Hic bir kategoriye girmeyen yazilarimi buraya yazacagim..
nosuid,noexec to tmp
sym link from /var/tmp to /tmp
php_cli with mod_ruid2 (check the forum there is an easy how-to)
suhosin patch for php (always in this forum, search update.script)
nobodycheck (same in update.script)
clamav (as before)
proftpd with clamav mod (same update.script)
And kiss or csf firewall (i use csf but you can choose what you want/prefer).
Root: GeoTrust Global CA
—–BEGIN CERTIFICATE—–
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
—–END CERTIFICATE—–
Intermediate: RapidSSL CA
—–BEGIN CERTIFICATE—–
MIID1TCCAr2gAwIBAgIDAjbRMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTAwMjE5MjI0NTA1WhcNMjAwMjE4MjI0NTA1WjA8MQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xFDASBgNVBAMTC1JhcGlkU1NM
IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3H4Vsce2cy1rfa0
l6P7oeYLUF9QqjraD/w9KSRDxhApwfxVQHLuverfn7ZB9EhLyG7+T1cSi1v6kt1e
6K3z8Buxe037z/3R5fjj3Of1c3/fAUnPjFbBvTfjW761T4uL8NpPx+PdVUdp3/Jb
ewdPPeWsIcHIHXro5/YPoar1b96oZU8QiZwD84l6pV4BcjPtqelaHnnzh8jfyMX8
N8iamte4dsywPuf95lTq319SQXhZV63xEtZ/vNWfcNMFbPqjfWdY3SZiHTGSDHl5
HI7PynvBZq+odEj7joLCniyZXHstXZu8W1eefDp6E63yoxhbK1kPzVw662gzxigd
gtFQiwIDAQABo4HZMIHWMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUa2k9ahhC
St2PAmU5/TUkhniRFjAwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4w
EgYDVR0TAQH/BAgwBgEB/wIBADA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3Js
Lmdlb3RydXN0LmNvbS9jcmxzL2d0Z2xvYmFsLmNybDA0BggrBgEFBQcBAQQoMCYw
JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdlb3RydXN0LmNvbTANBgkqhkiG9w0B
AQUFAAOCAQEAq7y8Cl0YlOPBscOoTFXWvrSY8e48HM3P8yQkXJYDJ1j8Nq6iL4/x
/torAsMzvcjdSCIrYA+lAxD9d/jQ7ZZnT/3qRyBwVNypDFV+4ZYlitm12ldKvo2O
SUNjpWxOJ4cl61tt/qJ/OCjgNqutOaWlYsS3XFgsql0BYKZiZ6PAx2Ij9OdsRu61
04BqIhPSLT90T+qvjF+0OJzbrs6vhB6m9jRRWXnT43XcvNfzc9+S7NIgWW+c+5X4
knYYCnwPLKbK3opie9jzzl9ovY8+wXS7FXI6FoOpC+ZNmZzYV+yoAVHHb1c0XqtK
LEL2TxyJeN4mTvVvk0wVaydWTQBUbHq3tw==
—–END CERTIFICATE—–
yum install dnstop
dnstop eth0
1 e bas 2 ye bas 3 e basmak icin
dnstop -l 3 etho
detayli aciklama:::
You can monitor various dns data and queries using command line options.
Simply, type the following command at a shell prompt to monitor traffic for eth0 interface:
# dnstop {interface-name}
# dnstop eth0
# dnstop em0
Sample output:
2 new queries, 220 total queries Mon Aug 4 05:56:50 2008 Sources count % ---------------- --------- ------ 180.248.xxx.26 72 32.7 77.89.xx.108 7 3.2 186.xxx.13.108 5 2.3 90.xxx.94.39 4 1.8 178.xx.77.83 4 1.8 187.xxx.149.23 4 1.8 xxx.13.249.70 4 1.8 1.xxx.169.102 4 1.8 189.xx.191.126 4 1.8 xxx.239.194.97 3 1.4
You can force dnstop to keep counts on names up to level domain name levels by using the -l {level} option. For example, with -l 2 (the default), dnstop will keep two tables: one with top-level domain names (such as .com, .org, .biz etc), and another with second level domain names (such as co.in, col.uk).
# dnstop -l 3 eth0
Under Debian / Ubuntu Linux, enter:
# dnstop -t -s eth0
Where,
Please note that increasing the level provides more details, but also requires more memory and CPU to keep track of DNS traffic.
To exit the dnstop, hit ^X (hold [CTRL] key and press X). Press ^R to reset the counters.
While running dnstop, hit 1 key to view first level query names (TLDs):
5 new queries, 1525 total queries Mon Aug 4 06:11:09 2008 TLD count % ------------------------------ --------- ------ net 520 34.1 biz 502 32.9 in-addr.arpa 454 29.8 in 23 1.5 org 15 1.0 com 11 0.7
Look like this DNS server is serving more .net TLDs. You can also find out more about actual domain name by hinting 2 key while running dnstop:
3 new queries, 1640 total queries Mon Aug 4 06:13:20 2008 SLD count % ------------------------------ --------- ------ cyberciti.biz 557 34.0 nixcraft.net 556 33.9 74.in-addr.arpa 34 2.1 208.in-addr.arpa 29 1.8 195.in-addr.arpa 28 1.7 192.in-addr.arpa 27 1.6 64.in-addr.arpa 27 1.6 theos.in 23 1.4 203.in-addr.arpa 20 1.2 202.in-addr.arpa 18 1.1 212.in-addr.arpa 15 0.9 nixcraft.com 13 0.8 217.in-addr.arpa 13 0.8 213.in-addr.arpa 12 0.7 128.in-addr.arpa 12 0.7 193.in-addr.arpa 12 0.7 simplyguide.org 12 0.7 cricketnow.in 3 0.2
To find out 3 level domain, hit 3 key:
www.cyberciti.biz 60 39.0 figs.cyberciti.biz 33 21.4 ns1.nixcraft.net 18 11.7 ns3.nixcraft.net 13 8.4 ns2.nixcraft.net 13 8.4 theos.in 5 3.2 nixcraft.com 5 3.2 cyberciti.biz 2 1.3 jobs.cyberciti.biz 1 0.6 bash.cyberciti.biz 1 0.6
You can easily find out most requested, query type (A, AAAA, PTR etc) by hinting t key
Query Type Count % ---------- --------- ------ A? 224 56.7 AAAA? 142 35.9 A6? 29 7.3
Hit d to view dns client IP address:
Source Query Name Count % -------------- ------------- --------- ------ xx.75.164.90 nixcraft.net 20 9.1 xx.75.164.90 cyberciti.biz 18 9.1 x.68.25.4 nixcraft.net 9 9.1 xxx.131.0.10 cyberciti.biz 5 4.5 xx.104.200.202 cyberciti.biz 4 4.5 202.xxx.0.2 cyberciti.biz 1 4.5
There many more option to provide detailed view of current, traffic, just type ? to view help for all run time options:
s - Sources list d - Destinations list t - Query types o - Opcodes r - Rcodes 1 - 1st level Query Names ! - with Sources 2 - 2nd level Query Names @ - with Sources 3 - 3rd level Query Names # - with Sources 4 - 4th level Query Names $ - with Sources 5 - 5th level Query Names % - with Sources 6 - 6th level Query Names ^ - with Sources 7 - 7th level Query Names & - with Sources 8 - 8th level Query Names * - with Sources 9 - 9th level Query Names ( - with Sources ^R - Reset counters ^X - Exit ? - this
In place of a Q&A this week, I’d like to talk about an upcoming event. June 8, 2011 has been declared World IPv6 Day. The event, being led by Google, will see a handful of the Internet’s large websites enable Internet Protocol version 6. In theory most users won’t notice the difference and we’ll all be able to access Google, Facebook, Yahoo and others on June 8th, just like we would every other day.
But where theory meets practice there are often sparks, so it’s a good idea to see if your system is ready now. To help with that, there’s this test site. The site will test your system to see if you can reach IPv4 websites and IPv6 sites. It will also test to see if, assuming you can’t reach an IPv6 website, your web browser will properly fall-back to trying IPv4 in a reasonable amount of time. This last point is key because the proposed World IPv6 Day is less about moving everyone from the old protocol to the new one than it is about making sure websites will continue to function, regardless of which protocol is in use. In the past we’ve seen some websites, such as Google, provide separate IPv4 and IPv6 URLs in an effort to cater to both groups of users. Ideally websites should be able to offer one URL, regardless of client protocol. And, ideally, users should be able to connect to their favourite websites, regardless of which protocol they’re using.
For people who are currently on IPv4 (and that’s most of us), it is possible to set up a tunnel which allows access to IPv6 websites. Ubuntu’s website has a good article on creating an IPv6 tunnel when your computer is stuck with an IPv4 address. I recommend reading the article, which is fairly distro-neutral, because it’s good to experiment with IPv6 now to avoid a rushed implementation later.
For more information on IPv6 Day, please see this FAQ page.
taken from: http://distrowatch.com/weekly.php?issue=20110124
daha once konu ile ilgili uzun bir yazi yazmistim
bu mesajda sadece komutlar var
backup
1- serverdaki herseyi backuplamak icin
vzdump --compress --dumpdir /home/backup --stop --all
2-tek vps icin
vzdump --compress --dumpdir /home/backup --stop 102
3-use default dump dir
vzdump --compress --stop 102
4- pratikde en sik kullandigim
vzdump --compress --suspend 102
restore
1-vzdump --restore /home/vzdump-102.tgz 250
2-hostname degistir
vzctl set 250 --hostname test2.example.com --save
3- ip degistir
vzctl set 250 --ipdel 192.168.0.102 --save
vzctl set 250 --ipadd 192.168.0.250 --save
4-calistir
vzctl start 250
5200 kisilik Lan Party!
mkdir /usr/local/directadmin/custombuild/custom
mkdir /usr/local/directadmin/custombuild/custom/ap2
cp /usr/local/directadmin/custombuild/configure/ap2/configure.php5 /usr/local/directadmin/custombuild/custom/ap2/configure.php5
Edit ./custom/ap2/configure.php5 and add –enable-soap to the file, using the same \ syntax as you see in the file. Save it, ./build php and it worked perfectly.
gun olur lazim olur.
.org bir domainimiz var
ns1.domain.org 1.2.3.4 olarak tanimlanmis
ip adresini 3.4.5.6 olarak degistirdik
nasil kontrol edecegiz degisip degismedigini ?
su sekilde
whois -h whois.pir.org host 195.200.83.231
veya
whois -h whois.pir.org host ns1.domain.org
detayli bilgiyi pir.org whois sunucusu veriyor help komutu ile isteyince
onuda uzun uzun yazayim buraya bu olsun
[root@sioserver /]# whois -h whois.pir.org help
[Querying whois.pir.org]
[whois.pir.org]
OVERVIEW
Whois is used to look up records in the .ORG registry database. Information about domain, host, contact and registrar objects can be searched using this Whois service.
WHOIS QUERIES
For all Whois queries, you must enter a character string representing the information for which you want to search. Use the object type and interpretation control parameters to limit the search. If object type or interpretation control parameters are not specified, Whois searches for the character string in the Name field of the Domain object.
Whois queries can be either an 'exact search' or a 'partial search'.
An exact search specifies the full string to search for in the database field. An exact match between the input string and the field value is required. For example: 'publicinterestregistry.org' will only match with 'publicinterestregistry.org'.
A partial search specifies the start of the string to search for in the database field. Every record with a search field that starts with the input string will be considered a match based on the interpretation control parameter used. For example: 'publicinterestregistry%' will match with 'publicinterestregistry.org' as well as 'publicinterestregistry1.org'
By default, if multiple matches are found for a query, then a summary of all the matching results is presented including the object name and object identifier. A second query is required to retrieve the specific details of one of the matching records.
If only a single match is found, then full details will be provided. Full detail consists of the data in the matching object as well as the data in any associated objects. For example: a query that results in a domain object will include the data from the associated host and contact objects.
QUERY CONTROLS
Whois query controls fall into two categories: those that specify the type of object and those that modify the interpretation of the input or determine the type of output to provide.
Object Type Control
The following keywords restrict a search to a specific object type:
DOmain: Search only domain objects. The input string is in the
Name field.
HOst: Search only host objects. The input string is searched in
the Name field and the IP Address field.
Contact: Searches only contact objects. The input string is
searched in the ID field.
Registrar: Search only registrar objects. The input string is
searched in the Organization field. The input string is
case sentitive.
By default, if no object type control is specified, then the Name field of the Domain object is searched.
Interpretation Control
The following keywords modify the interpretation of the input or determine the level of output to provide:
ID: Search on ID field of an object. This applies to
Domain IDs, Host IDs, Contact IDs and Registrar IDs.
Full or '=': Always show detailed results, even for multiple matches.
Summary, SUM or '$': Always show summary results, even for single matches.
'%' or '...': Used as a suffix on the input, will produce all records
that start with that input string and have zero or more
additional characters.
'_': Used as a suffix on the input, will produce all records
that start with that input string and have one and only
one additional character.
By default, if no interpretation control keywords are used, the output will include full details if a single record is found and a summary if multiple matches are found.
The following further describes the use of '_', '%' and '...' wildcards with example whois queries.
Whois assumes that all characters before the wildcard compose the name portion of the query with the exception of '...'. At least one character must be entered before the wildcard.
All Object Queries:
'...': The suffixes .org or -LROR are not implied at the end of the string. This wildcard is allowed in the .org or -LROR portion of the input string.
For Example:
Assume that the following exists in the whois database:
Contact ID: C101-LROR
Host Name: dns1.publicinterestregistry.org
1) QueryHelper: whois contact summary id c101-lr
Return: Contact Name: John Dowe
Contact ID: C101-LROR
2) QueryHelper: whois host summary dns1info
Return: NOT FOUND
All Object Identifier Queries:
Interpretation control wildcards ('_' or '%') must be used as a suffix in the id portion of the query. Wildcard characters are not allowed in the -LROR portion of the input string.
If -LROR is not included in the input string, it will be implied at the end of the string. A single letter represents the object type of the identifier, where D=Domain, H=Host, C=Contact and R=Registrar. This letter must be the first character in the input string to query an object identifier.
For Example:
Assume that the following exists in the whois database:
Contact ID: C101-LROR
Domain ID: D101-LROR
1) QueryHelper: whois domain summary id d10_-lror
Return: Domain Name: PUBLICINTERESTREGISTRY.ORG
Domain ID: D101-LROR
2) QueryHelper: whois contact summary id c101-lr%
Return: NOT FOUND
Domain and Host Name Queries:
Interpretation control wildcards ('_' or '%') must be used as a suffix in the name portion of the query. Wildcard characters are not allowed in the .org portion of the input string.
If .org is not included in the input string, it will be implied at the end of the string.
For Example:
Assume that the following exists in the whois database:
Domain Name: publicinterestregistry.org
Host Name: dns1.publicinterestregistry.org
1) QueryHelper: whois domain summary afilia_
Return: Domain Name: PUBLICINTERESTREGISTRY.ORG
Domain ID: D101-LROR
2) QueryHelper: whois host summary dn_1.publicinterestregistry.org
Return: NOT FOUND
3) QueryHelper: whois host summary d%
Return: Host Name: NS1.PUBLICINTERESTREGISTRY.ORG
Host ID: H101-LROR
4) QueryHelper: whois domain summary publicinterestregistry.in%
Return: NOT FOUND
IP Address and Registrar Organization Queries:
A suffix is not implied for IP addresses or the registrar organization.
For Example:
Assume that the following exists in the whois database:
Host Name: dns1.publicinterestregistry.org
IP Address: 10.0.0.1
Registrar Organization: PIR
1) QueryHelper: whois host summary 10.0.0._
Return: Host Name: DNS1.PUBLICINTERESTREGISTRY.ORG
Host ID: H101-LROR
2) QueryHelper: whois registrar summary P_R
Return: NOT FOUND
3) QueryHelper: whois host summary 10.0.%
Return: Host Name: DNS1.PUBLICINTERESTREGISTRY.ORG
Host ID: H101-LROR
4) QueryHelper: whois registrar summary PI%
Return: Registrar Organization: PIR
Registrar ID: R101-LROR
Whois.publicinterestregistry.net only provides information for .ORG domains, hosts, contacts and registrars.
Note: The Registry database also contains host information for which it is not authoritative such as .com and .net host names. Whois.publicinterestregistry.net does not retrieve information regarding these host names. Please use whois.crsnic.net to retrieve information regarding ..com and .net host
names.
NOTE: I am continually updating this post. It is safe to assume that all posts which mention improvements/security fixes have been included where relevant if they were posted before the last time this post was edited. (See bottom of this post for timestamp)
Ok, lets get started..
suPHP doesn’t allow the use of php_flag and php_value in .htaccess files, so find users with these setup and deal with them (or their sites will throw a 500 error)
find /home/*/domains/*/public_html -name ".htaccess" | xargs grep "php_"
Once you have dealt with those sites, suPHP should be good to go..
Edit the custombuild options file to use PHP in CGI mode
cd /usr/local/directadmin/custombuild ./build update ./build clean nano options.conf
and change
php5_cli=yes php5_cgi=no
to
php5_cli=no php5_cgi=yes
If you need a custom config of PHP or suPHP then you can find which config files to change using:
./build used_configs
Now we can build PHP
./build php
Ensure the new php.ini is correct.. the old one was located at /usr/local/lib/php.ini
nano /usr/local/etc/php5/cgi/php.ini
It might be worth using custombuild to secure php some more. Using secure_php disables register_globals and adds some potentially vulnerable functions to the disable_functions list in the main php.ini file. These can be overridden on an individual basis per user if need be in their individual php.ini files
./build secure_php
We need to reset ownership of files as suPHP won’t allow access to ones owned by apache (they way the CLI version of PHP works)
ls -l /home | grep '^d' | awk '{system("chown -R " $3 ":" $4 " /home/" $9 "/domains")}'
Sessions will also have wrong ownership or now be corrupt so remove those
rm -f /tmp/sess_*
Sites which have files or directories with global write access will also cause suPHP to throw an error, therefore change all files to 644 and directories to 755
find /home/*/domains/*/public_html -type f -exec chmod 0644 {} \; -print
find /home/*/domains/*/private_html -type f -exec chmod 0644 {} \; -print
find /home/*/domains/*/public_html -type d -exec chmod 0755 {} \; -print
find /home/*/domains/*/private_html -type d -exec chmod 0755 {} \; -print
perl and cgi scripts need execute permissions though
find /home/*/domains/*/public_html -name "*.pl" -exec chmod 0744 {} \; -print
find /home/*/domains/*/private_html -name "*.pl" -exec chmod 0744 {} \; -print
find /home/*/domains/*/public_html -name "*.cgi" -exec chmod 0744 {} \; -print
find /home/*/domains/*/private_html -name "*.cgi" -exec chmod 0744 {} \; -print
Make sure webmail and phpMyAdmin work by resetting their ownership and permissions also
chown -R webapps:webapps /var/www/html
find /var/www/html -type f -exec chmod 0644 {} \; -print
find /var/www/html -type d -exec chmod 0755 {} \; -print
find /var/www/html -name "*.pl" -exec chmod 0744 {} \; -print
find /var/www/html -name "*.cgi" -exec chmod 0744 {} \; -print
Now lets enable open_basedir per user, and create user’s own tmp directories to make the server more secure. (I realize that I have done this on a per user basis rather than per domain, it should be straight forward to change if you do want it per domain)
automate creation of per user php.ini for new users (make sure the chown refers to your DirectAdmin user)
touch /usr/local/directadmin/scripts/custom/user_create_post.sh chmod 755 /usr/local/directadmin/scripts/custom/user_create_post.sh chown diradmin:diradmin /usr/local/directadmin/scripts/custom/user_create_post.sh nano /usr/local/directadmin/scripts/custom/user_create_post.sh
use the following shell script:
#!/bin/sh mkdir /usr/local/directadmin/data/users/$username/php/ chown $username:$username /usr/local/directadmin/data/users/$username/php/ touch /usr/local/directadmin/data/users/$username/php/php.ini echo "open_basedir = /home/$username/:/tmp/" >> /usr/local/directadmin/data/users/$username/php/php.ini chown root:root /usr/local/directadmin/data/users/$username/php/php.ini chattr +i /usr/local/directadmin/data/users/$username/php/ exit 0;
note that in the above script you may need to alter the open_basedir setting to add allowed paths (e.g. PHP’s pear modules /usr/local/php5/lib/php) depending on your server setup
in order to remove the user completely we need to release the chattr +i on the php.ini config directory first (make sure the chown refers to your DirectAdmin user)
touch /usr/local/directadmin/scripts/custom/user_destroy_pre.sh chmod 755 /usr/local/directadmin/scripts/custom/user_destroy_pre.sh chown diradmin:diradmin /usr/local/directadmin/scripts/custom/user_destroy_pre.sh nano /usr/local/directadmin/scripts/custom/user_destroy_pre.sh
use the following shell script:
#!/bin/sh chattr -i /usr/local/directadmin/data/users/$username/php/ exit 0;
create php.ini files for current users
ls -l /home | grep '^d' | awk '{system("username="$3" /usr/local/directadmin/scripts/custom/user_create_post.sh")}'
copy VirtualHost templates to custom directory so they are not overwritten when DirectAdmin updates
cp /usr/local/directadmin/data/templates/virtual_host2* /usr/local/directadmin/data/templates/custom/
change VirtualHost containers to look for php.ini override
nano /usr/local/directadmin/data/templates/custom/virtual_host2.conf nano /usr/local/directadmin/data/templates/custom/virtual_host2_sub.conf nano /usr/local/directadmin/data/templates/custom/virtual_host2_secure.conf nano /usr/local/directadmin/data/templates/custom/virtual_host2_secure_sub.conf
add this after the ErrorLog
|*if SUPHP="1"|
SetEnv PHP_INI_SCAN_DIR /usr/local/directadmin/data/users/|USER|/php/
|*endif|
rewrite httpd configs for current users
echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
To make sure webmail and phpMyAdmin work, set open_basedir in the global php.ini which will apply to webapps.
nano /usr/local/etc/php5/cgi/php.ini
find the open_basedir line and change to:
open_basedir = /var/www/html/:/tmp/
Then change the httpd.conf file to make sure the php.ini file isn’t overridden by user’s specific php.ini files:
nano /etc/httpd/conf/httpd.conf
find the <IfModule mod_suphp.c> section within the <Directory “/var/www/html”> block and change to:
<IfModule mod_suphp.c>
suPHP_Engine On
suPHP_UserGroup webapps webapps
SetEnv PHP_INI_SCAN_DIR
</IfModule>
That should be the lot, make sure Apache is restarted.
service httpd restart
Hopefully everything is working!
Notes
—–
If a customer wants to use cronjobs they need to add the php.ini in the cron command:
/usr/local/bin/php -c /usr/local/directadmin/data/users/accountname/php/php.ini /home/accountname/domains/domainname/public_html/filetocron.php