How to access Awstats from outside the control panel ?

Accessing Awstats from outside the control panel is easy.

Step 1.

Download awstats from awstats.sourceforge.net

Step 2.

Uncompress awstats-5.6.tgz

Step 3.

Copy the contents of the uncompressed cgi-bin folder from your hard drive to the user cgi-bin directory (this includes awstats.pl, awstats.model.conf, and the lang, lib and plugins sub-directories).

Step 4.

If necessary (should not be needed with most setups), edit the first (top-most) line of awstats.pl file that is

#!/usr/bin/perl

to reflect the path were your Perl interpreter is installed. Default value works for most of Unix OS, but it also might be #!/usr/local/bin/perl

Step 5.

Move AWStats icon sub-directories and its content into a directory readable by your web server, for example /home/users/public_html/icons

Step 6.

Copy awstats.model.conf file into a new file named awstats.myvirtualhostname.conf.

This new file must be stored in /home/user/public_html/cgi-bin.

Step 7.

Edit this new config file with your own setup :

- Change LogFile value with full path of your web server log file (The path is: LogFile=”/usr/local/apache/domlogs/domain.com”).
- Check if LogFormat has the value “1″ (it means “NCSA apache combined/ELF/XLF log format”).
- Change DirIcons parameter to reflect relative path of icon directory. (DirIcons=”/icons”)
- Edit SiteDomain parameter with the main domain name or the intranet web server name used to reach the web site to analyze (Example: www.mydomain.com).

IMPORTANT!
- Change DirData to use the same Statics file than Cpanel Awstats and do not loose any entry.
(DirData=”/home/user/tmp/awstats/”)

Step 8.

Access AwStats by the URL:
www.domain.com/cgi-bin/awstats.pl?config=domain.com

Done!!!

The AwStats will refresh the Statics every 24 Hours.

Is it possible to allow users to update Awstats from the Cpanel?

Yes, Change the parameter “AllowToUpdateStatsFromBrowser” in /usr/local/cpanel/etc/awstats.conf set to 1,

AWStats add a button on report page to “update” statistics from a web browser. This is not a good idea, because Update process can be long so you might experience “time out” browser errors if you don’t launch AWStats enough frequently. Also, it take around 12-24 hours to take into effect.

There is an option in WHM>> Server Configuration >> Tweak Settings>>Stats and Logs to “Allow users to update Awstats from cPanel“.

How to update Awstats and webalizer via shell?

We could update the webalizer using the command /usr/local/cpanel/3rdparty/bin/english/webalizer -N 10 -D /home/username/tmp/webalizer/dns_cache.db -R 250 -p -n domain.com -o /home/username/tmp/webalizer /usr/local/apache/domlogs/domain.com

The Awstats can be updated by using the script /scripts/runweblogs accountname

Is it possible to view webalizer stats without login to cpanel?

Yes. Do the following steps.

cd /home/username/www
ln -s ../tmp/webalizer stats
chown username.username stats
cd ../tmp
chmod 755 ./
chmod 755 ./webalizer
—————-
will allow domain.com/stats/ for viewing stats without logging in to cpanel

Following steps will allow only selected users in particular group to run GET command on the server :

Step 1:- Create a group on the server

Code:

]# groupadd getgrp

Step 2:- Give execute permission to group

Code:

]# chmod 750 /usr/bin/GET

Step 3:- Add this group to GET file.

Code:

]# chown root.getgrp /usr/bin/GET

Step 4:- To check the permission of GET

Code:

]# ll -ld /usr/bin/GET

Step 5:- Now if you need to add the user to getgrp so that he gets execute permission on GET. Also getgrp should be secondary group of that user. Let the user be myuser1.

Code:

]# gpasswd -M myuser1 getgrp

Step 6:- To check if the user is added

Code:

]# cat /etc/group | grep getgrp

Step 7:- But if you want to add another user say myuser2 then please make sure that you mention both the user in your command as :

Code:

]# gpasswd -M myuser1,myuser2 getgrp

If you don’t mention both the user, this command will replace all the users with the user mentioned in your command. You should always run the cat command before adding any user so that you know how many users are already added. Or you can just edit the /etc/group file and add the user in the getgrp line.

The above steps will allow only root, myuser1 and myuser2 to execute GET command, all other will be denied.

Please note that path to GET may vary with the OS.

How can I run Rootkit Hunter every day?

You can create a cronjob script like this:

=========== /etc/cron.daily/rkhunter ====================
#!/bin/sh
(
/usr/local/bin/rkhunter –versioncheck
/usr/local/bin/rkhunter –update
/usr/local/bin/rkhunter –cronjob –report-warnings-only
) | /bin/mail -s ‘rkhunter Daily Run’ root
================================================== =======

You must be at ver 1.2.8 to use the report warnings only funtion.

How do I install Rootkit Hunter?

Download the gzipped tarball, extract it and run the installation script.

download:
# wget http://downloads.rootkit.nl/rkhunter-1.2.8.tar.gz
Note: It doesn’t matter where you save the tarball

extract:
# tar zxf rkhunter-1.2.8.tar.gz

installation:
# cd rkhunter
# ./installer.sh

This tutorial is for Web Server Administrators who administer Web Server.

Rules for Apache 2.x for better Security !

P.S: you must have Apache 2.x and Modsecurity_2 Installed

Step 1:- Downloading the Rules file

Code:

cd /etc
wget http://hyperois.com/files/modsec2_rules.tar.gz

Step 2:- Uncompress files

Code:

tar -xzvf modsec2_rules.tar.gz

Step 3:- Edit modsec2.conf

Code:

vi /usr/local/apache/conf/modsec2.conf

Step 4:- Copy and Paste this rules into your modsec2.conf

Code:

<IfModule mod_security2.c>
SecRuleEngine On
# “Add the rules that will do exactly the same as the directives”
# SecFilterCheckURLEncoding On
# SecFilterForceByteRange 0 255
SecAuditEngine RelevantOnly
SecAuditLog logs/modsec_audit.log
SecDebugLog logs/modsec_debug_log
SecDebugLogLevel 0
SecDefaultAction “phase:2,deny,log,status:406″
SecRule REMOTE_ADDR “^127.0.0.1$” nolog,allow
Include “/usr/local/apache/conf/modsec2.user.conf”

SecServerSignature “Rules Powered By HyperOIS.com”

#First, add in your exclusion rules:
#These MUST come first!
Include /etc/modsecurity/exclude.conf

#Application protection rules
Include /etc/modsecurity/rules.conf

#Just in Time Patches for Vulnerable Applications
Include /etc/modsecurity/jitp.conf

#Comment spam rules
Include /etc/modsecurity/blacklist.conf

#Bad hosts, bad proxies and other bad players
Include /etc/modsecurity/blacklist2.conf

#Bad clients, known bogus useragents and other signs of malware
Include /etc/modsecurity/useragents.conf

#Known bad software, rootkits and other malware
Include /etc/modsecurity/rootkits.conf

#Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x
Include /etc/modsecurity/apache2-rules.conf

</IfModule>

Step 5:- Save and exit the file by clicking escape then typing

Code:

:wq

Step 6:- Lets apply the new setting by restarting Apache

Code:

services httpd restart

or

Code:

/etc/init.d/httpd restart