From wiki.mikejung.biz
Revision as of 21:44, 19 February 2012 by Admin (talk | contribs) (Created page with "==Apache== ===Basics=== '''Configuration file, lots of settings can be changed here:''' <pre> vim /usr/local/apache/conf/httpd.conf </pre> '''Includes (external settings that A...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search



Configuration file, lots of settings can be changed here:

vim /usr/local/apache/conf/httpd.conf

Includes (external settings that Apache reads in case the conf was rebuilt)

cd /usr/local/apache/conf/includes

DoS | Connections

Check for a basic Dos, or heavy traffic:

netstat -tn 2>/dev/null | grep ':80 ' | awk '{print $5}' | cut -f1 -d: | sort | uniq -c | sort -rn | head  

Check for SYN Floods

netstat -nap | grep SYN | wc -l

To display the IPs that have the most SYN connections to the server

netstat -tn 2>/dev/null | grep SYN | awk '{print $5}' | cut -f1 -d: | sort | uniq -c | sort -rn | head

Count the processes:

ps aux | grep httpd | wc -l
ps aux | grep php | wc -l

One liner that shows connections to all domains during a certain time

cd /usr/local/apache/domlogs
hour=16;for domain in $(cat /etc/userdomains | grep -v nobody |cut -d':' -f1); do if [ -e "$domain" ]; then for minute in $(seq 10 59); do count=$(cat $domain | grep "$hour:$minute"|wc -l);if [ "$count" -gt 1 ]; then echo "$domain : $hour:$minute : $count" >> /home/domlogreport.$hour;fi;done;echo;echo;fi;done

Report is in /home/domlogreport

Apache Status

/usr/bin/lynx -dump -width 500 | less

Apache connection

/usr/bin/lynx -dump -width 500 | awk '{print $11" "$12}'| awk NF |grep [0-9].[0-9].[0-9].[0-9]|sort|uniq -c|sort -n|tail -50

Dos Script

netstat -tn 2>/dev/null | grep ':80 ' | awk '{print $5}' | cut -f1 -d: | sort | uniq -c | sort -rn | head

Get a list of top IPs accessing the server (some false positives)

tail -n50000 access_log | grep -o "[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}" | sort -n | uniq -c | sort -n

Web Permissions | Files

Default Web Permissions

find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;

Think Apache is causing server to go OOM? Check PHP memory limit. If it's above 32M ask client if they need it this high.

grep memory_limit /usr/local/lib/php.ini

Find all users php.ini files.

find /home/*/public_html/* -name php.ini

DSO Ownership - permissions should be 644


FCGI | SuPHP Ownership - permissions should be 755