Pseudo/Virtual Account Setup In Proftpd


1.In /etc/proftpd/proftpd.conf


DefaultRoot ~

AuthUserFile /etc/proftpd/ftpd.passwd

RequireValidShell off


  1. Enter the following command and password followed by the command after changing the directory to the /etc/proftpd/


ftpasswd –stdin –passwd –name username –uid 33 –gid 33 –home /var/www –shell /bin/false




Username: The username required for the user.


/var/www: The home directory of the user. ie; change as required.


Also set /etc/proftpd/ recursively under the ownership and group “proftpd”


Note: Depending on the UID and GID the permissions will be set on the files for the newly uploaded files under the FTP accounts.


  1. /etc/init.d/proftpd restart


That’s all done!!






In centos/other version installations the proftpd configuration will be setup to authenticate from “pam.d” so in this case please use the following configuration


DefaultRoot ~

AuthUserFile /etc/proftpd/ftpd.passwd

RequireValidShell off

AuthPAM off


Then in AWS servers use “MasqueradeAddress PUBLIC IP OF THE SERVER” and also open necessary passive ports.




DefaultRoot ~

AuthUserFile /etc/proftpd/ftpd.passwd

RequireValidShell off

AuthPAM off

PassivePorts 40000 50000






Windows Bootable USB making from Linux [Centos/Ubuntu]

Plugin the USB Drive
First, you need to figure out the device ID of the USB drive.

Most modern Linux distributions should automount the USB drive. If not, you can see what device ID it is assigned to by running df -h or mount.

Additionally, syslog can be monitored to find the device ID.

On Fedora, CentOS, and RHEL run sudo tail -f /var/log/messages.

On Ubuntu or Debian run sudo tail -f /var/log/syslog.

Once you figure out the USB drive’s device ID, be sure to unmount it before continuing:

sudo umount /dev/sdX
Be aware, the following steps will erase everything on the USB drive you are using. You are responsible for your own data.

Partition the USB Drive
Either fdisk or parted can be used to partition the USB drive. Use whatever command you are more familiar with.

Be aware, changes made using fdisk can be undone as long as those changes have not yet been written. Changes made using parted cannot be undone because they are applied in real time. In either case, be SURE you are making changes to the right device ID.

Partition the USB Drive with fdisk

Open the USB drive in fdisk:

sudo fdisk /dev/sdX
Once you are in the fdisk interactive menu, partition the USB drive with the following steps:

Type p and Enter to print the current partition table. I do this out of habit.
Delete all the current partitions by typing d then Enter for each partition.
Type n and Enter, then type p and Enter, then type 1, and then type Enter three times to create one new primary partition that uses all available space.
Type t and Enter (Partition 1 is automatically selected because it’s the only partition), then type 7 and Enter to change the type to HPFS/NTFS/exFAT.
Type a and Enter, then type 1 and Enter to turn on the Boot flag.
To verify everything worked, type p and Enter and make sure the Boot column has an asterisk (*) set and the Id column is set to 7.
Type w and Enter to write the changes.
Next, go to the section titled Format the New Partition on the USB Drive as NTFS.

Partition the USB Drive with parted

Open the USB drive in parted:

sudo parted /dev/sdX
Once you are in the parted interactive menu, partition the USB drive with the following steps (Make SURE you are using parted on the right device ID. Everything done using parted is applied in real time.):

(parted) mklabel msdos
(parted) mkpart primary ntfs 1 -1
(parted) set 1 boot on
(parted) quit
Next, go to the section titled Format the New Partition on the USB Drive as NTFS.

Format the New Partition on the USB Drive as NTFS
You will need the Linux NTFS userspace driver installed.

To install it on Fedora, CentOS, or RHEL run sudo yum install ntfs-3g.

To install it on Ubuntu or Debian run sudo apt-get install ntfs-3g.

Then, format the partition as NTFS:

sudo mkfs.ntfs -f /dev/sdX1
Install ms-sys
You will need ms-sys to write a Master Boot Record (MBR) to the USB drive.

In order to compile the source code, make sure you have installed the gcc, make, and gettext repository packages. The package names should be the same on Fedora, CentOS, RHEL, Ubuntu, and Debian.

Download the latest source code from

Un-tar the source code and change into the source code directory:

tar xvzf ms-sys-2.5.0.tar.gz

cd ms-sys-2.5.0
Compile and install the binary:


sudo make install
ms-sys will install to /usr/local/bin. Run the following commands if that path is not already in the root user’s environment PATH:

su –

export PATH=$PATH:/usr/local/bin
Write Master Boot Record (MBR) to the USB Drive
Now that ms-sys is installed, you will use it to write a Windows 7 Master Boot Record to the USB drive:

sudo ms-sys -7 /dev/sdX
Mount the USB Drive
Create or use an existing directory to mount the USB drive:

sudo mkdir -p /mnt/usb

sudo mount /dev/sdX1 /mnt/usb
Mount the Windows 7 ISO
Create or use an existing directory to mount the Windows 7 ISO:

sudo mkdir -p /mnt/iso

sudo mount -o loop /tmp/en_windows_7_professional_x64_dvd_X15-65805.iso /mnt/iso
Copy the Contents of the Windows 7 ISO to the USB Drive
Finally, copy the contents of the mounted Windows 7 ISO to the mounted USB drive (this could take some time depending on the speed of the USB drive):

sudo cp -av /mnt/iso/* /mnt/usb/
Unmount the USB Drive
Unmount the USB drive once the cp command is finished. However, I encountered several situations where the cp command completed before all I/O was written to the USB drive.

Because of this, sudo umount /mnt/usb will stall until all I/O has been written. As previously mentioned, depending on the speed of your USB drive, this could take sometime.

Use the iotop command to watch the I/O bandwidth of the USB drive in real time. Once you no longer see the USB drive at the top of iotop’s output, sudo umount /mnt/usb should successfully exit.

Boot from the USB Drive
Plug the USB drive into the computer you want to install Windows 7 on and boot from it.

Modern laptops and desktop motherboards typically have several USB boot options. You may be required to boot to USB-HDD, USB-ZIP, USB-FDD, or USB-CDROM.

Script to change ownership of /home Cpanel users

Script to change ownership of /home Cpanel users

save the below script to a file “”. then change permission ‘777’ for that file.


echo -e “Checking ownership of /home/user \n”
for i in `ls /var/cpanel/users/`
if [ “$i” != “root” ]; then
chown -R $i:$i /home/$i
chown $i:nobody /home/$i/public_html /home/$i/.htpasswds
chown $i:mail /home/$i/etc /home/$i/etc/*/shadow /home/$i/etc/*/passwd
echo $i


Then ./

Wild Card Domain Redirection

Wild Card Domain Redirection


Setting up wild card to redirect * to i,e. will be 
redirected to

First create a .htaccess file in the document root folder of the domain so will be redirected to and below is the .htaccess file to achieve this condition.

DirectoryIndex index.html
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com [NC]
RewriteRule (.*)$1 [R=301,L]

Anything that stats with * eg: will be redirected to



Starting httpd: (98)Address already in use: make sock: could not bind to address

Starting httpd: (98)Address already in use: make sock: could not bind to address


Restarting httpd service 

Error :

Starting httpd: (98)Address already in use: make_sock: could not bind to address
no listening sockets available, shutting down
Unable to open logs!

Cause :

Simultaneous use of port by other processes in the server

Fix :

Following Steps need to be performed in-order to find its fix

Lets consider the process crond using the port

1. now run the below command

netstat -lnp | grep ''

2. if output is as following

tcp 0 0* LISTEN 30982/crond

then stop the process which is using the port (in our case it is “crond”) as below

service crond stop

3. then run following

service httpd restart

this should give as below

Stopping httpd: [FAILED]
Starting httpd: [ OK ]

and later start crond service as following

service crond start

Everything should work fine.

Cpanel Logs

Applications can log the system activity in two ways, one being according to their autonomous logic & the other through the system’s 
log daemon, well know as syslog..

The syslog daemon’s configuration file /etc/syslog.conf contains all the necessary paths/locations as to where the logs are stored.

Usually the directory /var/log/ is used for the system logs but other applications use the applications specified directories to 
store their log files… Many distributions provide tools to manage and analyze the system logs.

Logrotate is a well known log rotation tool which usually is configured in the /etc/logrotate.conf file.
It may also have additional package-defined configurations in the /etc/logrotate.d/ directory..In order to understand what’s 
happening on the system a brief analysis of /etc/syslog.conf is mandatory for checking the main logs 

Here are some basic log files, their locations & a brief description which can be found in Linux distros [mostly in cPanel ]:
cPanel/WHM Initial Installation Errors:
Location : /var/log/cpanel*install*
Description : These log files contain cPanel installation logs & should be referenced first for any issues resulting from new 
cPanel installations..
Cpanel/WHM Service Status Logs:
Location : /var/log/chkservd.log
Description :The service monitoring demon (chkservd) logs all service checks here. Failed service are represented with a [-] 
and active services are represented by [+].

Cpanel/WHM Accounting Logs:
Location : /var/cpanel/accounting.log
Description : Contains a list of accounting functions performed through WHM, including account removal and creation..

cPanel/WHM Specific Requests and Errors:

cPanel error logs:
Location : /usr/local/cpanel/logs/error_log
Description : cPanel logs any error it incurs here. This should be checked when you encounter errors or strange behavior in cPanel/WHM…
cPanel License Error Logs:
Location : /usr/local/cpanel/logs/license_log
Description : All license update attempts are logged here. If you run into any errors related to license when logging in, check here.
Stats Daemon Logs:
Location : /usr/local/cpanel/logs/stats_log
Description : The stats daemon (cpanellogd) logs the output from all stats generators (Awstats, Webalizer, Analog) here.
Client Information, Requested URL Logs:
Location : /usr/local/cpanel/logs/access_log
Description : General information related to access cPanel requests is logged here.
cPanel/WHM Update Logs:
Location : /var/cpanel/updatelogs/update-[TIMESTAMP].log
Description : Contains all output from each cPanel update [upcp]. It’s named with the timestamp at which the upcp process 
was initiated..
Bandwidth Logs:
Location : /var/cpanel/bandwidth
Description : Files contain a list of the bandwidth history for each account. Each named after their respective user.
Tailwatchd [New]:
Location : /usr/local/cpanel/logs/tailwatchd_log
Description : Logs for daemon configuired under tailwatchd ie. cPBandwd, Eximstats, Antirelayd.

Apache Logs:

General Error and Auditing Logs:
Location : /usr/local/apache/logs/error_log
Description : All exceptions caught by httpd along with standard error output from CGI applications are logged here..
The first place you should look when httpd crashes or you incur errors when accessing website.
Apache SuExec Logs:
Location : /usr/local/apache/logs/suexec_log
Description : Auditing information reported by suexec each time a CGI application is executed. Useful for debugging internal 
server errors, with no relevant information being reported to the Apache error_log, check here for potential suexec policy 
Domain Access Logs:
Location : /usr/local/apache/domlogs/
Description : General access log file for each domain configured with cPanel.
Apache Access Logs:
Location : /usr/local/apache/logs/access_log
Description : Complete web server access log records all requests processed by the server.

Exim :

Message Reception and Delivery:
Location : /var/log/exim_mainlog or /var/log/exim/mainlog
Description : Receives an entry every time a message is received or delivered.
Exim ACLs/Policies based RejectLog :
Location : /var/log/exim_rejectlog
Description : An entry is written to this log every time a message is rejected based on either ACLs or other policies 
eg: aliases configured to :fail
Unexpected or Fatal Errors:
Location : /var/log/exim_paniclog
Description : Logs any entries exim doesn’t know how to handle. It’s generally a really bad thing when log entries are 
being written here, and they should be properly investigated..
IMAP/POP/SpamAssassin General Logging and Errors:
Location : /var/log/maillog & /var/log/messages
Description : The IMAP, POP, and SpamAssassin services all log here. This includes all general logging information (
login attempts, transactions, spam scoring), along with fatal errors.


FTP Logins and General Errors:
Location : /var/log/messages
Description : General information and login attempts are logged here..
FTP Transactions logging:
Location : /var/log/xferlog or /var/log/messages
Description : Is a symbolic link in most cases to /usr/local/apache/domlogs/ftpxferlog, which contains a history of the 
transactions made by FTP users…


MySQL General Information and Errors :
Location : /var/lib/mysql/$(hostname).err
Description : This path could vary, but is generally located in /var/lib/mysql. Could also be located at /var/log/mysqld.log


Authentication attempts:
Location : /var/log/secure
Description : Logs all daemons which requires PAM Authentication.
Tracking all Bad Logins and Logouts:
Location : /var/log/btmp
Description : Log of all attempted bad logins to the system. Accessed via the lastb command..
Tracking all Logins and Logouts:
Location : /var/log/wtmp
Description : The wtmp file records all logins and logouts.
Last Logins:
Location : /var/log/lastlog
Description : Database times of previous user logins. The lastlog file is a database which contains info on the last 
login of each user.
WebDav or WebDisk Log :
Location : /usr/local/cpanel/logs/cpdavd_error_log
Description : The cpdavd daemon is “WebDav” (better known as “WebDisk”) which was introduced in cPanel 11 to allow users 
to mount their home directory on their personal computer, always having access to the files and content…
Cphulkd Logs:
Location : /usr/local/cpanel/logs/cphulkd_errors.log
Description : cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services by 
guessing the login password for that service….
It blacklists IPs that it thinks are trying to run a brute force attack.
Failure Logging:
Location : /var/log/faillog
Description : Faillog formats the contents of the failure log from /var/log/faillog database. It also can be used for 
maintains failure counters and limits. Run faillog without arguments display only list of user faillog records who have 
ever had a login failure.
Startup/Boot, Kernel & Hardware error messages :
Location : /var/log/dmesg
Description : dmesg is a “window” into the kernels ring-buffer. It’s a message buffer of the kernel. The content of this 
file is referred to by the dmesg command. It shows bootlog and the hardware errors..

How to reset default SSH port on cPanel servers

How to reset default SSH port on cPanel servers

Did you forget SSH port and try to reset it via WHM, Use the following SSH configuration settings on WHM.

Login to your WHM on a non secure port that is : 2086
For example : http://serverip:2086

Then browse the URL to reset the SSH configuration settings :


After running the script, the default port 22 will reset on your cpanel SSH configuration. You can login SSH and reset it.


How to change the SSH port on cPanel Servers?
To change the SSH port on cPanel server. Login via root password and edit the following file.

vi /etc/ssh/sshd_config

Find the line that says Port 22 and change 22 to any number between 1024->65535 and save the file.

Once done, run:

/etc/init.d/sshd restart

Don’t forget to Enable SSH port on your server Firewall (CSF,etc.,). Otherwise you won’t connect SSH.

Add the new ssh port on csf firewall settings..

vi /etc/csf/csf.conf





APF install

cd /usr/local/src/
tar -zxvf apf-current.tar.gz; cd apf-*

You will get the following error when you try to restart/start apf every time.

apf(660): {glob} !!DEVELOPMENT MODE ENABLED!! – firewall will flush every 5 minutes.

This is because of the development mode enabled in APF configuration file. You can disable it by editing the configuration file.
Details from APF configuration file regarding development mode:

# !!! Do not leave set to (1) !!!
# When set to enabled; 5 minute cronjob is set to stop the firewall. Set
# this off (0) when firewall is determined to be operating as desired.

Edit the configuration file and set DEVEL_MODE=”0″, then restart APF using the command “apf -r“.

Installing CDP agent (On Client Server)

Login to the data server.
cd /etc/yum.repos.d
vi r1soft.repo

Insert the following text into the file and save the file:
name=R1Soft Repository Server

yum install r1soft-cdp-enterprise-agent –enablerepo=r1soft
yum install serverbackup-enterprise-agent –enablerepo=r1soft


rpm -qa |grep r1soft

If it is 64 bit, then
cd rpm-linux64/
rpm -i *.rpm
If it is 32 bit, then
cd rpm-linux32/
rpm -i *.rpm

make sure that port 8443 & 1167 are allowed in the csf.
Configure and Start the CDP Agent Web-based User Interface
Enter the following command to get key from the CDP server.
r1soft-setup –get-key https://IP_of_CDP_server:

DirectAdmin Main IP Change

Do please make a backup of all the files mentioned here, so that if anything go 

wrong on the process we could safely undo the changes.


1: edit  /etc/sysconfig/network-scripts/ifcfg-eth0  and replace the old main IP with  new IP.  // assuming eth0 as the primary Device

2: connect the server  through LAN IP or via KVM and then restart the eth0 device

>> ifdown eth0

>> ifup eth0

3: Restart IP service

>> /etc/init.d/startips restart


4: execute IPswap command

/usr/local/directadmin/scripts/ old IP new IP          //This will replace all the old IP entries with new1


5: Update Licence

>>  /usr/local/directadmin/scripts/ uid lid//uid and lid can be found in “/usr/local/directadmin/scripts/setup.txt”


And restart all the services in server.