Rando Shell Commands for cPanel Servers

DUMP_shell_commands.txt

##################
# Logs           #
##################

# Look through syslogs, ignore local, ignore SSL fails, ignore whitelist ip
grep -Ev --color=always '(127.0.0.1|10.30.9.*|209.203.197.*|socket\ failed)' /var/log/messages /var/log/secure | less -R

# Look through IP domlogs, ignore local, ignore whitelist ip, ignore bots, ignore controlscan
grep -sh --color=always "Sep/2016" /usr/local/apache/domlogs/{50.28.34.226,206.196.110.58} | grep -Ev '(LiquidWeb|nagios|209.203.197.*|Google|bing|Baidu|Netcraft|majestic12|207.198.99*)' | less -R

# Look through access logs, ignore local, note the date
grep --color=always "Sep/2016" /usr/local/apache/logs/access_log | grep -Ev '(127.0.0.1|whm-server-status|internal\ dummy|majestic12|x16)' | less -R

# Look through error log, ignore local, note the date
grep --color=always '\ Sep' /usr/local/apache/logs/error_log | grep -Ev '(2015]|127.0.0.1|209.203.197.*|207.198.99.*|invalid\ method|majestic12|501.shtml|400.shtml|apple-touch|apple-app-site|mod_fcgid|mpm_event)' | less -R

# Look through Mysql slow query log
less --color=always /var/log/mysql/mysql-slow.log


##################
# Files          #
##################

# Find files over 20mb, exclude a location(s)
find / -type f -not -path "/backup/*" -size +20000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }' | less

# Find recent changed files in pub
find /home/someaccount/public_html -type f -printf '%TY-%Tm-%Td %TT %p\n' | sort -r | less

# Grab a list of paths from a file and copy them out, relative to your current dir. New line seperated list, no need to escape spaces
rsync -asv --dry-run --recursive --remove-source-files --checksum --files-from=some-file.txt . destination/

# Delete a module or something across MVC
find /path/to/app/ -type d -iregex '.*module_folder_name.*' -exec rm -r "{}" \;

##################
# Backup       #
##################

# Restore from incremental, note the relative path for target location
rsync -av --progress /backup/incremental/accounts/someaccount/public_html /home/someaccount --exclude /backup/incremental/accounts/someaccount/public_html/somefolder --exclude /backup/incremental/accounts/someaccount/public_html/somecache

# Grab a quick dump of Opencart, put it in cPanel backup dir and home _SYNC, note the timestamp
tar -pczvf /backup/_SYNC/someaccount/oc-$(date +%Y%m%d)-excludes.tar.gz /home/someaccount/public_html/store/ --exclude=/home/someaccount/public_html/store/system/cache/* --exclude=/home/someaccount/public_html/store/image/cache/* --exclude=/home/someaccount/public_html/store/image/data/* --exclude=/home/someaccount/public_html/store/download/* --exclude=/home/someaccount/public_html/store/system/logs/* --exclude=/home/someaccount/public_html/store/vqmod/logs/* --exclude=/home/someaccount/public_html/store/vqmod/vqcache/*

cp /backup/_SYNC/someaccount/oc-$(date +%Y%m%d)-excludes.tar.gz /home/someaccount/_SYNC/oc-$(date +%Y%m%d)-excludes.tar.gz
chown someaccount:someaccount /home/someaccount/_SYNC/oc-$(date +%Y%m%d)-excludes.tar.gz

##################
# Software       #
##################

# See latest installed rpms (note the tail)
rpm -qa --queryformat '%{installtime} (%{installtime:date}) %{name}\n' | sort -n | tail -5 > /home/cjstestd/_SYNC/inst.txt

# Trace something, in this case PHP, dump into a file
ps auxw | grep usr/bin/php | awk '{print"-p " $2}' | xargs strace -r -o /home/someaccount/_SYNC/traced.txt

# Check DB interfaces (by Liquidweb)
echo && echo "Open Ports and Allowed IPs for MySQL in iptables:";
mysqlport=$(netstat -lpn | grep "tcp.*mysql" | awk '{print $4}' | rev | cut -d ":" -f1 | rev);
iptables -nL | grep "$mysqlport";
echo && echo "Interfaces MySQL is listening on:";
netstat -tulpn | grep mysqld; echo

# Try to find all dispatches in CS-Cart
grep -riPo --color=always "mode ===? ('[^']*')" ./path/to/cs-cart/app/ | sed -r "s/mode ===? //; s/'//g"