# zip error: Entry too big to split, read, or write (file exceeds Zip's 4GB uncompressed size limit)
Solution:
Use gzip
Category: Administration
The screen program is a powerful terminal multiplexer for Unix-like operating systems such as Linux. It allows you to create multiple virtual terminals within a single terminal window or remote session, which can be detached and reattached as needed, even if the original terminal session is disconnected.
Solr Server
http://lucene.apache.org/solr/
http://stackoverflow.com/questions/2150767/how-to-start-solr-automatically
For abuse issues that involve your server host sending emails with complaints that your server is conducting network scanning.
What is Network Scanning?
Network scanning is a process of identifying active hosts on a network, either for the purpose of attacking them or for network security assessment. It laymans terms, if your hosting provider has sent you an email then your system is compromised and has a script on it that is scanning other systems.
The tool that can detect outgoing portscans is tcpdump.
Install tcdump:
yum install tcpdump -y
Run
# tcpdump -i eth0 -w dump
and then, with a lot of calm, read the dump details matching the packets sent in those dates.
Ask your users for their IPs also, if static.
Look to /var/log/auth.log and last -100 to see if someone abused your system, check for suspicious cron jobs, look into the /root directory if something strange appeared. In these cases a tool that hashize the system files (like tripwire) would be important.
It is recommended that a virus or rootkit tool be used to scan the websites on the server for any shell scripts or exploits that may have allowed for outbound SSH attacks.
We have an article on installing and using ClamAV ( http://geekdecoder.com/clamav-on-centos-6/ ).
For plesk – I would recommend running on /var/www/vhosts (e.g. clamscan -ir /var/www/vhosts/ –log=/root/clamscan-01.07.2015.txt).
For cpanel – I would recommend running on /home (e.g. clamscan -ir /home –log=/root/clamscan-01.07.2015.txt).
Rkhunter is another scanning tool that may identify any uploaded malicious files ( http://www.tecmint.com/install-linux-rkhunter-rootkit-hunter-in-rhel-centos-and-fedora/ ).
Once any found shells are removed, if it were within /var/www/vhosts for plesk or /home for cpanel, it’s likely that the exploit was through one of the sites. If the file was found within a site’s document root, I would update any licensed or open source software to remove potential vulnerabilities.
Also, to disable any outgoing SSH usage if the scans were ssh scans(and if you do not use SSH from the server, it resolves the symptom immediately), a firewall rule can be added (iptables -I OUTPUT -p tcp –dport 22 -j DROP).
for files only
# cd /path/to/folder/ # rm *
For files and folders
# cd /path/to/folder/ # rm -rf *
Here are several ways to kill all the processes in linux.
Where username is my userid.
# pkill -u username
or
# ps -o pid -u pu | xargs kill -1
# pgrep -u username | sudo xargs kill -9
Show processes run for a username and sshd
# pgrep -u username sshd
For a zip file
# unzip -c filename.zip
# zcat filename.tar.gz
Block Incoming Request From IP 1.2.3.4
The following command will drop any packet coming from the IP address 1.2.3.4:
# /sbin/iptables -I INPUT -s {IP-HERE} -j DROP
# /sbin/iptables -I INPUT -s 1.2.3.4 -j DROP
Finally, the last thing we need to do is save our rules so that next time we reboot our computer our rules are automatically reloaded:
# /sbin/service iptables save
Check to see if it is added:
# iptables --list -n | grep 37.233.38.46 DROP all -- 37.233.38.46 0.0.0.0/0
Other good info to check out:
How to check the processor:
#cat /proc/cpuinfo | grep -i model model : 58 model name : Intel(R) Xeon(R) CPU E3-1230 V2 @ 3.30GHz
ls -l –block-size=M will give you a long format listing (needed to actually see the file size) and round file sizes up to the nearest MiB.
or
ls -lh human readable file sizes, long format