generate random strings and passwords:

echo crypt("mypassword","randomsalt");
echo md5("mypassword");

Random password, variable length:

function randomPass($length) {

$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;

while ($i <= $length) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}

return $pass;
}

$password = randomPass(10);

echo "Your random password is: $password";

List loaded PHP extensions, check is specific extension is loaded:

$extensions = get_loaded_extensions();
foreach ($extensions as &$value) {
echo $value . "\n";
}

if (!extension_loaded('gd')) {
echo "GD extension is not loaded";
exit;
}

Get Server’s CPU Load:

$load = sys_getloadavg();
echo "Current: " . $load[0] . "\n";
echo "5-min: " . $load[1] . "\n";
echo "15-min: " . $load[2] . "\n";

Get PHP memory limit and convert to human-readable format:

function convert($size)
{
$unit=array('b','kb','mb','gb','tb','pb');
return @round($size/pow(1024,($i=floor(log($size,1024)))),2).' '.$unit[$i];
}
echo convert(memory_get_usage(true));

Some Useful Links/Tutorials

Command Line PHP Tutorial
Simple System Maintenance with PHP-CLI – Simple System Maintenance with PHP-CLI
Command Line PHP (IBM)
Running Daemons in PHP
PHP Class for Coloring Command Line Output
PHP Command Line Progress Bar

This post is continuing on my three-part series on command line PHP programming. Missed part one? It’s right behind you. This part will go over command execution and processes.

Command Execution

Let’s start with the basics – you need to execute an arbitrary command from your PHP script. The exec, shell_exec, passthru, and system functions will take care of this for you:

exec("/usr/bin/perl /scripts/myscript.pl");

will do about the same thing as:

system("/usr/bin/perl /scripts/myscript.pl");

and

shell_exec("/usr/bin/perl /scripts/myscript.pl");

So what’s the difference between the three? A little, but not much. The system function will place the output of the command in an output stream, and display the results whether you tell it to or not. However, it’s mostly useful to return a yes or no output (in the form of 1, 0, or -1) based on the exit code of the command it was executing. For example, the below script views the /proc/cpuinfo file and outputs a boolean value on whether the command executed:

$cpuinfo = system("cat /proc/cpuinfo",$exitcode);
echo $exitcode;

I could then use the boolean value to write an if statement, which is more accurate because I’m basing the condition on the output of the command itself rather than PHP returning output based on the fact that the command ran, ignoring errors the command may have posted:

if($exitcode == 1){
echo "Command executed, but finished with errors";
}

The annoying part with the system function though is that it doesn’t suppress the output of the command itself, but rather sends it directly to the output stream. What if you want to format the output of the command? Then you would use exec. Below is an example of using the exec command to list the contents of a folder and only output .tar files (using substr to split the string)

$dir = exec("ls .",$output);
foreach ($output as $file)
{
if (strtolower(substr($file, -4)) == '.tar')
echo "$file\n";
}

The shell_exec function allows you to emulate a shell environment. For example, in Linux you have a choice of shells like sh, bash, and ksh that, allow you to do things such as while loops. Using shell_exec is about the same as using the backtick operator, which is generally how you’re run commands within a Perl script:

$output = shell_exec('ls nonexistentfile 2>&1 1> /dev/null');

// Does the same as

$output = `ls nonexistent file 2>&1 1> /dev/null`l

Finally, there’s the passthru function which, when invoked, immediately displays raw ouput of the command being executed. This is intended for browsers, to display binary data such as images, and not necessarily something you’re use on the command line:

header('Content-Type: image/jpg');
passthru('cat /home/user/public_html/images/image.png');


A Word on Security

A lot of hosts block command execution functions with the disable_functions setting in php.ini or by using safe mode, and for good reason. A lot of malicious scripts contain code with executable functions, and especially when the value of command or argument is passed as a variable, the results can be destructive. Here’s an example of a simple script that lists files, that accepts a folder name as a argument:

$folder = $argv[1];
exec("ls $folder");

We’d have a security problem if someone passed this as the first argument for $folder:

myfolder && cat /etc/shadow

To prevent this, PHP has built-in functions to escape shell arguments and commands, in order to prevent things that could be dangerous:

escapeshellarg: Encloses command arguments in single quotes so the argument is passed as one string:

exec('ls '.escapeshellarg($folder));

escapeshellcmd: Escapes characters that can be used to trick a shell command (like the && I used to execute cat)

Process Management & POSIX

PHP has internal  functions that allow you to manage processes, such as proc_open, proc_close, etc. However, I admit that these tend to be difficult to learn an understand, while posix functions tend to do the job with less hassle.  Posix functions are basically system-level functions. In the below script, I’m going to change the user that the script runs as, view simple information about the process, then start a counter to 1 million but kill it when it reaches 50:

$user = posix_getpwnam($vnessa5);
posix_setuid($user['uid']);
posix_setgid($user['gid']);
$pid = getmypid();

print_r(posix_times());
echo "Script owner: ". get_current_user() . "(" . getmyuid() . ")\n";
$i=0;
while( $i < 10000000 ){
$i++;
if($i == 50){
echo "Reached 50 - killing!";
posix_kill($pid,1);
}
}

Similarly, posix_getpid and getmypid do the same thing. If the script is a child of another process, you can get the parent process’s ID with posix_getppid. The getrusage function can also be used to get more informative information than posix_times. To kill a process, you can see I used posix_kill, with the process ID and exit code as arguments. This is what happened when I ran the script:

Array
(
[ticks] => 1279790432
[utime] => 0
[stime] => 0
[cutime] => 0
[cstime] => 0
)
Script owner: root(0)
Reached 50 - killing!Hangup

Keep in mind that in most situations, using die() to bail out of a script is more appropriate that using kill. I could rewrite that part of the code to say this instead:

die("Reached 50 - Bailing out!);

I also found a nice post on running background processes, that you might want to check out here.

Environmental Variables

Environmental variables tend to be a major part of command line scripting, and is something that is part of PHP as well. Let’s start with defining an environmental variable with putenv and retrieving it with getenv:

putenv("PATH=/fakebin");

if(!exec("test testdir")){
echo "Could not execute test - path is " . getenv('PATH') ;
}

In the above script, I set the $PATH environmental variable to /fakebin, so when I went to execute the ‘test’ command (which is a valid Linux command located in /usr/bin/test), the scirpt could not find it since the command was not in /fakebin. This is about the same as setting the $PATH environment in a user’s .bashrc file. Keep in mind that the variable change lasts as long as the script does – after the script exits, the environmental variable is returned to its normal state. You can use getenv to pull any environmental variable, similar to the $_SERVER superglobal.

A nice function for getting information about the current server is php_uname. You use it about the same way as the uname command in Linux:

echo php_uname();

Will return:

Linux server.v-nessa.net 2.6.18-028stab064.7 #1 SMP Wed Aug 26 13:11:07 MSD 2009 x86_64

You can further filter the output using the same arguments as uname, for instance, if I only need the server name:

echo php_uname(n);

PHP 5.3 also introduces a void function called gethostname which will get the hostname of your machine as well.

The Server Superglobal

The $_SERVER superglobal is used to get environmental variables pursuant to the server and environment for the script you are running.  While it’s normally used in web applications, some of the values can be used for command line scripts as well:

echo "This file's name is " . $_SERVER['PHP_SELF'];

So you’ve made it part two of the series. Stay tuned for part three, which will go over specific system-level tasks and functions, with useful code snippets.

Next: Command Line PHP: Part 3

PHP isn’t just for websites anymore. In fact, almost every script I’ve written to perform server-side functions is either written in bash or PHP, rather than Perl or Python as preferred by my colleagues. It’s a common belief that PHP isn’t suited for CLI programming since it’s mainly used in web applications, but PHP has over a hundred functions specifically intended for system management.

These kinds of posts can be rather lengthy, so I’m making this into a series with three parts.  Part 1 will go over the basic filesystem functions. You can find a complete listing here, but I’ll just go over a few of the more important and common ones.

The hashbang

As with any CLI script, the first line of your PHP script should contain the executable binary for PHP. You can usually find this by running:

which php

On my server the location is /usr/bin/php, so here’s the first line of my script:

#!/usr/bin/php

If you installed PHP in a custom location, you’ll need to specify that binary instead. You can also specify command line options like -f, -c, etc.  Then set the permissions of your script to 755 to allow it to execute.

Accepting arguments with PHP

A major part of CLI scripting is the ability to accept arguments. For this, we’ll write a simple script called asl.php which will parse my name, sex, and location as arguments:

[nessa@server] ./test.php 23 female virginia

Here’s the script:

#!/usr/bin/php
<?php

print_r($argv);

?>

The $argv variable is native, and parses as an array. So running this script will produce the following output:

Array
(
[0] => ./asl.php
[1] => 23
[2] => female
[3] => virginia
)

So if I only wanted to echo out my age, I can use the following code:

echo $argv[1];

If you notice, there are four values instead of the three that I passed. As with most scripting languages, PHP considers the filename as the first (0) variable. To remove the first variable, use the array_shift function:

array_shift($argv);

This means now that using value #1 as shown in the example above will output “female” instead of 23, making the command line order more correct, but this tends to be confusing for some people since it makes the first value 0 instead of 1. I usually prefer NOT to shift the array unless having the file name in there is going to adversely affect the intended functionality of the script.

From here ( keeping in mind that I’m not shifting the array anymore), I can assign the arguments to variables and access them from the script:

$age = $argv[1];
$gender = $argv[2];
$location = $argv[3];
// echo out the values
echo "Hello, I am $age-year-old $gender from $location";

In some cases you may want to validate the number of arguments passed, or what they contain. For instance, the below example is requiring that all three variables are passed (however, the code says four, since you have to include the script name as the first “argument”, as mentioned before):

if ($argc != 4) {
die("Usage: asl.php <age> <gender> <location>\n");
}

You can of course specify less than (<) or greater than (>) values operators.  In the next example, I want to make sure that the “age” argument is a number:

if (!is_numeric($age)){
die("$age is not a number");
}

I’m sure by now you get the idea =)

PHP File and Folder Management

Creating files and folders, and checking their accessibility

Continuing my above example, I want to end up with a file in /opt/app/users called “users.txt” that contains a list of all the output of asl.php. I first need to see if  /opt/app/users exists using the is_dir function, and if it doesn’t, create it with mkdir, then enter into that directory with chdir:

$dirname = "/opt/app/users;
if(!is_dir($dirname)){
mkdir($dirname, 0755);
}
chdir($dirname);

What if /opt/app doesn’t exist and I need to create the entire structure? The mkdir function has a recursive flag that is set to false by default, but can be enabled as so:

$dirstructure = "/opt/app/users";

if (!mkdir($dirstructure, 0, true)) {
die('Failed to create folders!');
}

Now that the folders are created and verified, I use file_exists and is_readable to make sure that my users.txt file is there and can be seen. If not, we’ll use one of the file functions to create it:

$cwd = getcwd();
$filename = $cwd . "/users.txt;
if(file_exists($filename) && is_readable($filename)){
echo "File Exists and is readable";
}else{
echo "File does not exist or is not readable";
touch($filename);
}

If you notice, I added the getcwd function to look for a file called users.txt in my current directory. If you need to see whether a file is executable instead of readable, you can simply use the is_executable function, or to see if it’s writable, use is_writable:

$filename = '/opt/app/users/users.txt';

if (!is_executable($filename)) {
echo $filename.' is not executable';
}
if (!is_writable($filename)) {
echo $filename.' is not writable';
}

Note that the result of these commands is based on the user running them. For instance, if the file is owned by the user root and is set to 600 permissions (root read/write only), but the user ‘user1′ is running the script, the tests in the above lines of code will fail since that user does not have permissions to the file in question.

Creating and deleting files

There are a few functions you can use to create files with PHP. Here are the most commonly used: fopen, file_put_contents, touch, If you want to delete a file, simply use unlink.  In the below example

$filename = "/opt/app/users/users.txt";
unlink($filename);


Unlink is not to be confused with the opposite of symlink, which creates a symbolic link  (shortbut) between files:

symlimk("/opt/app/users/users.txt", "/home/nessa/Desktop/users.txt-shortcut");

And rmdir will remove a folder:

if (!is_dir('temp')) {
mkdir('temp');
}
rmdir('temp');

Writing to files

The most common way to write to files is using the fopen function. Using my original example, asl.php is going to write the values of the arguments to a file called users.txt:

$filename = "/opt/app/users/users.txt";
$fh = fopen($filename, 'w') or die("can't open file");
$data = $age . $gender . $location;
fwrite($fh, $date);
fclose($fh);

Reading contents of a file

If you want the script to read the file, you can use a number of function such as readfile, file_get_contents, fopen, fread, and file. The actual function you would use depends on what you’re planning on doing with the data. If you simply want to display the contents of the file as a string:

$filename = "/opt/app/users/users.txt";
$data = file_get_contents($filename);
echo $data;

Will display:

23 female virginia

If you need a more programmatic way of displaying the data, such as reading each column as a set of values (like if you’re inserting all this into a database), you’d use the file() function which will load the contents of the file into an array. Here’s a simple loop that echoes out each line in the file:

$filename = "/opt/app/users/users.txt";
$lines = file($filename);

foreach ($lines as $line_num => $line)
{
print "{$line_num} : " . $line . "\n";
}

Reading contents of a folder

You can use the opendir function to run a loop and read the contents of a folder:

// open the current directory by opendir

$dirname = "/opt/app";
$handle=opendir($dirname);

while (($file = readdir($handle))!==false) {
echo "$file \n";
}

closedir($handle);

Changing permissions and ownership:

In the above example where I was checking to see if the file was readable, I didn’t actually specify anything to address permissions – instead, I just created the file. To change the permissions or ownership of files, you can use the chmod and chown functions.

$filename = "/opt/appf/users/users.txt";
$username = posix_getpwuid(fileowner($filename));

// Get the octal value of permissions
$perms = substr(sprintf('%o', fileperms($filename')), -4);

if($username[name] != "nessa" && $perms != "0755" ){
chmod($filename, 0755);
chown($filename, "nessa");
echo "Permissions fixed";
}else{
echo "Permissions are correct";

If you want to change the umask (that is, the default permissions of files created by the script), you can use the umask function – which actually revokes permissions instead of setting them.

Copying, moving, and renaming

Say I want to rename the /opt/app folder to /etc/app. I’d use the rename function as so, validating on whether of not it was renamed successfully:

if(!rename("/opt/app","/etc/app")){
echo "Rename failed";
}

You can also use the copy function to copy files, noting that if the “new” file or folder already exists, it will be overwritten.

if(!copy("/opt/app","/etc/app")){
echo "Copy failed";
}

User and File information

Getting user and group data

The fileowner function as shown above will return the UID of the file, but I specified the username. You can use posix_getpwuid to return an array with the user’s information in a more usable format:

Array
(
[name] => nessa
[passwd] => x
[uid] => 1000
[gid] => 1000
[gecos] => Vanessa V.,,,
[dir] => /home/nessa
[shell] => /bin/bash
)

So you can simply echo out the array values of $username based on the keys. For example, to get the shell of the user in the above example, simply echo to the ‘shell’ key from the $username array:

echo $username[shell];

If you want to get group information for a file, you can use the same method, but with filegroup and posix_getgrgid:

$filename = "/opt/app/users/users.txt";
print_r(posix_getgrgid(filegroup($filename)));

Getting file information

You can also get information about a file using the stat or fstat functions, which return the results to an array:

$filename = "/opt/app/users/users.txt";
$stat = stat($filename);
print_r($stat);

Will return a giant array of information for the file. If you only want to return one value, say, the size, echo it out like you would a normal array:

echo $stat[size];

So here we’ve finished the first part of PHP command line scripting, which covered the use of files, folder, and users. The next parts will go over command execution and process management.

See: Command Line PHP: Part 2, Command Line PHP: Part 3

Those of you who are regular readers of my blog know that I’m a huge fan of open source software. I don’t think it’s smart for people to drop upwards to thousands of dollars on software unless they have that kind of money to waste, or have a need that isn’t being met by the open source community.  And then there are the less legal alternatives, which I’m not against, but then again I can’t promote them here, either =)

So here’s a nice list of open source alternatives for people who want to save money by using open source software.

1) Use Linux instead of Windows

The transition from Windows to Linux is not as hard as you may think it is. When people think Linux, they think of an ugly black and white command prompt. This may be true if you’re thinking of running Linux as a server, but as a desktop you have a GUI similar to Windows and Mac, in the form of KDE or Gnome.  If you have applications that require Windows, you can usually run them by installing a program called Wine.  It can take a little getting used to, but for those buying a new PC or refurbishing an old one, Linux is the route to go if you want to save money and get better performance, security, and stability than you’ll ever get with Windows.  For newbies, I’d recommend Ubuntu or Fedora.

2) Use Gimp instead of Adobe Photoshop

Adobe Photoshop will run you between $700 and $1000, maybe less if you purchase from an independent software distributor. If that’s a little steep for you, consider using Gimp instead. It has a lot of the same functionality of Photoshop, and can read files created in Photoshop (.PSD) as well.  My sister is a photographer and just when she thought she was used to Photoshop, I introduced her to Gimp so she can do her photo editing outside of school, and she said it does as good of a job as Photoshop does. Similarly, I hear that Inkscape makes an excellent alternative to Adobe Illustrator.

3) Use OpenOffice instead of Microsoft Office

My Dad, who has headed the IT department of his company for years, didn’t believe me when I told him that the thousands his company was spending on Microsoft Office licenses every couple years could be a waste of money, since OpenOffice has the same kind of functionality. The base package of OpenOffice contains alternatives to Word, Excel, PowerPoint, and Access, all of which have the same familiar interfaces and support for files created in their proprietary alternatives, but without the expensive licensing costs and resource requirements. The  software in OpenOffice also has a number of features that the other does not.

4) Use Thunderbird or Evolution instead of Outlook

Outlook sucks. I can’t tell you how many calls I got about it when I was in technical support, where email would suddenly stop working and the customer wouldn’t want to believe that their beloved Outlook was the problem. It usually comes bundled as part of the Microsoft Office suite, but you can buy it standalone. Why would you want to? Thunderbird is free, and a lot more efficient, feature-rich, stable, and secure than Outlook. Love the Outlook feel? Evolution is the Linux alternative to Outlook, only it doesn’t suck as much.

5) Use ClamAV or AVG Instead of Norton, TrendMicro, or McAfee

I’ve heard from many people that even though ClamAV is free, it’s better than its leading enterprise alternatives. It also works on Windows (Via ClamWIN) and Linux. Need a firewall too, but don’t want the steep cost of Norton Personal Firewall? Consider APF or Smoothwall.

6) Use Turbocash instead of Quickbooks or Microsoft Money

I personally haven’t used Quickbooks before, but I heard it’s comparable to Turbocash, which is perfect for smaller organizations or individuals needing software for finance management.

7) Use VirtualBox  instead of Microsoft Virtual PC, VMWare, or Parallels Desktop

I generally used Virtual PC in the past to play with other operating systems, but you may find a use for it if you’re a software developer or you have applications that work on one OS but not another. Virtual PC usually ends up being free quite some time after its initial release, but it only runs on Windows. VirtualBox is open source and runs on Linux, Mac, and Windows, and supports a large variety of guest operating systems.

8) Use OpenVZ instead of Virtuozzo

Virtualization with something like Virtuozzo isn’t the same as using something like VirtualBox in terms of mass-management of virtualized servers. If you’re offering VPS hosting or need to run multiple servers on one, you’ll want to use something like Virtuozzo.  Virtuozzo may be the best, but OpenVZ doesn’t fall far behind at all…and it doesn’t carry the multi-thousand dollar licensing costs.

9) Use OpenWorkBench instead of Microsoft Project

I’ve always found web-based software like dotProject to be more effective for project management, but if you need a more local solution for your PC, try Workbench instead of spending dough on Microsoft Project.

10) Use Partimage instead of Norton Ghost

Norton Ghost will generally cost around $70, but Partimate is free and essentially does the same thing. I’ll mention though that Norton Ghost only works on Windows, and Partimage only works on Linux. So Partimage is something you’d consider using if you’re switching from Windows to Linux and can’t use Norton Ghost anymore.

I can think of a few things that are wrong with that title but in all seriousness…don’t you ever wonder where cPanel stores the config changes that you make in WHM?  Automation is the key nowadays, and lately that’s required me to get a little down and dirty with cPanel to find its deepest secrets. *This information is not official documentation, nor is it backed up by cPanel or set in stone.  In other words, don’t blame me if you mess up your server.

These are files that store the information read and used by WHM (as of 11.23.6)

• The Book of Eli movie

• IP addresses: /etc/ips
• Reserved IPs: /etc/reservedips
• Reserved IP reasons: /etc/reservedipreasons
• IP address pool: /etc/ipaddrpool
• Access hash (WHM remote access key): /home/user/.accesshash or /root/.accesshash
• cPanel update preferences: /etc/cpupdate.conf
• Basic cPanel/WHM setup:  /etc/wwwacct.conf
• System mail preferences: /etc/localaliases
• Exim open relay list: /etc/alwaysrelay
• Server-wide max emails per hour: /var/cpanel/maxemailsperhour
• Tweak settings: /var/cpanel/cpanel.config
• Packages: /var/cpanel/packages/
• Features: /var/cpanel/features/
• User data: /var/cpanel/users/ and /var/cpanel/userdata
• Apache templates: /var/cpanel/templates/apache(1,2)
• Exim config template: /etc/exim.conf.localopts
• Exim mail IPs: /etc/mailips
• rDNS for mail ips: /etc/mail_reverse_dns
• Clustering: /var/cpanel/cluster/root/config
• Service manager: /etc/chkserv.d
• Users and their domains: /etc/userdomains
• Users and their main domains: /etc/trueuserdomains
• Users and their owners: /etc/trueuserowners
• Main cPanel IP: /var/cpanel/mainip
• cPanel version: /usr/local/cpanel/version
• Resellers: /var/cpanel/resellers
• Reseller nameservers: /var/cpanel/resellers-nameservers

These are a few scripst that you can use to achieve the same  results of their WHM equivalents:

• Initialize quotes: /scripts/initquotas
• Compile Apache: /scripts/easyapache  (you can pass additional options – see EasyApache 2 docs)
• Update cPanel: /scripts/upcp
• Enable/disable tweak settings: /scripts/smtpmailgidonly on|off
• Change PHP API and suExec settings: /usr/local/cpanel/bin/rebuild_phpconf
• Suspend an account: /scripts/suspendacct <user> <reason>
• Terminate an account: /scripts/killacct <user>

Obviously there are a ton more, and just about anything done in WHM can be done directly on the server.  The main things to remember:

Scripts are mainly stored in /scripts and /usr/local/cpanel/bin

Data files are in /var/cpanel

Config files are in /etc/ and /usr/local/cpanel

Chkservd is the service in cPanel that checks to make sure that services are running, then restarts them if necessary. It’s also responsible for the ‘Service Manager’ section in cPanel, which is an interface where added services can be easily checked on and off.
To add a new service, create a line in /etc/chkserv.d/chkservd.conf in the same format as the others:

service:1

1 means the service should be enabled, 0 means it’s off.
In /etc/chkserv.d each service has its own file. Create a file called as the name of the service you are monitoring. The contents of the file are in the format of:

#SERVICE = PORT, SEND, RESPONSE, RE-START COMMAND

There are two ways that cPanel checks services with chkservd:

• Connection-based monitoring – By default, cPanel will try to connect to the service’s specified port, issue a command, and if a response is received within 10 seconds it will consider the service to be online. For instance, FTP:

service[ftpd]=21,QUIT,220,/scripts/restartsrv_ftpserver

• Process-based monitoring – cPanel will check for a specific process to determine whether it is online. For instance, named:

service[named]=x,x,x,/scripts/restartsrvr_bind,named,named|bind

If you have more than one restart command, you can separate them with semicolons in order of preference that they should be run. Output of these commands will be logged to the chkservd.log
After you’ve created the service’s configuration file, restart chkservd:

/etc/init.d/chkservd restart

You should then see the service listed in WebHost Manager in the ‘service manager section’
Chkservd logs are in /var/log/chkservd.log. Checks are done every 8 minutes, and everyone online service gets a +, offline services get a -. If the service is determined to be offline, the restart command(s) specified in that service’s chkservd configuration file is issued and the output is logged.

If you don’t even have chkservd installed, it’s probably missing and you need to install it.

We use Fedora in my Linux classes at school, so I was equally pissed off of when I found out that the stock firefox installation doesn’t support ssl…in other words you can’t get to secure pages. Since the entire schooli ntranet is on a secure connection it pretty much sucks when you can’t access your email and assignments. I was the only person in the class who was able to fix this and be able to finish my shit during class instead of doing it for homework.

The error you get when accessing secure pages in Firefox on Fedora is:

Unexpected response from server
Firefox doesn’t know how to communicate with the server.

You can fix this in three commands:

yum update nss (or yum install nss, if it’s not installed)
yum remove firefox
yum install firefox

I often worry about my PC at work — it’s about 3 or 4 years old now and I’ve already crashed it twice by running Ubuntu updates and not letting them finish. Luckily I have my home drive mounted as a separate partition so reinstalling the OS isn’t a huge inconvenience aside from having to reinstall all my apps.

After doing some googling I came across SBackup, which is a simple backup program to back up whatever on your system to wherever you want to keep your backups — without having to configure a script.

First, install sbackup via apt-get, yum, or whatever other package manager you use:

$ sudo apt-get install sbackup

Then open the backup manager under System > Administration > Simple Backup Config

Now, I used the custom backup settings because I didn’t want to back up everything on my system — all I’m concerned about is everything in my home directory, such as my Documents, email, and porn browser settings. To select what you want backed up, go to the Include tab and Add Directory or Add File to include files and folders in your backups.

Naturally there are some files within your selected folders that you don’t want to back up, like your trash and cache. You can add those under the Exclude tab.

Next set your timing — I did ‘precisely’ every day at 5pm when I won’t be here to experience the extreme lag of my 14G home directory being tarred up. As for the Purging options, I chose Logarithmic so that I don’t have old backups that I don’t need — I only need the backups in case my PC crashes and I lose everything, so I don’t care about backups from two weeks ago.

The destination part is where you want your backups to go. The default is /var/backup, but if your PC crashes, that isn’t going to be very convenient for you. Therefore one of the two options should be the one you go with:

- Custom local directory: If you have a floppy disk (which I pray you do not) or a USB drive, you can usually find those in the /media directory and have those mounted to copy your backups

- Remote directory: If you have FTP or SSH access to a remote server, you can have your backups uploaded. The syntax is simple:

ssh://user:password@serverip:/remote/dir

After you have everything configured, save your settings and hit Backup Now! to run a test and make sure everything is working.

The company just bought our department brand hooked up PC’s that include ATI Radeon dual output graphics cards with massive monitors.  This is probably the only time I’d willingly admit that Windows came out ahead, as I spent a good 2 days trying to get my dual monitors to work with Ubuntu.  I finally got it figured out and I’m embarrassed to say that the answer was in front of my the whole time — a fucking GUI!  Anywho, those of you who are having trouble with this as well, here’s what I did to make it work:

My setup:

• Dell Vostro 200, Dual Core Intel CPUs, 2 Gb RAM
• ATI Radeon HD 2400 dual output graphics card (both monitors plugged into card)
• Two Dell 17” monitors

So first, shimmy over to http://ati.amd.com/support/driver.html and select your distro and card model, and download the file to your desktop.

In Terminal, chmod +x ati-driver-installer-<version>.run

Select Linux x86 installation, automatic

After the installation is complete, run:

sudo aticonfig –initial

Reboot.

After reboot, run fglrxinfo and you should get something like this describing your card:

OpenGL vendor string: ATI Technologies Inc.
OpenGL renderer string: ATI Radeon HD 2400 PRO
OpenGL version string: 2.1.7537 Release

At this point you probably see that both monitors are enabled, but are mirroring each other.  If you don’t, you might need to manually active the second:

sudo aticonfig –query-monitor

Use the output of that command and run:

sudo ati-config –enable-monitor=<result1>,<result2>

Replace result1 and result2 with the output of the first command.  Possible results are: none, crt1, crt2, lvds, tv, fmds1, tmds2

If the enable works, make it permanent:

sudo aticonfig –force-monitor=<result1>,<result2>

When both your monitors are up (whether they look how you want or not), in your GNOME gui, go to Applications > ATI Catalyst Control Center. This is where you configure how you want your dual monitors to act.

In Display Manager, set the dropdown to two monitors and change the Display Mode to “Big Desktop” — this will enable both monitors as one long desktop that you can drag your mouse and windows between.  You can also go ahead and set your resolution.

And there you go — easy dual monitor setup for Ubuntu 7.10!

UPDATE: Major issues with graphics after I upgraded to 8.10 – I found these instructions which worked:

http://wiki.cchtml.com/index.php/Ubuntu_Intrepid_Installation_Guide#Installing_the_restricted_drivers_manually

Those of you who are server admins or use certain merchant services know what I’m taking about — it’s that dreaded security scan that picks apart your server to tell you everything that it thinks is wrong, assuming you have the knowledge or access to fix it: yes, the PCI scan. PCI compliancy is a somewhat new procedure used by security companies and financial institutions to measure the security of a webserver that collects and stores sensitive information. The reasons for getting a scan vary, but are most commonly for legal reasons or just the assurance that your server is subject to certain vulnerabilities.

After dealing with 2-3 PCI scans a week for the last year, I’ve put together a common procedure for how to make your server compliant to current PCI standards. Note that each scan company is different and may report other issues, and if you’re using ControlScan then, well, I feel sorry for you. I’m also assuming that you are on a Linux server running cPanel and LAMP.

Step 1: Make sure you have a firewall

PCI scans are nazis about unjustified open ports, so only open the ones that you need in order for services to run effectively. Manually configuring iptables is a pain in the ass, so I recommend using APF or CSF (if you have cPanel) and then configuring the allow rules to only allow ports for active services.

Note that both indicate the opening of cPanel ports 2082, 2095, and 2086, but some scans will complain about these being nonsecure. If that is the case you can configure within WHM to only use the secure ports, then remove the nonsecure ones from the firewall so they can’t be accessed. You should also close MySQL port 3306 for external hosts and allow them on a per-IP basis to anyone other than localhost has to be allowed.

Step 2: Update your system

This is an obvious one, but you’d be surprised how many people still have old packages installed on the server. With cPanel, running /scripts/upcp will usually update the vital system software as long as you have your update configuration in WHM set to allow it, but otherwise I would recommend doing a yum update, up2date, or whatever else you use to manage packages to make sure everything is up to date.

Nowadays old versions of MySQL, PHP, and Apache are no longer squeezing through either, so you need to upgrade to at least MySQL 4.1.22, PHP 5.2.5, and Apache 1.3.39 (some scans will want Apache 2.0.x).

Step 3: FIx OpenSSL

If you did a package update this was probably already taken care of, but if you installed via source you need to make sure you’re using at least 0.9.7j, which is the oldest version that most PCI scans allow. You can get your sources from here, and it may require a recompile of Apache and other services that use it. To check your OpenSSL version, type ‘openssl‘ from your SSH prompt and then type ‘version‘.

Note to Redhat/Fedora/CentOS users: If you’re running a somewhat recent version of your OS your openSSL version probably is something like 0.9.7a, but due to Redhat backporting this may be a false-positive. If you’re on any Redhat-based distribution, just tell your scan company and they’ll bypass OpenSSL checks.

Step 4: Check your SSL certificates

In order to pass a PCI scan your server must have at least one SSL certificate signed by a recognized certificate authority, and any services using SSL need to be using a certificate as well. Go cough up $30-$100 and buy a decent 264-bit SSL certificate and install it not just for Apache, but also for all of your active services. WebHost Manager has a section for installing service SSL certificates to make this process easier.

Step 5: Disable SSLv2 and other weak encryption methods

This one always gets me, because there is no way to disable SSLv2 for everything at once, at least not one that I know of. What makes this part the worse is that not all services support the choosing of SSL protocols and ciphers, but luckily unless you are using ControlScan the ones that don’t are probably not going to show up. Here’s how you do it for common services that are reported:

Apache:

Add these lines to your httpd.conf (you may to add them to each secure vhost as well):

SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

POP3 and IMAP:

Edit the following files:

/usr/lib/courier-imap/etc/pop3d-ssl
/usr/lib/courier-imap/etc/imapd-ssl

Comment out the existing TLS_CIPHER_LIST line and replace it with the following and restart courier-imap:

TLS_CIPHER_LIST="ALL:!SSLv2:!ADH:!NULL:!EXPORT:!DES:!LOW:@STRENGTH"

Exim:

Add the following to exim.conf:

tls_require_ciphers = ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:!SSLv2

For other services that might be on your system, take a look at this guide.

Step 6: Disable mod_userdir (or whatever cPanel is calling it nowadays)

If you are able to go to http://yourserverip/~yourusername, then you have mod_userdir enabled and the scan will probably complain. You can disable this in WHM under Security Center > Apache mod_userdir Tweak, or in httpd.conf add “userdir disabled user1 user2 user3 …etc”

Step 7: Put Apache in incognito mode and disable the bad stuff

If you try to get an Apache error (like a 404 error), the footer of that page probably contains more information that you may want to share about your Apache setup. You can disable this in your httpd.conf by adding these lines:

ServerSignature Off
ServerTokens Prod
FileETag None

You can read more about these here.

Another thing that some scans report is the use of 413 errors. You should add this line to httpd.conf as a workaround:

ErrorDocument 413 /index.php (or any other file)

Just about all scans will complain if the ‘trace’ and ‘track’ apache methods are enabled on your server. You can fix this by adding these lines to your Virtualhost entries or .htaccess files:

RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)$ [NC]
RewriteRule ^.*$ - [F]

You should also disable directory indexes, which can be done most easily in your cPanel’s index manager. Directory indexes allow the listing of files inside folders that do not have an index page. You can also disable these in your .htaccess files:

Options All -Indexes

Ending notes

Really, it doesn’t matter how secure your server is if your web application scan is poorly programmed, so your server should not be the ending point in security. Some PCI scan companies are able to detect common vulnerabilities in web applications, but you should take the extra steps to stay ahead of the game and update your site software on a regular basis.