<?xml version="1.0"?>
<api>
  <query-continue>
    <allpages gapcontinue="Services" />
  </query-continue>
  <query>
    <pages>
      <page pageid="7" ns="0" title="Repairs">
        <revisions>
          <rev contentformat="text/x-wiki" contentmodel="wikitext" xml:space="preserve">== '''Ram Reset''' ==

Empty non essential cached data from memory (ram) without rebooting.

== '''Clear Swap File''' ==

Empty non essential cached data to clear the swap file without rebooting.

== '''Find Large Files''' ==

Find large files such as logs or old backups etc that might be eating up users space.

== '''Account Fixes''' ==

This feature allows you to fix quotas on your server accounts as well as fix home permissions and run cpanels &quot;fixeverything&quot; script which normally can only be run via ssh. It is not recommended to run more than one of these at a time and to allow the script to finish before closing the window it is running in.

== '''Horde Fix''' ==

This feature will fix most common issues with horde. No emails or accounts will be lost.

== '''cPanel PHP''' ==

This script will rebuild cPanels internal php (note this is the php cPanel and WHM use, not the one websites use).

== '''cPanel Users''' ==
 
This script rebuild cpanels users file and is helpful if cpanel does not pick up (or loses) an existing user account.

== '''Fix RNDC /NDC''' ==

This script will fix rndc and ndc connect errors. Can happen with bind if named.conf is not properly in sync with the rndc connect keys.

== '''Rebuild Valiases''' ==
 
This script will rebuild the /etc/valiases file used to store account info and other cpanel account related data.

== '''Named Fixes''' ==
 
This script will let you rebuild either the /etc/named.conf file or the NSD zones (depending on whether you use NSD or BIND as a nameserver). This is useful to repair corruption that can sometimes happen or missing accounts.

== '''Clean Mail Queue''' ==

This script will let you set a cron job to delete your mail queue every X minutes. Very handy if your servers mail queue usually has a lot of junk in it that you need cleaned out.

== '''Clean /tmp''' ==

Sometimes servers can have a lot of tmp files and if tmp gets filled it stops a lot of things from working. This handy little script will empty out all non essential /tmp files for you in a matter of seconds.

== '''File Repair Utility''' ==

Sometimes files on a server may seem to be corrupted or broken. This can happen a lot with ini files or conf files. The thing is, they are really broken. They have more than likely been accidently saved in pc format instead of linux. This little utility will repair those files to their proper state. Simply enter the path and file name and click the button, like magic, the file is fixed.

== '''MySQL Mass Database Repair''' ==

Once in awhile mysql needs optimizing or some repairs. Fine, cPanel can do that. But what if you have a lot of databases to deal with? This little tool allows you to optimize and repair all databases and tables all at once. Simply punch in your mysql root pass (if you don't know it you can set it on the Settings tab in Xtra or via WHM's mysql section), click the button. And a new window will open and start processing all databases and tables. This can be very quick if there's a lot of small databases but will take a few minutes if you have a bunch of large databases on your server.

== '''Fopen on/off''' ==

Allows you to turn fopen on and off in your cPanel internal php.ini. Most of the time you shouldn't need this but for the odd time you might we added it.

== '''Fix SSH''' ==

Once in awhile root ssh can become corrupted and prevent ssh login even though you want to connect. This tool will repair your ssh config and settings so you can log in again.

== '''Repair Missing Databases''' ==

If you've ever logged into your cPanel and found all your databases and users are gone you know you'll love this handy little tool. One simple click and it will restore all your databases and users to your accounts so they can be seen and accessed again. This will also fix any issues with being able to create/edit/delete mysql users in cPanel.</rev>
        </revisions>
      </page>
      <page pageid="9" ns="0" title="Security">
        <revisions>
          <rev contentformat="text/x-wiki" contentmodel="wikitext" xml:space="preserve">== '''SSH Rootkit Test''' ==

Tests SSH, OpenSSL and LibKey Utils to see if they have been compromised. These tests do not guarantee your server has not been compromised but will do some quick tests to help determine if binaries have been compromised.

== '''User Error Logs''' ==

Find old user error logs that might be taking up way too much space and need to be removed.

== '''Find Install Files and Find PHP.ini Files''' ==

Find and remove old leftover install files which can provide an attack vector for hackers as well as users custom php.ini files.

== '''Fix Nobody Files and Fix Root Files''' ==

Find and fix folders and files on user accounts that are improperly owned by root or nobody users.
== '''Fix 777''' ==

Find and fix folders and files on user accounts that are improperly chmod to 777. Find will create a viewable/downloadable report. Fix will repair the permissions. 644 will be used for files. 755 will be used for folders. Scans will report results of clean if everything is ok and Folders/Files Found if it finds any chmod to 777.

== '''Failed SSH Logins''' ==

View list of failed ssh login attempts.

== '''Bash History''' ==

View bash history for root or a specific user.

== '''SSH Logins''' ==

View SSH Logins, view by last logged in, users, IP's or month.



== '''Apache/PHP Security Tester''' ==

Test installed apache and php for security issues. Can only be used via the Remote Control Plugin.

== '''Advanced Policy Firewall''' ==

Install, remove, configure and manage Advanced Policy Firewall and Brute Force Detection. Note this feature also has an advanced management area we call APF Central for managing APF and BFD, including editing the config, adding and removing IP's and more.

== '''CSF''' ==

Install and remove Config Server Firewall and LFD protection. Note we only provide the means to install and remove CSF. Management of CSF is done via configservers on addon that will be visible after you install and refresh your screen. You can find it in the plugins section of the WHM menu where Xtra is also located.

== '''Fail2Ban''' ==
 
Scans logs and bans IP's that it finds are making to many connections (eg brute force attacks).

== '''RK Hunter''' ==
 
RK Hunter is one of the more popular rootkit detectors. This part of Xtra will allow you to install, upgrade, remove and overall manage RK Hunter. This interface will also allow you to run it and view realtime results as well as view the log generated after it finishes running. You may also toggle the cron on and off as well as set the email to send the results to if you wish to receive them via email.
 
== '''CHK Rootkit Hunter''' ==

Similar to RK Hunter but performing slightly different checks. Useful to run with RK Hunter. This interface allows the installation, removal and management of CHK as well as turning the cron on and off and setting the email to send the results to (if you wish). You can also run it from this interface and view the results live.

== '''Unhide''' ==

Performs several types of checks for hidden processes and suspicious processes. Install, remove and view live results with this script.

== '''System Integrity Monitor''' ==

SIM is a system and services monitor. It is designed to be intuitive and modular in nature, and to provide a clean and informative status system. Install, remove, update and manage this program via Xtra.

== '''Process Resource Monitor''' ==

PRM monitors the process table on a given system and matches process id's with set resource limits in the config file or per-process based rules. Process id's that match or exceed the set limits are logged and killed; includes e-mail alerts, kernel logging routine and more. Install, remove, update and manage this feature in this section.

== '''Linux Socket Monitor''' ==

LSM is a bash scripted network socket monitor. It is designed to track changes to Network sockets and Unix domain sockets. LSM identifies changes in both Network Sockets and Unix Domain Sockets. By recording a base set of what sockets should be active then comparing the currently active socket information to that of the base comparison files, we highlight otherwise unknown services.

== '''Network Socket Inode Validation''' ==
 
Network socket inode validation is a rule based utility intended to aid in the validation of inodes against each LISTEN socket on a system. The nature for this app is such that rouge binaries can easily hijack a user, program privileges, or work space; and utilize such to kill the old service &amp; execute a new service on the known port they crashed. The best known examples of this trend is ‘tmp’ path uploaded content via php remote include exploits; which is executed, crashes the web server and starts a rouge httpd process and other such items. The execution cycle of NSIV is very simple, first it determines the running process ID of your binary followed by the trusted inode (that which is associated to the BIN variable).  Then, the PORT value is used to check that the binary holding said port open actually references back to the trusted inode, if it does not then we assume the service has been hijacked and the PID is killed / RST executed with optional e-mail alert dispatched.

== '''Linux Malware Detect''' ==

Linux Malware Detect is a malware scanner for Linux that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection.

== '''Wget / Lynx''' ==

Used for updating software and cpanel (and Xtra) WGET and Lynx can also be used by hackers to get exploits onto your server. For security we suggest using this feature to disable them until you need them to upgrade something.

== '''TripWire''' ==

Open Source Tripwire software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems.
 
== '''Snort''' ==

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Takes about 5 minutes to install.
 
Note: Requires some manual work to complete the install, if you aren't familiar with it already don't mess with it. This version not for 64 bit systems.

== '''Lynis''' ==

Lynis is an auditing tool for Unix. It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.

== '''MySQL Performance (also known as MySQL Tuner)''' ==

Reports various data on how MySQL is performing on your server and suggests possible ways to improve it. Original script by Major Hayden.

== '''List Open Ports''' ==

This little script will show you which ports on your server and are currently actively listening for traffic. Useful to check and see if a hacker may have opened a port that you want closed.

== '''List Connections''' ==

Shows current and recent connections to the server along with the full status of apache.

== '''List User ID's''' ==

Lists the ID's of all system users.

== '''On Guard''' ==

On Guard is a script designed by us to monitor files in /tmp, /var/tmp and /dev/shm for malicious files and exploits uploaded to your server by hackers. Once activated the script will  monitor these directories and email you if it detects a possibly malicious file so you can check it out before a hacker does any serious damage. Use the interface to install, configure and manage the script as well as the cron job.

== '''Secure Partitions''' ==

Secure and set proper permissions on /tmp, /var/tmp and /dev/shm.

== '''Find Shell Scripts''' ==

This will search for cgi and php scripts containing shell commands most often used by hackers. Default search checks /home and /home2. If you just want to check a specific user account or a different directory you can use the custom search option.

== '''Find Open Proxies''' ==

This script checks your server for open proxy servers. Note there is nothing to run, it quickly checks whenever you visit the page.

== '''Process Checker''' ==
Scans all running processes for suspicious ones and kills any it finds. Nothing to run, scan and results come up right away (yes it's real time scanning).</rev>
        </revisions>
      </page>
    </pages>
  </query>
</api>