LinuxHostingSupport

Chkrootkit scan result: INFECTED (PORTS: 465) + Possible LKM Trojan installed

You may see the following output in the chkrootkit scan:

INFECTED (PORTS: 465)
You have 1 process hidden for readdir command
You have 1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed

The server is not infected but these are false positives.

The warning “INFECTED (PORTS: 465)” is a false alarm and can be ignored. The port 465 belogs to SMTPS service and if not in use, you can block it using iptables to avoid the false alarm.

Regarding “chkproc: Warning: Possible LKM Trojan installed”, it is generated when a process is killed and initiated when chkrootkit is running. Normally, you see whether they were php, perl or someother processes.

How to change IP address of all the accounts on a cPanel server?

The “Change Site IP Address” option is WHM is not feasible in case you need to change IP address of all the accounts on a server. In order to change IP address of all the domains on a cPanel server, you have to use the “swapip” script provided by cPanel.

The following script will do the needful:

for i in `cat /etc/trueuserdomains | cut -d: -f1`
do
/usr/local/cpanel/bin/swapip OLDIP NEWIP $i;
done;

where,

OLDIP is the current IP assigned to the domain.
NEWIP is the new IP which you would like to assign.
$i is the domain names read per line from the /etc/trueuserdomains file.

How to install and enable SuPHP on a cPanel server OR
How to install phpSuExec on a Linux Server?

SuPHP Or PHPSuExec as most people call is a module that increases the security of the server and executes PHP files under the owner of the file instead of the Apache user i.e. nobody. The advantages of having suPHP are:

1. Files and Directories those need 777 permissions to write into will no longer need those permissions and will result in an “Internal Server Error” The maximum permissions a directory or a file will need is 755 so it won’t be world writable anymore.

It helps to track down spammers if bulk emails are sent out via a PHP script since the script will be executed under the users UID/GID level and not nobody.

2.You need to place all the php directives for ex. safe_mode in the php.ini of a domain instead of .htaccess. You have to create a separate php.ini for the account and manipulate the values of php directives. If they are placed in .htaccess it will result in an “Internal Server Error”.

3. All the files and directories uploaded via the browser will have the ownership of the user they are uploaded under instead of ‘nobody’.

4.You will be able to edit/remove the files which are uploaded via the browser using Ftp.

5. The directives placed in a php.ini of an account will only effect the directory it is placed and won’t effect recursively as opposed to .htaccess.

Below is a small guide on installation, activation and verification of SuPHP on a cPanel server:

1. Installing SuPHP using easyapache script OR “Apache Update” option in WHM. Login to your server as root and execute the easyapache script:

# /scripts/easyapache

Once you execute the script, it will open a new screen asking you to select various options. On the first screen, you have to select the profile. You can use the default settings and select “Start customizing based on profile”. You then have to select the Apache version, then the PHP version on the next screen.

On the 5th screen, it will list different modules and the first one is “Mod SuPHP”. Select the modules using space bar and select “Save and Build”. All the previous options along with Suphp module will be compiled again. It will take around 30 minutes to complete the compilation process.

2. Enable SuPHP. Once the installation completes, you have to enable SuPHP to make it work. To enable SuPHP, simply execute the following command:

# /usr/local/cpanel/bin/rebuild_phpconf 5 none suphp 1

where,

5, is PHP version 5.
none, is we do not need PHP4.
suphp, is we need to enable suphp
1, is we need Apache Suexec enabled.

Verify the new configuration:

# /usr/local/cpanel/bin/rebuild_phpconf --current
Available handlers: suphp dso cgi none
DEFAULT PHP: 5
PHP4 SAPI: none
PHP5 SAPI: suphp
SUEXEC: enabled

If you see ‘suphp’ in front of PHP5, it’s time to restart the Apache service for the changes to take effect.

service httpd restart

3. Verify if SuPHP is working. Create a php file say phpinfo.php under an account and set the permissions to 777.

touch /home/user/public_html/phpinfo.php
chmod 777 /home/user/public_html/phpinfo.php

You should see a “Internal Server Error” on browsing the file. If you do, SuPHP is working so make sure files/directories are owned by owner and permissions should be no more than 755.

The log file resides at:

/usr/local/apache/logs/suphp_log

Hope this article helps you to enable SuPHP from the command line.

Related Links:
How to install/enable SuPHP on a Plesk server?

In order to increase memory limit for Java, perform the following steps, edit the file:

/var/cpanel/tomcat.options

Insert the following 2 lines:

Xmx200M
Xms100M

where, Xmx is the upper limit and Xms is the lower limit. You have to replace the values as per your requirement. Save the file and restart the tomcat service:

root@server [~]#/scripts/restartsrv tomcat

How to compile unix odbc on a cPanel server? On a cPanel server, the /scripts/easyapache script almost provides all the modules that are required to host the websites but the modules such as odbc has to be installed manually. You first have to install the devel packages for unixodbc, then add a line in rawopts file and rebuild Apache+PHP. That is it.

1. Install the UnixODBC devel packages:

yum install unixODBC unixODBC-devel

2. You now need to create a file “all_php5” to add a line to enable odbc so that apache build will pick it up from there. File all_php5 is for PHP5 and all_php4 is for PHP4.

pico /var/cpanel/easy/apache/rawopts/all_php5

3. Add the following line:

--with-unixODBC=/usr

4. Rebuild Apache/PHP using the “easyapache” script and the above file will be picked up automatically:

/scripts/easyapache

Once the compilation completes, you should have odbc module compiled with PHP. You can check the module either using a phpinfo() file OR through shell by executing:

php -i | grep odbc