rhel7 Archives - Carlos Sura

ClamAV high cpu usage VestaCP

September 3, 2016 by Carlos Sura Leave a Comment

I was looking that a new server with VestaCP and CentOS 7 was actually on 100% CPU usage when ClamAV was running, therefore I found a quick solution:

systemctl stop clamd
mkdir /var/run/clamav
chown clam:mail /var/run/clamav
systemctl restart clamd

systemctl stop clamd

mkdir /var/run/clamav

chown clam:mail /var/run/clamav

systemctl restart clamd

Now, in order to keep these changes after rebooting the server:

vim /etc/rc.local
mkdir /var/run/clamav
chown clam:mail /var/run/clamav

vim /etc/rc.local

mkdir /var/run/clamav

chown clam:mail /var/run/clamav

That should lower the CPU usage, this is a quick fix, for more information … [Read more…]

Apache + mod_fcgid + PHP + SuEXEC RHEL7/CentOS7

January 27, 2015 by Carlos Sura Leave a Comment

To avoid permission issues with our vhosts we are going to install and configure: Apache + mod_fcgid + PHP + SuEXEC.

# Let's install basics
yum install php-common php-cli mod_fcgid httpd httpd-devel

# Create the following directories and files
mkdir -p /var/www/cgi-bin/domain.com
vim /var/www/cgi-bin/domain.com/php-domain.com

# Let's add the follwing

#!/bin/sh
export PHPRC=/home/dominio
export PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_CHILDREN=1
exec /usr/bin/php-cgi

# Assing permissions to the files and folders
chmod 755 /var/www/cgi-bin/domain.com/php-domain.com
chown -R domain.com:domain.com /var/www/cgi-bin/test.domain.com

# Modify the following file
vim /var/www/cgi-bin/php-fcgi

# Add the following

#!/bin/sh
export PHPRC=/etc
export PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_CHILDREN=1
exec /usr/bin/php-cgi

# Assign permissions
chmod 755 /var/www/cgi-bin/php-fcgi

# If we want a different configuration for each site, we can copy the php.ini file
cp /etc/php.ini /home/domain.com/
chown domain.com:domain.com /home/domain.com/php.ini

# Find and assign permissions to files and folders
find /home/domain.com/public_html/ -type d -exec chmod 755 {} \;
find /home/domain.com/public_html/ -type f -exec chmod 644 {} \;

# In case we use an .htaccess file we might want to run:
find /home -name .htaccess -exec grep -nH php_ {} \;

# This is option, but if php/apache is complaining about this, you might want to do the following:
chown 1777 /var/lib/php/session

# This is how apache vhost config should looks like
# Do not forget to change the line: SuexecUserGroup "#503" "#503"  (use your own username)
<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /home/domain.com/public_html
ErrorLog /var/log/httpd/domain.com-error_log
CustomLog /var/log/httpd/domain.com-access_log common
ScriptAlias /cgi-bin/ /home/domain.com/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<IfModule mod_fcgid.c>
Alias /fcgi-bin/ /var/www/cgi-bin/
<Location /fcgi-bin/>
   SetHandler fcgid-script
   Options +ExecCGI
</Location>
   SuexecUserGroup "#503" "#503"
<Directory /home/domain.com/public_html>
Options -Indexes +IncludesNOEXEC +FollowSymLinks +ExecCGI
   AddHandler php-fcgi .php
   Action php-fcgi /fcgi-bin/domain.com/php-domain.com
   FCGIWrapper /var/www/cgi-bin/domain.com/php-domain.com .php
allow from all
AllowOverride All
</Directory>
</IfModule>
<Directory /home/domain.com/cgi-bin>
Options ExecCGI
Allow from all
</Directory>
</VirtualHost>

# Let's install basics

yum install php-common php-cli mod_fcgid httpd httpd-devel

# Create the following directories and files

mkdir -p /var/www/cgi-bin/domain.com

vim /var/www/cgi-bin/domain.com/php-domain.com

# Let's add the follwing

#!/bin/sh

export PHPRC=/home/dominio

export PHP_FCGI_MAX_REQUESTS=5000

export PHP_FCGI_CHILDREN=1

exec /usr/bin/php-cgi

# Assing permissions to the files and folders

chmod 755 /var/www/cgi-bin/domain.com/php-domain.com

chown -R domain.com:domain.com /var/www/cgi-bin/test.domain.com

# Modify the following file

vim /var/www/cgi-bin/php-fcgi

# Add the following

#!/bin/sh

export PHPRC=/etc

export PHP_FCGI_MAX_REQUESTS=5000

export PHP_FCGI_CHILDREN=1

exec /usr/bin/php-cgi

# Assign permissions

chmod 755 /var/www/cgi-bin/php-fcgi

# If we want a different configuration for each site, we can copy the php.ini file

cp /etc/php.ini /home/domain.com/

chown domain.com:domain.com /home/domain.com/php.ini

# Find and assign permissions to files and folders

find /home/domain.com/public_html/ -type d -exec chmod 755 {} \;

find /home/domain.com/public_html/ -type f -exec chmod 644 {} \;

# In case we use an .htaccess file we might want to run:

find /home -name .htaccess -exec grep -nH php_ {} \;

# This is option, but if php/apache is complaining about this, you might want to do the following:

chown 1777 /var/lib/php/session

# This is how apache vhost config should looks like

# Do not forget to change the line: SuexecUserGroup "#503" "#503" (use your own username)

ServerName domain.com

ServerAlias www.domain.com

DocumentRoot /home/domain.com/public_html

ErrorLog /var/log/httpd/domain.com-error_log

CustomLog /var/log/httpd/domain.com-access_log common

ScriptAlias /cgi-bin/ /home/domain.com/cgi-bin/

DirectoryIndex index.html index.htm index.php index.php4 index.php5

Alias /fcgi-bin/ /var/www/cgi-bin/

SetHandler fcgid-script

Options +ExecCGI

</Location>

SuexecUserGroup "#503" "#503"

Options -Indexes +IncludesNOEXEC +FollowSymLinks +ExecCGI

AddHandler php-fcgi .php

Action php-fcgi /fcgi-bin/domain.com/php-domain.com

FCGIWrapper /var/www/cgi-bin/domain.com/php-domain.com .php

allow from all

AllowOverride All

</Directory>

</IfModule>

Options ExecCGI

Allow from all

</Directory>

</VirtualHost>

Apache + mod_fcgid + PHP + SuEXEC RHEL7/CentOS7

January 22, 2015 by Carlos Sura Leave a Comment

Para evitar problemas engorrosos con los permisos y usuarios en el servidor, vamos a configurar Apache + mod_fcgid + PHP + SuEXEC.

# Instalamos lo necesario y básico, modulos de PHP cada quién usa los suyos
yum install php-common php-cli mod_fcgid httpd httpd-devel

# Creamos un directorio y dentro un archivo
mkdir -p /var/www/cgi-bin/dominio.com
vim /var/www/cgi-bin/dominio.com/php-dominio.com

# Agregamos lo siguiente

#!/bin/sh
export PHPRC=/home/dominio
export PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_CHILDREN=1
exec /usr/bin/php-cgi

# Le asignamos los permisos necesarios
chmod 755 /var/www/cgi-bin/dominio.com/php-dominio.com
chown -R dominio.com:dominio.com /var/www/cgi-bin/test.dominio.com

# Modificamos el siguiente archivo
vim /var/www/cgi-bin/php-fcgi

# Agregamos lo siguiente

#!/bin/sh
export PHPRC=/etc
export PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_CHILDREN=1
exec /usr/bin/php-cgi

# Le asignamos los permisos necesarios
chmod 755 /var/www/cgi-bin/php-fcgi

# Si queremos configuración diferente para cada web, podemos copiar el archivo php.ini
cp /etc/php.ini /home/dominio.com/
chown dominio.com:dominio.com /home/dominio.com/php.ini

# Buscamos y asignamos los permisos necesarios a directorios y archivos
find /home/dominio.com/public_html/ -type d -exec chmod 755 {} \;
find /home/dominio.com/public_html/ -type f -exec chmod 644 {} \;

# En caso de que tengamos un archivo htaccess
find /home -name .htaccess -exec grep -nH php_ {} \;

# Para evitar errores en php o apache, asignamos los permisos siguientes
chown 1777 /var/lib/php/session

# Por último creamos el archivo de configuración de apache, se verá más o menos así:
# No olvidar cambiar la línea: SuexecUserGroup "#503" "#503" por el usuario que se use.
<VirtualHost *:80>
ServerName dominio.com
ServerAlias www.dominio.com
DocumentRoot /home/dominio.com/public_html
ErrorLog /var/log/httpd/dominio.com-error_log
CustomLog /var/log/httpd/dominio.com-access_log common
ScriptAlias /cgi-bin/ /home/dominio.com/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<IfModule mod_fcgid.c>
Alias /fcgi-bin/ /var/www/cgi-bin/
<Location /fcgi-bin/>
   SetHandler fcgid-script
   Options +ExecCGI
</Location>
   SuexecUserGroup "#503" "#503"
<Directory /home/dominio.com/public_html>
Options -Indexes +IncludesNOEXEC +FollowSymLinks +ExecCGI
   AddHandler php-fcgi .php
   Action php-fcgi /fcgi-bin/dominio.com/php-dominio.com
   FCGIWrapper /var/www/cgi-bin/dominio.com/php-dominio.com .php
allow from all
AllowOverride All
</Directory>
</IfModule>
<Directory /home/dominio.com/cgi-bin>
Options ExecCGI
Allow from all
</Directory>
</VirtualHost>

# Instalamos lo necesario y básico, modulos de PHP cada quién usa los suyos

yum install php-common php-cli mod_fcgid httpd httpd-devel

# Creamos un directorio y dentro un archivo

mkdir -p /var/www/cgi-bin/dominio.com

vim /var/www/cgi-bin/dominio.com/php-dominio.com

# Agregamos lo siguiente

#!/bin/sh

export PHPRC=/home/dominio

export PHP_FCGI_MAX_REQUESTS=5000

export PHP_FCGI_CHILDREN=1

exec /usr/bin/php-cgi

# Le asignamos los permisos necesarios

chmod 755 /var/www/cgi-bin/dominio.com/php-dominio.com

chown -R dominio.com:dominio.com /var/www/cgi-bin/test.dominio.com

# Modificamos el siguiente archivo

vim /var/www/cgi-bin/php-fcgi

# Agregamos lo siguiente

#!/bin/sh

export PHPRC=/etc

export PHP_FCGI_MAX_REQUESTS=5000

export PHP_FCGI_CHILDREN=1

exec /usr/bin/php-cgi

# Le asignamos los permisos necesarios

chmod 755 /var/www/cgi-bin/php-fcgi

# Si queremos configuración diferente para cada web, podemos copiar el archivo php.ini

cp /etc/php.ini /home/dominio.com/

chown dominio.com:dominio.com /home/dominio.com/php.ini

# Buscamos y asignamos los permisos necesarios a directorios y archivos

find /home/dominio.com/public_html/ -type d -exec chmod 755 {} \;

find /home/dominio.com/public_html/ -type f -exec chmod 644 {} \;

# En caso de que tengamos un archivo htaccess

find /home -name .htaccess -exec grep -nH php_ {} \;

# Para evitar errores en php o apache, asignamos los permisos siguientes

chown 1777 /var/lib/php/session

# Por último creamos el archivo de configuración de apache, se verá más o menos así:

# No olvidar cambiar la línea: SuexecUserGroup "#503" "#503" por el usuario que se use.

ServerName dominio.com

ServerAlias www.dominio.com

DocumentRoot /home/dominio.com/public_html

ErrorLog /var/log/httpd/dominio.com-error_log

CustomLog /var/log/httpd/dominio.com-access_log common

ScriptAlias /cgi-bin/ /home/dominio.com/cgi-bin/

DirectoryIndex index.html index.htm index.php index.php4 index.php5

Alias /fcgi-bin/ /var/www/cgi-bin/

SetHandler fcgid-script

Options +ExecCGI

</Location>

SuexecUserGroup "#503" "#503"

Options -Indexes +IncludesNOEXEC +FollowSymLinks +ExecCGI

AddHandler php-fcgi .php

Action php-fcgi /fcgi-bin/dominio.com/php-dominio.com

FCGIWrapper /var/www/cgi-bin/dominio.com/php-dominio.com .php

allow from all

AllowOverride All

</Directory>

</IfModule>

Options ExecCGI

Allow from all

</Directory>

</VirtualHost>