Useful File Locations
This is something that I wish I had known when I first started out, now i am completely clued up so thought I would share my knowledge with this that have not had as much experience or need somewhere to start:
HTTPD Conf: /etc/httpd/conf/httpd.conf (edit with care)
PHP.ini (When using ZEND): /usr/local/Zend/etc/php.ini
I have attached a simple info.php file for people to use so they can check php settings easily. (Just renamed the extension from .txt to .php and upload.
General Server Logs:
/usr/local/apache/logs/error_log
/usr/local/apache/logs/access_log
/usr/local/apache/domlogs/sitename.com
/var/log/messages
/var/log/dmesg
/var/log/maillog
/var/log/exim*
* = All files starting with exim are important to view and monitor
/usr/local/apache/logs/*
* = All log files inside the above directory are important to view and monitor
/usr/local/cpanel/logs/*
* = All log files inside the above directory are important to view and monitor
Server Login/Access Logs:
/var/log/secure
/var/log/logins_log
CPanel Logs:
/usr/local/cpanel/logs/access_log
To view the logs:
pico -w <log file path & name here>
Example: pico -w /var/log/maillog
To view the files inside the * directories you simply type.
cd <directory>
ls
View your logs in realtime
tail -f <complete_file_name>
Login Notification
CSF/LFD provides you with automated notification when someone logs in as root via ssh but if you do not have it installed, here is a way to recieve notification:
Step 1 - login and in the root directory and run:
PHP Code:
nano .bash_profile
Step 2 - add to the bottom of the file:
PHP Code:
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Root has been loged into by `who | awk '{print $6}'`" email@domain.com
Step 3 - Adjust email
domain.com accordingly.
Step 4 - Save and exit
PHP Code:
Crtl + X then Y
Step 5 - Now logout of SSH, close the connection and log back in! You should receive an email address of the root login alert a few minutes afterwards.