SecurityException in Application.cpp:188: Do not have root privileges. Executable not set-uid root

Sometimes, you may encounter with a website showing 500 internal server error and in apache error logs, it shows the following error message.

SecurityException in Application.cpp:188: Do not have root privileges. Executable not set-uid root?

Premature end of script headers: index.php

This error is because of the suphp binary which is missing its sticky/suid permissions. It can be fixed by executing the following command.

# chmod +s /opt/suphp/sbin/suphp

Once permissions are corrected, check the website, it should be working fine now.

ModSecurity: Request body (Content-Length) is larger than the configured limit

ModSecurity: Request body (Content-Length) is larger than the configured limit

While uploading large files, you may get the following error due to mod_security.

ModSecurity: Request body (Content-Length) is larger than the configured limit (134217728). Deny with status (413) [hostname “domain.com”] [uri “/folder/folder2/file.php”] [unique_id “T-VoPZ7-KsUAABnOIf8AAAAC”]

To resolve the issue,

Modify your modsec2.conf and change the limit set for SecRequestBodyInMemoryLimit

# vi /etc/httpd/conf/modsec2.conf

search for SecRequestBodyInMemoryLimit

SecRequestBodyInMemoryLimit 531072

increase the value, save the file and restart the apache service.

How to Install mod_pagespeed in a cPanel/Linux server

The mod_pagespeed is an open-source Apache module that automatically optimizes web pages and resources. It does this by rewriting the resources using filters that implement web performance best practices. Webmasters and web developers can use mod_pagespeed to improve the performance of their web pages when serving content with the Apache HTTP Server.

The mod_pagespeed includes several filters that optimizes JavaScript, HTML and CSS stylesheets. It also includes filters for optimizing JPEG and PNG images. The filters are based on a set of best practices known to enhance web page performance. For now the module is compatible with Apache version 2.2 and is now available as a down-loadable binary for i386 and x86-64bit systems.

You can check the wiki here

To install the mod_pagespeed, use steps provided below.

For 32Bit system

# cd /usr/local/src

# mkdir mod_pagespeed

# cd mod_pagespeed

# wget https://dl-ssl.google.com/dl/linux/d…rrent_i386.rpm

# rpm2cpio mod-pagespeed-beta_current_i386.rpm | cpio -idmv

# cp /usr/local/src/mod_pagespeed/usr/lib/httpd/modules/mod_pagespeed.so /usr/local/apache/modules/

# cp /usr/local/src/mod_pagespeed/etc/httpd/conf.d/pagespeed.conf /usr/local/apache/conf/

# chmod 755 /usr/local/apache/modules/mod_pagespeed.so

# mkdir /var/mod_pagespeed/{cache,files} -p

# chown nobody:nobody /var/mod_pagespeed/*

For 64Bit system

# cd /usr/local/src

# mkdir mod_pagespeed

# cd mod_pagespeed

# wget https://dl-ssl.google.com/dl/linux/d…ent_x86_64.rpm

# rpm2cpio mod-pagespeed-beta_current_x86_64.rpm | cpio -idmv

# cp /usr/local/src/mod_pagespeed/usr/lib64/httpd/modules/mod_pagespeed.so /usr/local/apache/modules/

# cp /usr/local/src/mod_pagespeed/etc/httpd/conf.d/pagespeed.conf /usr/local/apache/conf/

# chmod 755 /usr/local/apache/modules/mod_pagespeed.so

# mkdir /var/mod_pagespeed/{cache,files} -p

# chown nobody:nobody /var/mod_pagespeed/*

The mod_pagespeed needs mod_deflate to be loaded in Apache. If it is not yet installed, you can just include the same from apache source by,

# /usr/local/apache/bin/apxs -c -i /home/cpeasyapache/src/httpd-2.2.16/modules/filters/mod_deflate.c

After that, we’ll have to edit the mod_pagespeed configuration file located at /usr/local/apache/conf/pagespeed.conf to reflect the correct paths, the LoadModule directives should fetch the modules in “modules/module_name.so”

LoadModule pagespeed_module modules/mod_pagespeed.so
LoadModule deflate_module modules/mod_deflate.so
ModPagespeedFileCachePath   "/var/mod_pagespeed/cache/"
ModPagespeedGeneratedFilePrefix   "/var/mod_pagespeed/files/" 

And finally, include pagespeed.conf in /usr/local/apache/conf/httpd.conf:

Include “conf/pagespeed.conf”

And finally, restart your HTTP server by

# service httpd restart

If everything is fine, apache will start normally and as your domains begin to get hits, you will see data being written in to /var/mod_pagespeed/*. Just a reminder that this module seems to write a lot of data in apache error log. You might need to monitor the server load and i/o stats for some time to ensure that everything is stable.

You can check the mod_pagespeed docs here

Log files in a cPanel server

To better troubleshoot an issue in a cPanel server its good go know the various log files, following are some log files which will help in resolution.

General Logs :

cPanel/WHM Initial Installation Errors:
Location : /var/log/cpanel*install*
Description : These log files contain cPanel installation logs & should be referenced first for any issues resulting from new cPanel installations..

Cpanel/WHM Service Status Logs:
Location : /var/log/chkservd.log
Description :The service monitoring demon (chkservd) logs all service checks here. Failed service are represented with a [-] and active services are represented by [+].

Cpanel/WHM Accounting Logs:
Location : /var/cpanel/accounting.log
Description : Contains a list of accounting functions performed through WHM, including account removal and creation..

cPanel/WHM Specific Requests and Errors:

cPanel error logs:
Location : /usr/local/cpanel/logs/error_log
Description : cPanel logs any error it incurs here. This should be checked when you encounter errors or strange behavior in cPanel/WHM…

cPanel License Error Logs:
Location : /usr/local/cpanel/logs/license_log
Description : All license update attempts are logged here. If you run into any errors related to license when logging in, check here.

Stats Daemon Logs:
Location : /usr/local/cpanel/logs/stats_log
Description : The stats daemon (cpanellogd) logs the output from all stats generators (Awstats, Webalizer, Analog) here.

Client Information, Requested URL Logs:
Location : /usr/local/cpanel/logs/access_log
Description : General information related to access cPanel requests is logged here.

cPanel/WHM Update Logs:
Location : /var/cpanel/updatelogs/update-[TIMESTAMP].log
Description : Contains all output from each cPanel update [upcp]. It’s named with the timestamp at which the upcp process was initiated..

Bandwidth Logs:
Location : /var/cpanel/bandwidth
Description : Files contain a list of the bandwidth history for each account. Each named after their respective user.

Tailwatchd [New]:
Location : /usr/local/cpanel/logs/tailwatchd_log
Description : Logs for daemon configuired under tailwatchd ie. cPBandwd, Eximstats, Antirelayd.

Apache Logs:

General Error and Auditing Logs:
Location : /usr/local/apache/logs/error_log
Description : All exceptions caught by httpd along with standard error output from CGI applications are logged here..
The first place you should look when httpd crashes or you incur errors when accessing website.

Apache SuExec Logs:
Location : /usr/local/apache/logs/suexec_log
Description : Auditing information reported by suexec each time a CGI application is executed. Useful for debugging internal server errors, with no relevant information being reported to the Apache error_log, check here for potential suexec policy violations…

Domain Access Logs:
Location : /usr/local/apache/domlogs/domain.com
Description : General access log file for each domain configured with cPanel.

Apache Access Logs:
Location : /usr/local/apache/logs/access_log
Description : Complete web server access log records all requests processed by the server.

Exim :

Message Reception and Delivery:
Location : /var/log/exim_mainlog or /var/log/exim/mainlog
Description : Receives an entry every time a message is received or delivered.

Exim ACLs/Policies based RejectLog :
Location : /var/log/exim_rejectlog
Description : An entry is written to this log every time a message is rejected based on either ACLs or other policies eg: aliases configured to :fail

Unexpected or Fatal Errors:
Location : /var/log/exim_paniclog
Description : Logs any entries exim doesn’t know how to handle. It’s generally a really bad thing when log entries are being written here, and they should be properly investigated..

IMAP/POP/SpamAssassin General Logging and Errors:
Location : /var/log/maillog & /var/log/messages
Description : The IMAP, POP, and SpamAssassin services all log here. This includes all general logging information (login attempts, transactions, spam scoring), along with fatal errors.

FTP:

FTP Logins and General Errors:
Location : /var/log/messages
Description : General information and login attempts are logged here..

FTP Transactions logging:
Location : /var/log/xferlog or /var/log/messages
Description : Is a symbolic link in most cases to /usr/local/apache/domlogs/ftpxferlog, which contains a history of the transactions made by FTP users…

MySQL:

MySQL General Information and Errors :
Location : /var/lib/mysql/$(hostname).err
Description : This path could vary, but is generally located in /var/lib/mysql. Could also be located at /var/log/mysqld.log

Security:

Authentication attempts:
Location : /var/log/secure
Description : Logs all daemons which requires PAM Authentication.

Tracking all Bad Logins and Logouts:
Location : /var/log/btmp
Description : Log of all attempted bad logins to the system. Accessed via the lastb command..

Tracking all Logins and Logouts:
Location : /var/log/wtmp
Description : The wtmp file records all logins and logouts.

Last Logins:
Location : /var/log/lastlog
Description : Database times of previous user logins. The lastlog file is a database which contains info on the last login of each user.

WebDav or WebDisk Log :
Location : /usr/local/cpanel/logs/cpdavd_error_log
Description : The cpdavd daemon is “WebDav” (better known as “WebDisk”) which was introduced in cPanel 11 to allow users to mount their home directory on their personal computer, always having access to the files and content…

Cphulkd Logs:
Location : /usr/local/cpanel/logs/cphulkd_errors.log
Description : cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services by guessing the login password for that service….
It blacklists IPs that it thinks are trying to run a brute force attack.

Failure Logging:
Location : /var/log/faillog
Description : Faillog formats the contents of the failure log from /var/log/faillog database. It also can be used for maintains failure counters and limits. Run faillog without arguments display only list of user faillog records who have ever had a login failure.

Startup/Boot, Kernel & Hardware error messages :
Location : /var/log/dmesg
Description : dmesg is a “window” into the kernels ring-buffer. It’s a message buffer of the kernel. The content of this file is referred to by the dmesg command. It shows bootlog and the hardware errors..

Tomcat:

General Startup, Shutdown & Error Logs:
Location : /usr/local/jakarta/tomcat/logs/catalina.err and /usr/local/jakarta/tomcat/logs/catalina.out
Description : Logs for Tomcat and all tomcat based applications…

Mod_rewrite Checking

Mod_rewrite is an Apache module installed on Linux servers by default, it does not have to be installed or enabled.

Mod_rewrite manipulates browser submitted URLs and translates them to deliver content to the browser. This process takes places entirely server-side and without the browser’s knowledge. The resulting content appears to have originated from the submitted URL, much like masking. With it you can nearly do all types of URL manipulations you ever dreamed about.

Rewritten URLs (sometimes known as short, fancy URLs, or search engine friendly – SEF) are used to provide shorter and more relevant-looking links to web pages.

If you want to check Mod_rewrite is enabled or not on your server then follow these steps,

1. In the public_html folder of your site make the test folder and in that test folder create the .htaccess file and the following code in the .htaccess file.

Code:

Options +FollowSymlinks
RewriteEngine on

And then access test folder in the browser (http://yourdomain.com/test/) If you did not get any error then Mod_rewrite is enabled on the server and If you get 500 Internal Server Error then Mod_rewrite is not enabled on the server.

2. You can check the phpinfo also.

Create a file called phpinfo.php in your public_html folder and add following code there, change the ownership and access it as http://yourdomain.com/phpinfo.php and check Loaded Modules, you will found it there.

Phpinfo code;

<?php
phpinfo()
?>