Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Hosting Security and Technology Tutorials : How to Restore off a mounted slave disk (crash/hack/bad kernel)

[Steven]

How to Restore off a mounted slave disk on Redhat + Cpanel (crash/hack/bad kernel)

Warning: This is not to be done by the unexperienced admins bad things could happen. Hire someone.

Sometimes if you get hacked or boot with a bad kernel you need to have the datacenter mount your old drive, and install a new one with a fresh installation of redhat. First things first lets make sure you have an updated kernel, we will do it with up2date for ease of use:

Quote:

up2date -f kernel

check the grub.conf /or lilo config to ensure the settings are right. (if using lilo run this command aswell /sbin/lilo -v -v and check for errors)

Now reboot the server

Quote:

shutdown -r now

I. Mount the backup Drive

First check to see if there are any drives mounted.

Quote:

df -h

You should get something simular to this if it isent mounted yet:

Code:

[root@localhost root]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/hda2              37G  1.4G   33G   4% /
/dev/hda1             101M  7.7M   88M   9% /boot
none                  125M     0  125M   0% /dev/shm
[root@localhost root]#

if it is mounted you will see something like this:

Code:

-bash-2.05b# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/hda3              53G   31G   20G  62% /
/dev/hda1              99M   14M   80M  15% /boot
none                  248M     0  248M   0% /dev/shm
/dev/hdc3              53G   31G   20G  61% /mnt/old
-bash-2.05b#

as you can see hdc3 is the old drive, and it is mounted as /mnt/old. Yours will be diffent possibly. But keep in mind you need to know the mount point for the backup drive for the following steps.

Lets mount if not already mounted.

Quote:

fdisk -l

check for additional drives, in this tutorial we will use /dev/hdc3.

Quote:

mount /dev/hdb3 /mnt/old

now that the drive is mounted you can browse files like:

Quote:

ls /mnt/old/home

II. Rsync the files

Do these commands one by one,

Quote:

rsync -vrplogDtH /mnt/old/usr/local/apache/conf /usr/local/apache
rsync -vrplogDtH /mnt/old/var/named /var
rsync -vrplogDtH /mnt/old/home/* /home
rsync -vrplogDtH /mnt/old/usr/local/cpanel /usr/local
rsync -vrplogDtH /mnt/old/var/lib/mysql /var/lib
rsync -vrplogDtH /mnt/old/var/cpanel /var
rsync -vrplogDtH /mnt/old/usr/share/ssl /usr/share
rsync -vrplogDtH /mnt/old/var/ssl /var
rsync -vrplogDtH /mnt/old/usr/local/cpanel/3rdparty/mailman /usr/local/cpanel/3rdparty
rsync -vrplogDtH /mnt/old/var/log/bandwidth /var/log
rsync -vrplogDtH /mnt/old/usr/local/frontpage /usr/local
rsync -vrplogDtH /mnt/old/var/spool/cron /var/spool

Next Step - Get some important files from etc:

Quote:

cd /mnt/old/etc
rsync -vrplogDtH secondarymx domainalias valiases vfilters exim* proftpd* pure-ftpd* passwd* group* *domain* *named* wwwacct.conf cpupdate.conf quota.conf shadow* *rndc* ips* ipaddrpool* ssl /etc

Now would be a good time to change your password for root:

Quote:

passwd

III. Updating software and restarting services

Quote:

/scripts/upcp
/scripts/updatenow
/scripts/sysup
/scripts/fixeverything
/scripts/exim4
/scripts/easyapache
/scripts/securetmp

This is needed to update cpanel information. Please note, sshd might fail and not start after running fixeverything. You have to login to whm, and go to the rpm installer and "FORCE" install opensshd-server, opensshd, opensshd-client and then restart sshd from whm.

IV. Restarting services

Quote:

/scripts/restartsrv httpd
/scripts/restartsrv cpanel
/scripts/restartsrv mysql
/scripts/restartsrv named
/scripts/restartsrv exim

After you are pleased that everything is working fine, restart the entire server.

This tutorial works 100% on redhat, 7.3, 8.0, 9.0 and fedora. it has been tested on those boxes. But remember, if you dont know what your doing them hire someone to check your server out.

[scooterh]

Were you the one that wrote the same/similiar one over at EV1 forums?

[Steven]

I used knowledge from that one and my own knowledge to make a more complete one.

[sprintserve]

It will be good if you can credit the references if you can.

[spho]

i followed what you said, but i cant find the folder etc on my old HDD can you please help ?

[Techie411]

Hey Linuxguy....Do you know if this works with Free BSD??

[Steven]

It should work just fine.

[KingAdmin]

Quote:

Originally posted by thelinuxguy
It should work just fine.

It will work fine on FreeBSD except slight changes in 2 lines:

Quote:

rsync -vrplogDtH /mnt/old/var/lib/mysql /var/lib

should be:

Quote:

rsync -vrplogDtH /mnt/old/var/db/mysql /var/db

and also after running "cd /mnt/old/etc" :

Quote:

rsync -vrplogDtH secondarymx domainalias valiases vfilters exim* proftpd* pure-ftpd* passwd* group* *domain* *named* wwwacct.conf cpupdate.conf quota.conf shadow* *rndc* ips* ipaddrpool* ssl /etc

should be:

Quote:

rsync -vrplogDtH secondarymx domainalias valiases vfilters exim* cpupdate.conf quota.conf master.passwd* *rndc* ips* ipaddrpool* ssl /etc

Other than that rest will work fine and should restore all accounts and settings.

[mali]

Thank you for this valuable information.
I want to migrate Windows Plesk 7 from one machine to anothermachine.
Can you guide me how can i achieve this.

[darken]

help!
I have followed the instructios for my server- who runs centOS, and I am getting an error message when trying to restart Cpanel "sorry I don't know about Cpanel". Can anyone please help?

[Rockbottom]

I had a kernel panick on my server and got my datacenter to slave the hard drive and do an OS reload on a new drive. I am running CentOS 3.5. Will this tutorial be suitable for recovering all data and accounts etc?

[fancy claps]

rockbottom, i just did what you'll be doing (on centos 3.5) and it worked fine. i didnt follow this exactly, but it should work alright.

the only problems i ran into were permissions issues on named, mysql, and the public_html folders, but those are easily solved and basic problems.

[mousepotatoe]

I just used this step by step howto to recover from disaster and it was amazing! The only snag i ran into was time constraint when i ran
up2date -f kernel
That ran for a couple of hours before i killed it off and continued, but I achieved 100% success on:
WHM 11.15.0 cPanel 11.18.3-R21703 CENTOS Enterprise 4.6 i686 on standard - WHM X v3.1.0

Thank you for such a handy guide!

[linux-tech]

Keep in mind that this thread was originally written 4 years ago, and that CPanel has changed a LOT since then. This will get you the starter, but with CP11 there came a lot more files to address, some will automatically fix themselves, some won't.

this thread will give you a bit more up to date restore procedures.

I'm not saying that Stevens thread is bad, but it is years out of date.

[Vladimir Micovic]

great tutorial
5 cent for this!