Fantastic bash one-liners:

My collection

List all domains on the server:

ls /var/named | grep db | grep -v inmotion | awk -F".db" '{print $1}'

dns-sync all domains on a VPS (internal utility):

for dom in $(ls /var/named | grep db | grep -v inmotion | awk -F".db" '{print $1}'); do dns-sync -s $dom; done

dns-sync in Shared:

echo "What is the Primary Username?: "; read userna5 ; for dom in $(sudo cat /etc/userdomains | grep $userna5 | awk -F":" '{print $1}'); do dns-sync $dom; done

check NS for all domains in a server:

for dom in $(ls /var/named | grep db | grep -v inmotion | awk -F".db" '{print $1}'); do echo $dom && dig +short ns $dom && echo -e "\n"; done

check specified record for specified user in shared:

echo "What is the Primary Username?: "; read userna5 ; echo "What kind of record are you trying to check?" ; read record ; for dom in $(sudo cat /etc/userdomains | grep $userna5 | awk -F":" '{print $1}'); do echo $dom && dig +short $record $dom && echo -e "\n"; done

in case "wp plugin list" fails, direct SQL query:

SELECT * FROM wp_options WHERE option_name = 'active_plugins';

identify all references to unsecured HTTP in both site files and loaded content, writing to a file:

echo $(grep -ir '<a href="http://' & grep $(php index.php) -ir '<a href="http://') > MixedContent.txt

Dakota's miracle authentication failure log-checker

read -p "Enter the IP address: " ip; echo -e "\nScanning logs for instances of the IP provided........\n\nThis may take some time, checking archived logs as well...\n"; dovecot_log=$(sudo cat /var/log/maillog | grep 'auth failed' | grep "$ip"; for file in $(sudo ls /var/log/ | grep maillog- | grep gz); do sudo zcat /var/log/$file | grep 'auth failed' | grep "$ip"; done); exim_log=$(sudo cat /var/log/exim_mainlog | grep 'authenticator failed' | grep "$ip"; for file in $(sudo ls /var/log/ | grep exim_mainlog- | grep gz); do sudo zcat /var/log/$file | grep 'authenticator failed' | grep "$ip"; done); dovecot_count=$(echo "$dovecot_log" | grep -c '^'); exim_count=$(echo "$exim_log" | grep -c '^'); cpanel_log=$(sudo cat /usr/local/cpanel/logs/login_log | grep 'FAILED LOGIN' | grep "$ip"); cpanel_count=$(echo "$cpanel_log" | grep -c '^'); modsec_log=$(sudo cat /usr/local/apache/logs/error_log | grep -E 'id "(13052|13051|13504|90334)"' | grep "$ip" | tail -n 1); if [ -n "$dovecot_log" ]; then echo -e "\nIP address detected in Dovecot log.\nInstances of IP found in log = $dovecot_count\n\nMost recent example:\n$(echo "$dovecot_log" | tail -n 1)\n"; fi; if [ -n "$exim_log" ]; then echo -e "\nIP address detected in Exim log.\nInstances of IP found in log = $exim_count\n\nMost recent example:\n$(echo "$exim_log" | tail -n 1)\n"; fi; if [ -n "$cpanel_log" ]; then echo -e "\nIP address detected in cPanel log.\nInstances of IP found in log = $cpanel_count\n\nMost recent example:\n$(echo "$cpanel_log" | tail -n 1)\n"; fi; if [ -n "$modsec_log" ]; then echo -e "\nIP address detected in ModSec log.\n\nMost recent example:\n$modsec_log\n"; fi; if [ -z "$dovecot_log" ] && [ -z "$exim_log" ] && [ -z "$cpanel_log" ] && [ -z "$modsec_log" ]; then echo -e "\nNo issues found"; fi

given a domain, find all the email login IPs (in cPanel servers)

echo "enter the domain(s) you wish to check"; read $domain; sudo cat /var/log/maillog | grep '.*-login' | grep "$domain" | awk '{print $10}' | grep -E -o '(([0-9]|[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])' | sort | uniq -c | sort -nr

Dark sorcery not to be used in a production environment (always have a backup):

manually remove implanted files from a WordPress installation (run in docroot, spares error logs):

for file in $(wp core verify-checksums 2>&1 | grep 'File should not exist:' | grep -v error_log | awk '{print $6}'); do yes | rm -f ./$file; done

manually remove added files from WordPress plugins (run in docroot):

for pluginfile in $(wp plugin verify-checksums --all | grep "File was added" | awk '{print $1 "/" $2}'); do yes | rm -f "./wp-content/plugins/$pluginfile"; done

TODO: this ignores files with whitespace in the name

A. Lam archive:

WordPress commands:

Backup WordPress Database

wp db export

Import WordPress Database

wp db import dbname.sql

List all Users

wp user list

Add temp-admin WordPress User:

wp user create support testing@servconfig.com --role=administrator

Delete temp-admin WordPress User

wp user delete support --reassign=1

Update User Password:

wp user update username --user_pass=newpass

Set User as Admin:

wp user set-role username administrator

Default WordPress .htaccess:

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

HTTPS Force:

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Disable all plugins for 30 secs:

if activelist=$(wp option get active_plugins --format=json);then wp plugin deactivate --all;echo "Plugins deactivated for 30 seconds, reload the page now.";sleep 30;wp option set active_plugins $activelist --format=json;else echo "Failed to save existing plugin list.";fi;

Disable all plugins for X amount of seconds:

read -p "Disable Plugins for how many seconds: " i; if activelist=$(wp option get active_plugins --format=json);then wp plugin deactivate --all;echo "Plugins deactivated for "$i" seconds, reload the page now.";sleep $i; wp option set active_plugins $activelist --format=json;else echo "Failed to save existing plugin list.";fi;

Disable Plugins One-By-One:

for i in $( wp plugin list --status=active --format=csv --field=name ); do if wp plugin deactivate $i;then echo "Hit any key to re-enable, and go to the next plugin."; read -n 1 -s; wp plugin activate $i;else echo "Failed to deactivate $i, exiting.";break;fi;done

WordPress database connection:

wp db tables

Update siteurl and home:

wp option set siteurl 'http://www.example.com' && wp option set home 'http://www.example.com'

WordPress core re-install:

wp core download --force

Upload multiple files concurrently (add to .htaccess):

SetEnv MAGICK_THREAD_LIMIT 1

WordPress search replace:

wp search-replace 'oldstring' 'newstring'

Thumbnail Regenerate:

wp media regenerate --yes

Reinstall all plugins:

for plugin in $(wp plugin list --field=name --skip-{plugins,themes}); do wp plugin install $plugin --force --version=$(wp plugin list --name=$plugin --field=version --skip-{plugins,themes}) --skip-{plugins,themes}; done

General PHP commands

Create phpinfo page:

echo "<?php phpinfo(); ?>" >> phpinfo.php

Copy server default php.ini to directory:

cp /usr/local/lib/php.ini ./

Check PHP Handlers:

sudo /usr/local/cpanel/bin/rebuild_phpconf --current

Specify PHP directory in .htaccess (doesn't work in DSO handler):

suPHP_ConfigPath /home/username/public_html

Check PHP modules:

php -m

Loop to search for PHP module:

for i in 55 56 70 71 72 73 74 80 81 82 83; do /opt/cpanel/ea-php$i/root/usr/bin/php -m |grep imagick; done

Change PHP version in .htaccess ("*" is a standin for a decimal digit here):

AddHandler application/x-httpd-php** .php

Check PHP configuration file on server:

php -i | grep "search text"

Install PHP Switcher (requires root, incompatible with EA4):

yum -y install imh-php52 imh-php53 imh-php54 imh-php55 imh-php56 imh-php70 cpanel-phpconf && echo -e 'Include "/usr/local/apache/conf/php.conf"\nInclude "/etc/apache2/conf.d/php70.conf"\nInclude "/etc/apache2/conf.d/php56.conf"\nInclude "/etc/apache2/conf.d/php55.conf"\nInclude "/etc/apache2/conf.d/php54.conf"\nInclude "/etc/apache2/conf.d/php53.conf"\nInclude "/etc/apache2/conf.d/php52.conf"' > /etc/apache2/conf.d/php.conf; service httpd restart

Un-install PHP Switcher:

yum -y remove imh-php52 imh-php53 imh-php54 imh-php55 imh-php56 imh-php70 cpanel-phpconf

Email commands

Check SpamAssassin Info on Shared:

sa_info -a email@email.com

Whitelist in SpamAssassin on Shared Server:

sa_whitelist -a domain.com

Recent Email Sent:

echo -ne "What user? "; read user; sudo cat /etc/userdomains | grep $user | cut -d: -f1 > domains.txt; for i in $(cat domains.txt); do sudo cat /var/log/exim_mainlog | grep -e '<= [^@<>]*@'$i | awk '{print $6}'|sort|uniq -c|sort -n; done

Check Mail IP on shared:

sudo cat /etc/mailips

Add/Remove local domains in routing:

addlocaldomain domain.com
rmlocaldomain domain.com

Count how many pending emails in outbound:

exim -bpc

Check Spam On Server:

echo;echo "Location and volume of mailing scripts:";echo; sudo cat /var/log/exim_mainlog| LC_ALL=C grep -i .|grep cwd|awk -F'=' '{print $2}'|cut -d' ' -f1|sort|uniq -c|sort -nr|head -20;echo;echo; echo "Top Email senders:";echo;cat /var/log/exim_mainlog| awk 'match ($0,/<= ([^@<>]+(@|\+)[^ ]+)/,a) {print a[1]}' |sort|uniq -c|sort -nr|head -20;echo;echo;echo "Top Mail subjects:";echo;cat /var/log/exim_mainlog | grep courier_login |awk 'match($0,/T="([^"]*)"/,a){print a[1]}'| sort | uniq -c | sort -nr|head -15;echo;echo;echo "IMAP Connections by mail box:";echo;/opt/dedrads/check_imap --mailbox;echo;echo;echo "IMAP Connections by User:";echo;/opt/dedrads/check_imap --userconns;echo;echo;echo "Email logins by acct:";echo;/opt/dedrads/check_imap --login_email|sort -nr|head -10;echo;echo;echo "Failed Logins by IP address:";echo;/opt/dedrads/check_imap --login_failed;echo;echo;echo "Email logins by IP";echo;/opt/dedrads/check_imap --login_ip|sort -nr|head -10;echo;echo;echo "Checks to see if you are hitting the maximum number allowed connections";echo;/opt/dedrads/check_imap --checkerror|tail -10;echo;echo "Show where bounces are going to:";echo;/opt/dedrads/check_exim --queuebybounceback |sort -nr|head -10;echo;echo "Check for Boxtrapper wars, Over 1000 is bad";echo;/opt/dedrads/check_boxtrapper --logs |grep -v "Scanning /var/log/exim_mainlog for boxtrapper wars - big numbers are bad (usually 1k-> >100K). You can ignore 'transport'."|sort -nr|head -10

Clear mail in queue:

find /var/spool/exim/input -type f -exec rm -f {} +

Clear dovecot:

find -name dovecot.\* -ls -delete

Add DMARC record to all accounts (cPanel):

cp -r /var/named{,.bk} && for domain in /var/named/*.db; do domain=$(basename $domain .db); whmapi1 addzonerecord domain="${domain}" name="_dmarc.${domain}" class=IN ttl=86400 type=TXT txtdata='v=DMARC1; p=reject; sp=none; rf=afrf; pct=100; ri=86400'; done

Clear Email Retry Error:

mv /var/spool/exim/db/retry /var/spool/exim/db/retry-bk
mv /var/spool/exim/db/retry.lockfile /var/spool/exim/db/retry.lockfile-bk
service restart exim

Force Delivery of stuck emails:

exim -qff -v

Backup & Restoration

Check for backup on shared server:

tail /opt/backup/logs/users/username

Check for backup on VPS server:

ssh backup node
cd /mnt/*/*/(vpdID)

Force WHM backup:

/usr/local/cpanel/bin/backup --force

Export MySQL database in terminal:

mysqldump -u dbusername -p databasename > nameofdbbackup.sql

Restore database on shared server:

sudo /opt/sharedrads/restore-db database_name

Pause/Resume shared backup:

sudo /opt/tier1adv/bin/imhbackups username pause
sudo /opt/tier1adv/bin/imhbackups username resume

SSL

Server SSL key location:

/var/cpanel/ssl/system/keys

Service SSL cPanel/WHM Force:

/usr/local/cpanel/bin/checkallsslcerts --allow-retry --verbose

Run SSL check:

autossl_check --user username

Purge NGINX cache on VPS:

for i in $(\ls /var/cpanel/users | grep -v system); do ngxconf -u $i -rd; done

Purge NGINX cache on shared:

ngxconf -u username -rd

Server commands

Check what node server is on:

traceroute -m1 inmotionhosting.com|sed '1d'|awk {'print $2'}|cut -d\. -f1

hopf fibration
You loaded this page at: Friday, 17-Jan-2025 21:05:07 EST
Your IP: 18.191.171.26
Last modified Saturday, 28-Dec-2024 14:57:19 EST