container file cleanup

cd /vz/root/

rm -rf */var/www/vhosts/*/statistics/logs/*.processed
rm -rf /vz/root/*/var/lib/psa/dumps/*
rm -rf */var/www/vhosts/*/statistics/logs/*processed*
rm -rf */var/www/vhosts/*/statistics/logs/*.processed.*
rm -rf */var/www/vhosts/*/statistics/logs/error_log.*.gz

fail2ban hangs after making change

Refer to KB http://kb.sp.parallels.com/en/122407

Symptoms

After enabling a jail, fail2ban service can be neither restarted nor stopped. The service status is shown wrong, without the jails list:

# service fail2ban status
fail2ban-server (pid  3291) is running

/var/log/fail2ban.log shows that it stopped when adding log files to its monitoring pool:

2014-07-27 21:09:25,487 fail2ban.filter [25047]: INFO    Added logfile = /var/www/vhosts/system/dom1.com/logs/proxy_access_log
2014-07-27 21:09:25,985 fail2ban.filter [25047]: INFO    Added logfile = /var/www/vhosts/system/domain.com/logs/proxy_access_ssl_log

Cause

Fail2ban has plesk-apache-badbot and plesk-apache (or other big) jails enabled. That jail forces fail2ban to parse all the access and error logs for each virtual host and Apache’s access log. In case if there are a lot of virtual host access logs, the service hangs by resource over usage trying to parse all of them.

NOTE: When you enable this jail in panel you might see the warning:

Warning: Fail2Ban might not work well if there are many domains and Fail2Ban has to monitor too many log files.

Resolution

The following instruction should be applied in case if there are less then 300 domains, and amount of log files in jail should be reduced:

  1. Kill the stuck process(es) by PID (exercise caution, it might be a good idea to check PIDs which it will kill first by omitting the last part after |):
    # ps aux | grep fail2ban|awk '{print $2}'|xargs kill -9
    
  2. Remove .pid file:
    # rm -f /var/run/fail2ban/fail2ban.pid
    
  3. Reduce the amount of logs to parse for the jail plesk-apache-badbot (or disable the jail altohether). Open file/etc/fail2ban/jail.d/plesk.conf and change the mask of the path to logs from '*access*log' to '*access_log':
    [plesk-apache-badbot]
    
    enabled  = true
    filter   = apache-badbots
    action   = iptables-multiport[name=BadBots, port="http,https,7080,7081"]
    logpath  = /var/www/vhosts/system/*/logs/*access_log
               /var/log/httpd/*access_log
    
  4. If fail2ban service is running, execute fail2ban-client reload. Otherwise start the service.

The below instruction is for big amount of domains (more then 300):

Fail2Ban can use a lot of RAM on the server, in case if it monitors a lot of jails with many log files! Make sure that the server will not experience the out-of-memory condition before applying this solution! If it does – disable some jails.

In case if you have a very big amount of domains on your Plesk server, and the above workaround doesn’t help, you may divide the logs by different jails, so that they are loaded one by one and therefore minimize the amount of logs in one jail. This should help, since issue is caused by a single big jail with a lot of logs, but it won’t be happening when there are a lot of jails with small amount of logs included.

Please use the following commands to create separate jails for domains according to the first name letter\digit:

  1. Get admin email:
    admin_email=`mysql -Ns -uadmin -p\`cat /etc/psa/.psa.shadow\` psa -Ne"select email from clients where login='admin'"`
    
  2. Set plesk-apache jails:
     for i in a b c d e f g h i j k l m n o p q r s t u v w x y z 1 2 3 4 5 6 7 8 9 0;do find /var/www/vhosts/system/$i*/logs/error_log 2>/dev/null 1>/dev/null; found=`echo $?`;if [ $found == "0" ];then echo "[[\"usedns\",\"no\"],[\"logpath\",\"\\/var\\/www\\/vhosts\\/system\\/$i*\\/logs\\/error_log\"],[\"enabled\",\"true\"],[\"filter\",\"apache-auth\"],[\"maxretry\",\"6\"],[\"__source__\",\"jail.d\\/plesk.conf\"],[\"action\",\"iptables-multiport[name=apache, port=\\\"http,https,7080,7081\\\"]\"],[\"ignoreip\",\"127.0.0.1\/8\"],[\"bantime\",\"600\"],[\"destemail\",\"$admin_email\"],[\"findtime\",\"600\"],[\"backend\",\"auto\"]]"|/usr/local/psa/admin/bin/f2bmng --set-jail plesk-apache-$i ;fi;done
    
  3. Set plesk-apache-badbot jails:
     for i in a b c d e f g h i j k l m n o p q r s t u v w x y z 1 2 3 4 5 6 7 8 9 0;do find /var/www/vhosts/system/$i*/logs/error_log 2>/dev/null 1>/dev/null; found=`echo $?`;if [ $found == "0" ];then echo "[[\"usedns\",\"no\"],[\"logpath\",\"\\/var\\/www\\/vhosts\\/system\\/$i*\\/logs\\/*access_log\"],[\"enabled\",\"true\"],[\"filter\",\"apache-badbots\"],[\"maxretry\",\"100\"],[\"__source__\",\"jail.d\\/plesk.conf\"],[\"action\",\"iptables-multiport[name=BadBots, port=\\\"http,https,7080,7081\\\"]\"],[\"ignoreip\",\"127.0.0.1\/8\"],[\"bantime\",\"172800\"],[\"destemail\",\"$admin_email\"],[\"findtime\",\"600\"],[\"backend\",\"auto\"]]" |/usr/local/psa/admin/bin/f2bmng --set-jail plesk-apache-badbot-$i;fi;done
    
  4. In regular plesk-apache-badbot and plesk-apache jails, leave only general error\access logs file paths:

    plesk-apache-badbot:

    /var/log/httpd/*error_log
    

    plesk-apache:

    /var/log/httpd/*access_log
    
  5. On steps 2 and 3 we created jails only if there are some domains matching the first digit\letter of domain name. Otherwise, Fail2ban will not start due to configuration errors. Now we need to set up the script that adds a jail upon new domains creation:
    • Download the attached script , put it on your server, and grant executable permissions:
      wget http://kb.sp.parallels.com/Attachments/kcs-32570/add_jails.sh
      
      chmod +x add_jails.sh
      
    • Create tasks in Plesk event manager with the following parameters:

      Domain created lowest (0) root /root/add_jails.sh <new_domain_name>

      Default domain (the first domain added to a subscription or webspace) created lowest (0) root /root/add_jails.sh <new_domain_name>

  6. Use the first instruction to restart Fail2ban if it hanged.

WordPress migration with full Plesk integration

Step by step instructions for moving a WordPress site between servers using ‘duplicator’ plugin.

Source server
1. Install duplicator
Login to WP admin area. Click Plugins. Search for ‘Duplicator’ plugin and install.
2. Activate the plugin through the ‘Plugins’ menu in WordPress
3. Click on the Duplicator link from the main menu
4. Create your first package.
You will go through a verification check of the setup. Fix any issues that duplicator finds.
5. FTP installer.php and packageName_archive.zip to destination server (download to PC, upload to new server).

Destination server
1. Move installer.php and package.zip file into document root directory.
2. Install WP through Plesk. This step is only necessary if you want Plesk to recognize the WP installation.
3. Look in the wp-config.php file and make a note of mysql db, user, password and then rename file to be wp-config.php.back.
4. Run the installer.php script. Adjust domain name and mysql settings.
5. Verify successful migration.
6. Remove migration files: installer.php, installer-data.sql, installer-log.txt, packageName_archive.zip, wp-config.php.back

virtuozzo backup tips

http://kb.parallels.com/en/113790

Summary
Parallels server virtualization products use Parallels Virtual Automation (PVA) for standard backup and restore operations.
Parallels Virtual Automation Agent (PVA Agent) provides backup and restore tools and an API for the particular Hardware Node it is installed on.
Parallels Virtual Automation Management Node (PVA MN) provides a centralized backup and restore API for all nodes registered in the PVA group.
This article describes the backgrounds of the backup and restore processes, the server roles in the backup and restore processes, and common terms used in PVA.
Server roles
Generally, there are three roles in a backup or restore process:
Virtualization node – The Hardware Node with the virtual environments to be backed up. It must have Parallels Virtual Automation Agent installed.
Backup storage node – The Hardware Node used for storing backup data. It must have Parallels Virtual Automation Agent installed.
Control node – The server initiating the backup process. It must have either Parallels Virtual Automation Agent or Parallels Virtual Automation Management Node installed.

A single server can handle all three roles in the case of a local backup.
Backup scenarios
Scenario Roles Example
Local backup of mypvcserver
Virtualization node: mypvcserver

vzabackup -F mypvcserver -e CTID
Locally initiated backup to the remote storage
Virtualization node: myvpcserver
Backup storage node: remotestorage
Control node: myvpcserver
vzabackup –storage root@remotestorage localhost -e CTID
Backup initiated from the storage server
Virtualization node: myvpcserver
Backup storage node: remotestorage
Control node: myvpcserver
vzabackup -F mypvcserver
Backup of the server to remote storage initiated by the third server
Virtualization node: myvpcserver
Backup storage node: remotestorage
Control node: myvpcserver
vzabackup –storage root@remotestorage -F mypvcserver -e CTID
Backup tools and interfaces
Graphical
PVA Control Center – The web interface of PVA MN, allowing you to manage backups for all Hardware Nodes in the PVA group.
Power Panel – The web interface for managing a particular container. A backup initiated from the Power Panel is performed according to the local settings of the Hardware Node the container is hosted on.
Parallels Management Console (obsolete) – A graphical tool shipped with older versions of Parallels Virtuozzo Containers. This allows you to perform backup and restore operations across registered nodes.
Command-line
vzabackup\vzarestore – CLI interface to PVA Agent Backup API methods.
vzbackup\vzrestore (obsolete) – CLI interface to TAR-based backup. This does not require PVA Agent to be running.
NOTE: On Parallels Virtuozzo Containers for Windows, this is in the form of another wrapper on the vzabackup\vzarestore tool.
API
Backup interfaces of PVA Management Node XML API.
Backup interfaces of PVA Agent via SOAP and XML API.
Backup backend
Parallels provides two backends for backup files:
One that is compatible with Acronis Backup and Restore (default)
One that is compatible with TAR.
The backup engine backend can be switched in the PVA Agent configuration file:
Edit the PVA Agent configuration file:
/vz/pva/agent/etc/vzagent.conf
or
/var/opt/pva/agent/etc/vzagent.conf
Change the backend value to 0 for Acronis-compatible, or 1 for TAR-based:
vzlin_backup_serializer (for pre-PVA 4.6.4 nodes):


1
1

0
360000



vzlin_backup_serializer11 (for PVA 4.6.4 and later versions):
`

1
1
0 0
360000



Restart PVA Agent:
~# pvaagent restart
Additional information
How to increase PVA Agent timeouts for backup operations
Acronis Error: Module=0 Code=0, Tag=0 troubleshooting
Parallels Virtual Automation builds, releases, and supported virtualization products

search log files for most common hits

If you are having problems with possible attack on your server, check the log files for the most common hits. Many times you will find one page being accessed beyond what would be normal.

va1-fv00150# cat /usr/local/apache/logs/*/*access_log | awk ‘{print $7}’ | sort | uniq -c | sort -rn | head
35806 /administrator/index.php
89 /
37 /robots.txt
30 /favicon.ico
20 /administrator/index.php?option=com_login
16 /imgs/flash.swf
15 /imgs/home.html
14 /wp-login.php
14 /js/AC_RunActiveContent.js
14 /imgs/styles.css

Use this information to find what log file is getting the hits:

va1-fv00150# grep -R “/administrator/index.php” /usr/local/apache/logs/*/*access_log | cut -d: -f1 | sort | uniq -c | sort -rn | head
38313 /usr/local/apache/logs/ibreporttv/ibreporttv.com-access_log
5 /usr/local/apache/logs/goinsidebusiness/goinsidebusiness.com-access_log

Use mutt to bounce emails to a different account

Login to the server and (as root or the account owner) run ‘mutt -f /path/to/his/mailbox’. From there you can type a capital ‘T’ (for “Tag messages matching the pattern I’m about to enter”), you will then be prompted to enter a pattern to match. Type ‘.’ (to match all strings) and enter. All messages should have an asterisk (“”) next to them.

Now type a semicolon (“;”–the semicolon tells mutt that the action you’re about to take applies to all tagged messages) and a lowercase ‘b’ (for “bounce”. Together ‘;b’ means “bounce all these messages I’ve just tagged”).

You’ll be prompted for an address to bounce the messages to. Type it in and wait a little bit for all the messages to bounce (you may be prompted by mutt to confirm you want to bounce the messages). When mutt tells you that it’s done, you can type semicolon again and then a lowercase ‘d’ (for “delete”). Type a ‘q’ to quit mutt.

count pop3 logins

show users that are sending email:
mail /var/log# grep authid= /var/log/maillog | awk -F “]” ‘{print$3}’ | awk -F , ‘{print$2}’ | tr -d ” ” | sort | uniq -c | sort -rn

show what IP addresses are sending email:
mail /var/log# grep authid= /var/log/maillog | awk -F “]” ‘{print$2}’ | awk -F “[” ‘{print$2}’ | tr -d ” ” | sort | uniq -c | sort -rn

Change max connections for IMAP

On a busy server, the default number of connections allowed for IMAP users might be too low. If you have IMAP customers complaining about connections being refused, you might need to increase the number of simultaneous connections.

Edit the following file:
/etc/courier-imap/imapd

Restart imapd:
/etc/init.d/courier-imapd restart

Check log file for website “POST” entries

If you have a server that is not responding, there might be an attack on one of the domains. You can get a good idea if a normally low volume website is suddenly getting lots of traffic by running a few checks on the log files.

Count the number of posts to each unique file:
# grep POST /usr/local/apache2/logs/USER/DOMAIN-accesslog | awk ‘{print $7}’ | sort | uniq -c | sort -n 

Count the number of times each IP posted to the domain:
# grep POST /usr/local/apache2/logs/USER/DOMAIN-accesslog | awk ‘{print $1}’ | sort | uniq -c | sort -n

Count the number of unique IP addresses that posted to the domain: 
# grep POST /usr/local/apache2/logs/USER/DOMAIN-access_log | awk ‘{print $1}’ | sort | uniq | wc -l