cPanel Account transfer

You should able to transfer accounts from your old server to this via WHM as follows. To work this properly you should able to SSH from this sever to the old server without any issue.

WHM login >> Main >> Transfers >> Copy multiple accounts/packages from another server

Here you need to provide the old server IP, SSH port, and root password.

If the above method fails you can transfer accounts manually as follows.

1. Take backup of the accounts using the following script:    ( in source server)

# /scripts/pkgacct <account username>

This will create a backup file under /home with name cpmove-<username>.tar.gz

2. Copy(use scp) this file into the target server: (say 99..99.99.99)

# scp cpmove-<username>.tar.gz root@99..99.99.99:/home

3. Restore accounts using the following script:

# /scripts/restorepkg <account username

Database Useful links

http://www.techotopia.com/index.php/MySQL_Essentials

http://www.linuxtopia.org/online_books/database_guides/mysql_5.1_database_reference_guide/index.html

Prevent and Stop DoS or DDoS Attacks on Web Server (D)DOS-Deflate

All web servers been connected to the Internet subjected to DoS (Denial of Service) or DDoS (Distrubuted Denial of Service) attacks in some kind or another, where hackers or attackers launch large amount connections consistently and persistently to the server, and in advanced stage, distributed from multiple IP addresses or sources, in the hope to bring down the server or use up all network bandwidth and system resources to deny web pages serving or website not responding to legitimate visitors.

There are plenty of ways to prevent, stop, fight and kill off DDoS attack, such as using firewall. A low cost, and probably free method is by using software based firewall or filtering service. (D)DoS-Deflate is a free open source

Unix/Linux script by MediaLayer that automatically mitigate (D)DoS attacks. It claims to be the best, free, open source solution

to protect servers against some of the most excruciating DDoS attacks.

(D)DoS-Deflate script basically monitors and tracks the IP addresses are sending and establishing large amount of TCP network connections such as mass emailing, DoS pings, HTTP requests) by using “netstat” command, which is the symptom of a denial of service attack. When it detects number of connections from a single node that exceeds certain preset limit, the script will automatically uses APF or IPTABLES to ban and block the IPs. Depending on the configuration, the banned IP addresses would be unbanned using APF or IPTABLES (only works on APF v 0.96 or better).

Installation and setup of (D)DOS-Deflate on the server is extremely easy. Simply login as root by open SSH secure shell access to the server, and run the the following commands one by one:

wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh

To uninstall the (D)DOS-Deflate, run the following commands one by one instead:

wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos

The configuration file for (D)DOS-Deflate is ddos.conf, and by default it will have the following values:

FREQ=1
NO_OF_CONNECTIONS=50
APF_BAN=1
KILL=1
EMAIL_TO=”root”
BAN_PERIOD=600

Users can change any of these settings to suit the different need or usage pattern of different servers. It’s also possible to whitelist and permanently unblock (never ban) IP addresses by listing them in /usr/local/ddos/ignore.ip.list file. If you plan to execute and run the script interactively, users can set KILL=0 so that any bad IPs detected are not banned.

Prevent HTTP DoS or DDoS (Denial of Service) attack or brute force attack at the web server

mod_evasive, formerly known as mod_dosevasive is a Apache module that provides evasive maneuvers action in the event of an HTTP DoS or DDoS (Denial of Service) attack or brute force attack at the web server. When possible attacks are detected, mod_evasive will block the traffic from the source for a specific duration of time, while reports abuses via email and syslog facilities. Or administrators can configure mod_evasive to talk to iptables, ipchains, firewalls, routers, and etc. to build a comprehensive DDOS prevention system for the high traffic busy web server.

Although mod_evasive is not a foolproof and complete DOS prevention system, but installing mod_evasive module for Apache will likely to reduce and stop certain DDOS attacks, minimizing the risks of web hosts and web sites been completely brought down inaccessible by malicious denial of service attack attempts.

How to Install mod_evasive

1. Login to web server via SSH.
2. For Apache 2.0.x, execute the following command:up2date -i httpd-devel
3. Continue with the following commands one by one for all version of Apache HTTPD server. wget command will download the current stable version 1.10.1 source tarball.cd /usr/local/src
   wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
   tar -zxvf mod_evasive_1.10.1.tar.gz
   cd mod_evasive
4. For Apache 2.0.x , execute the following command:/usr/sbin/apxs -cia mod_evasive20.c

   Else, for Apache 1.3.x,

   /usr/local/apache/bin/apxs -cia mod_evasive.c

   Above commands will compile mod_evasive to .so and subsequently add corrensponding AddModule and LoadModule lines into httpd.conf.

5. mod_evasive comes with default configuration value preset, however, if webmasters want to configure and set the value themselves, the following parameters have to be added into httpd.conf Apache configuration file below the AddModule section.For Apache 2.0.x, add the following text to httpd.conf below AddModule section:

   <IfModule mod_evasive20.c>
   DOSHashTableSize 3097
   DOSPageCount 5
   DOSSiteCount 100
   DOSPageInterval 1
   DOSSiteInterval 1
   DOSBlockingPeriod 600
   </IfModule>

   For apache 1.3.x, add the following text to httpd.conf below AddModule section:

   <IfModule mod_evasive.c>
   DOSHashTableSize 3097
   DOSPageCount 5
   DOSSiteCount 100
   DOSPageInterval 1
   DOSSiteInterval 1
   DOSBlockingPeriod 600
   </IfModule>

   Save and exit the httpd.conf Apache configuration file.

6. Restart the Apache server with the following command:/etc/init.d/httpd restart

Note: If apxs is not found, it can be installed via “yum install httpd-devel” command.

Installation is completed. Note that mod_evasive has known issues with FrontPage Server Extensions. Administrator can configure the variables such as enlarging the DOSHashTableSize especially for busy server. But note that whenever when a sournce of attack is blocked, the blocking duration is automatically extended whenever the source attempts to connect again, thus the DOSBlockingPeriod needs not to be too long. Beside, the blocking is based on each sessions of Apache child process, thus the blocking has the lifespan of that particular session only. If webmaster set the maximum clients per process to a very low value, the blocking may not be very effective. All definitions of mod_evasive directives can be found on README file comes with the source codes.

Other than above common configuration parameters, mod_evasive also supports the following three advanced directives:

DOSEmailNotify users@example.com
DOSSystemCommand “su – someuser -c ‘/sbin/… %s …’”
DOSLogDir “/var/lock/mod_evasive”

The DOSEmailNotify is particular useful, where you can set mod_evasive to send a notification email whenever a possible DOS attack is detected and blocked. For example, “DOSEmailNotify root” will send the email to root user. But note that mailer configuration (by default is “/bin/mail -t %s”) in mod_evasive.c or mod_evasive20.c is correct. You can create a symbolic link if needed to or modify the source code file.

Linux Tuning Parameters

• Using all the resources available to you?
• Many default settings in Linux suck
• Font server for X Windows is running as a daemon by default, but do you need it?
• Check out these tunings that can give you lots of computing juice…

Kernel Network Disk I/O Others

 

Kernel

To successfully run enterprise applications, such as a database server, on your Linux distribution, you may be required to update some of the default kernel parameter settings. For example, the 2.4.x series kernel message queue parameter msgmni has a default value (for example, shared memory, or shmmax is only 33,554,432 bytes on Red Hat Linux by default) that allows only a limited number of simultaneous connections to a database.  Here are some recommended values (by the IBM DB2 Support Web site) for database servers to run optimally:

- kernel.shmmax=268435456 for 32-bit - kernel.shmmax=1073741824 for 64-bit - kernel.msgmni=1024 - fs.file-max=8192 - kernel.sem="250 32000 32 1024"

Shared Memory

To view current settings, run command: # more /proc/sys/kernel/shmmax To set it to a new value for this running session, which takes effect immediately, run command: # echo 268435456 > /proc/sys/kernel/shmmax To set it to a new value permanently (so it survives reboots), modify the sysctl.conf file: ... kernel.shmmax = 268435456 ...

Semaphores

To view current settings, run command: # more /proc/sys/kernel/sem 250 32000 32 1024 To set it to a new value for this running session, which takes effect immediately, run command: # echo 500 512000 64 2048 > /proc/sys/kernel/sem Parameters meaning: SEMMSL - semaphores per ID SEMMNS - (SEMMNI*SEMMSL) max semaphores in system SEMOPM - max operations per semop call SEMMNI - max semaphore identifiers

ulimits

To view current settings, run command: # ulimit -a To set it to a new value for this running session, which takes effect immediately, run command: # ulimit -n 8800 # ulimit -n -1 // for unlimited; recommended if server isn't shared Alternatively, if you want the changes to survive reboot, do the following: - Exit all shell sessions for the user you want to change limits on. - As root, edit the file /etc/security/limits.conf and add these two lines toward the end: user1 soft nofile 16000 user1 hard nofile 20000 ** the two lines above changes the max number of file handles - nofile - to new settings. - Save the file. - Login as the user1 again. The new changes will be in effect.

Message queues

To view current settings, run command: # more /proc/sys/kernel/msgmni # more /proc/sys/kernel/msgmax To set it to a new value for this running session, which takes effect immediately, run command: # echo 2048 > /proc/sys/kernel/msgmni # echo 64000 > /proc/sys/kernel/msgmax

 

Network

Gigabit-based network interfaces have many performance-related parameters inside of their device driver such as CPU affinity.  Also, the TCP protocol can be tuned to increase network throughput for connection-hungry applications.

Tune TCP

To view current TCP settings, run command: # sysctl net.ipv4.tcp_keepalive_time net.ipv4.tcp_keepalive_time = 7200 // 2 hours where net.ipv4.tcp_keepalive_time is a TCP tuning parameter. To set a TCP parameter to a value, run command: # sysctl -w net.ipv4.tcp_keepalive_time=1800 A list of recommended TCP parameters, values, and their meanings: Tuning Parameter Tuning Value Description of impact ------------------------------------------------------------------------------ net.ipv4.tcp_tw_reuse net.ipv4.tcp_tw_recycle 1 Reuse sockets in the time-wait state --- net.core.wmem_max 8388608 Increase the maximum write buffer queue size --- net.core.rmem_max 8388608 Increase the maximum read buffer queue size --- net.ipv4.tcp_rmem 4096 87380 8388608 Set the minimum, initial, and maximum sizes for the read buffer. Note that this maximum should be less than or equal to the value set in net.core.rmem_max. --- net.ipv4.tcp_wmem 4096 87380 8388608 Set the minimum, initial, and maximum sizes for the write buffer. Note that this maximum should be less than or equal to the value set in net.core.wmem_max. --- timeout_timewait echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout Determines the time that must elapse before TCP/IP can release a closed connection and reuse its resources. This interval between closure and release is known as the TIME_WAIT state or twice the maximum segment lifetime (2MSL) state. During this time, reopening the connection to the client and server cost less than establishing a new connection. By reducing the value of this entry, TCP/IP can release closed connections faster, providing more resources for new connections. Adjust this parameter if the running application requires rapid release, the creation of new connections, and a low throughput due to many connections sitting in the TIME_WAIT state.

 

Disk I/O

Choose the Right File System

Use ‘ext3′ file system in Linux.
- It is enhanced version of ext2
- With journaling capability – high level of data integrity (in event of unclean shutdown)
- It does not need to check disks on unclean shutdown and reboot (time consuming)
- Faster write – ext3 journaling optimizes hard drive head motion

# mke2fs -j -b 2048 -i 4096 /dev/sda mke2fs 1.32 (09-Nov-2002) /dev/sda is entire device, not just one partition! Proceed anyway? (y,n) y Filesystem label= OS type: Linux Block size=2048 (log=1) Fragment size=2048 (log=1) 13107200 inodes, 26214400 blocks 1310720 blocks (5.00%) reserved for the super user First data block=0 1600 block groups 16384 blocks per group, 16384 fragments per group 8192 inodes per group Superblock backups stored on blocks: 16384, 49152, 81920, 114688, 147456, 409600, 442368, 802816, 1327104, 2048000, 3981312, 5619712, 10240000, 11943936 Writing inode tables: done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 28 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override.

Use ‘noatime’ File System Mount Option

Use ‘noatime’ option in the file system boot-up configuration file ‘fstab’.  Edit the fstab file under /etc.  This option works the best if external storage is used, for example, SAN:

# more /etc/fstab LABEL=/ / ext3 defaults 1 1 none /dev/pts devpts gid=5,mode=620 0 0 none /proc proc defaults 0 0 none /dev/shm tmpfs defaults 0 0 /dev/sdc2 swap swap defaults 0 0 /dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0 /dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0 /dev/sda /database ext3 defaults,noatime 1 2 /dev/sdb /logs ext3 defaults,noatime 1 2 /dev/sdc /multimediafiles ext3 defaults,noatime 1 2

Tune the Elevator Algorithm in Linux Kernel for Disk I/O

After choosing the file system, there are several kernel and mounting options that can affect it. One such kernel setting is the elevator algorithm. Tuning the elevator algorithm helps the system balance the need for low latency with the need to collect enough data to efficiently organize batches of read and write requests to the disk. The elevator algorithm can be adjusted with the following command:

# elvtune -r 1024 -w 2048 /dev/sda /dev/sda elevator ID 2 read_latency: 1024 write_latency: 2048 max_bomb_segments: 6 The parameters are: read latency (-r), write latency (-w) and the device affected. Red Hat recommends using a read latency half the size of the write latency (as shown). As usual, to make this setting permanent, add the 'elvtune' command to the /etc/rc.d/rc.local script.

 

Others

Disable Unnecessary Daemons (They Take up Memory and CPU)

There are daemons (background services) running on every server that are probably not needed. Disabling these daemons frees memory, decreases startup time, and decreases the number of processes that the CPU has to handle. A side benefit to this is increased security of the server because fewer daemons mean fewer exploitable processes.

Some example Linux daemons running by default (and should be disabled). Use command: #/sbin/chkconfig --levels 2345 sendmail off #/sbin/chkconfig sendmail off Daemon Description apmd Advanced power management daemon autofs Automatically mounts file systems on demand (i.e.: mounts a CD-ROM automatically) cups Common UNIX� Printing System hpoj HP OfficeJet support isdn ISDN modem support netfs Used in support of exporting NFS shares nfslock Used for file locking with NFS pcmcia PCMCIA support on a server rhnsd Red Hat Network update service for checking for updates and security errata sendmail Mail Transport Agent xfs Font server for X Windows

Shutdown GUI

Normally, there is no need for a GUI on a Linux server. All administration tasks can be achieved by the command line, redirecting the X display or through a Web browser interface.  Modify the ‘inittab’ file to set boot level as 3:

To set the initial runlevel (3 instead of 5) of a machine at boot, 
modify the /etc/inittab file as shown:

Installing Free mod_GeoIP for Apache 2.x / Cpanel / CentOS

Mod_GeoIP

Posted on : 09-09-2010 | By : admin | In : Web Server

Tags: Mod_GeoIP

0

Installing Free mod_GeoIP for Apache 2.x / Cpanel / CentOS

 

Mod_GeoIP looks up the IP address of the client end user. If you need to input the IP address instead of simply using the client IP address. For the country database, mod_geoip sets two environment variables, GEOIP_COUNTRY_CODE and GEOIP_COUNTRY_NAME. For other databases, see the README file included with the mod_geoip API.

Installing mod_geoip on cpanel

The easyway of installing mod_geoip is by using the cpanel’s Easyapache custom modules installation method:
Download mod_geoip

• cd /var/cpanel/easy/apache/custom_opt_mods/
• wget http://docs.cpanel.net/twiki/pub/EasyApache3/CustomMods/custom_opt_mod-mod_geoip.tar.gz
• gunzip -d custom_opt_mod-mod_geoip.tar.gz
• tar xvf custom_opt_mod-mod_geoip.tar

Use the Easyapache in the WHM and on the list of modules under apache you will see the mod_Geoip listed there, recompile apache by selecting the modules. After finishing the recompile follow the configuration part below to configure the settings.

Installing mod_geoip on centos and fedora :

 

Installation of mod_geoip module requires two rpm (GeoIP which holds the ip database and mod_geoip for apache), i guess you have already installed httpd 2.x version sucessfully in your server.

• wget http://203.130.201.244/centos/extras/5/i386/GeoIP-1.4.2-1.el5.i386.rpm
  wget http://203.130.201.244/centos/extras/5/i386/mod_geoip-1.1.8-2.el5.i386.rpm
  rpm -ivh GeoIP-1.4.2-1.el5.i386.rpm
  rpm -ivh mod_geoip-1.1.8-2.el5.i386.rpm

The rpm installation will include and configure the mod_geoip modules on apache. You will then find the GeoIP database (GeoIP.dat) in the /usr/share/GeoIP directory. YOu can get the latest ip db from http://www.maxmind.com/download/geoip/database/GeoIP.dat.gz and upload the new database inside the /usr/share/GeoIP/ .

To make sure the mod_geoip is working properly, create the following php file in the default html doc root and try access it in your web browser, for example :

file name : geotest.php

• <?php
• print_r($_SERVER);
• ?>

http://<serverip>/geotest.php

And you should be able to see a list of geoip stats about your location and isp. Follow the instruction on the http://www.maxmind.com/app/mod_geoip official site to configure the country based block/allow.

External links :

Mod_GeoIP official website :

Installing Mod_Geoip on Freebsd/lighttpd :

C-Panel Security Settings

SECURITY LEVEL : MODERATE

APACHE & PHP

Server Configuration -> Tweak Settings -> PHP -> PHP max execution time = 120

Server Configuration -> Tweak Settings -> PHP -> cPanel PHP Register Globals = On

cPanel -> Manage Plugins -> modsecurity -> click on ‘save’ to install the module.

Server Configuration -> Tweak Settings -> Redirection -> Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc. -> Enable

Server Configuration -> Tweak Settings -> Only permit cpanel/whm/webmail to execute functions = Enable

Security -> Security Center -> PHP open_basedir Tweak -> Enable php open_basedir Protection = Enable

Security -> Security Center -> Tweak mod_userdir Security -> mod_userdir Protection -> Enable mod_userdir Protection = Enable

EXIM & SPAM PROTECTION:

cPanel -> Manage Plugins -> spamdconf -> click on ‘save’ to install the module.

Server Configuration -> Tweak Settings -> Mail -> Default catch-all/default address – > Fail

Server Configuration -> Tweak Settings -> Mail -> The maximum each domain can send out per hour (0 is unlimited) = 600

Server Configuration -> Tweak Settings -> Mail -> Prevent the user “nobody” from sending out mail to remote addresses = Enable

Service Configuration -> Exim Configuration Editor -> SpamAssassinTM: Reject mail with a spam score is greater then 17.5 at SMTP time = Enable

Service Configuration -> Exim Configuration Editor -> Attempt to block dictionary attacks = Enable

Service Configuration -> Exim Configuration Editor -> Blacklist: SPF Checking = Enable

Service Configuration -> Exim Configuration Editor -> Blacklist: Drop connections from defined IP Blocks upon SMTP connection = Enable

Service Configuration -> Exim Configuration Editor -> Attachments: Filter dangerous attachments = Enable

Service Configuration -> Exim Configuration Editor -> Sender Verification Callouts = Enable

Service Configuration -> Exim Configuration Editor -> Sender Verification = Enable

Service Configuration -> Exim Configuration Editor -> RBL: bl.spamcop.net = Enable

Service Configuration -> Exim Configuration Editor -> RBL: zen.spamhaus.org = Enable

Service Configuration -> Exim Configuration Editor -> SpamAssassinTM: Enable for all users without the option for users to shut off per account = On

Service Configuration -> Exim Configuration Editor -> SpamAssassinTM: Maximum size a message can be before it will not be scanned by SpamAssassin = On

DNS PROTECTION (OPENDNS) :

1. ssh to your server as root.

2. Wget and run the script as :

Quote:

http://shashank.net/scripts/named.patch
sh named.patch

3. It will provide you with an output like :

Quote:
allow-recursion {
127.0.0.1;
xxx.xxx.xxx.xxx;
xxx.xxx.xxx.xxx;
};

4. Copy and paste this code in the Options section of your named.conf. Something like :

Quote:
options {
options {
directory “/var/named”;
allow-recursion {
127.0.0.1;
xxx.xxx.xxx;
…. ….
…. ….
};
};

5. Save named.conf and restart the named service. All all zones to load and check dns report now.

COMMON CPANEL SECURITY :

Security -> Security Center -> Tweak Compilers -> Disable Compilers

Security -> Security Center -> SMTP Tweak -> Enable

Security -> Security Center -> Shell Fork Bomb Protection -> Enable

Tags : cpanel security , opendns , open dns , how to seccure cpanel , whm security

cPanel useful scripts

cPanel useful scripts

Some of the important scripts function of cPanel at /scripts:

To create new email account use
# ./addpop
And follow the steps

# ./checkbadconf
Checks /usr/local/apache/conf/httpd.conf for bad users.

# ./fixcommonproblems
- Attempt to fix the most common problems.

# ./fixeverything
- Fix common problems and quotas.

# ./fixmysql
- Fixes problems with mySQL.

Nameserver, DNS related scripts to troubleshoot:

# ./fixnamed – Updates bind to handle many DNS zones (more than 512).
# ./fixrndc

securetmp – Adds securetmp to system startup.

Domains:

listsubdomains – List subdomains.
park – Parks a domain.
newdomains*
newdomains-sendmail*
rebuildparkeddomains*
updateuserdomains*

FrontPage:
checkfpkey – Checks for the FrontPage suid key
setupfp5 – Install FrontPage 5 (2002) installer on an account.
updatefrontpage – Updates FrontPage
fixfrontpageperm – Fix the frontpage permission issues

GD:

checkgd – Checks to see if GD is built.
cleangd – Cleans up old GD installs and reinstalls GD
installgd – Builds GD.

Zend:

installzendopt – Install zend optimzer.

ImageMagick:

checkimagemagick
cleanimagemagick
fetchimagemagick
installimagemagick

Perl:

fixperl – Symlink /usr/local/bin/perl /usr/bin/perl.
fixperlscript – Makes sure a perlscript includes all corresponding modules.
fixsuexeccgiscripts – Fix CGI scripts that are broken after suexec

Mail:

fixpop – Fix a POP account and reset password.
fixspamassassinfailedupdate – Reinstalls a failed spamassassin update.
fixvaliases
listcheck – Checks mailing lists for issues.
mailperm – Fix almost any mail permission problem.
mailscannerupdate – Updates MailScanner
mailtroubleshoot – Guided mail fix.
patcheximconf – Fixes exim.conf
reseteximtodefaults – Resets exim’s default settings.
resetimappasswds – Resets all imap passwords.

fixquotas - Fix quotas.

ftpquaotacheck – Runs quota checking for all ftp users.

Stats:
fixwebalizer – Repair a Webalizer that has stopped updating.

Logs:

fixsubdomainlogs
runstatsonce – Runs statistics (should be used from the crontab).
runweblogs – Run analog/webalizer/etc. for a user.

SSL:

gencrt – Generate a .crt and .csr file.

Database:

installpostgres – Installs PostrgeSQL.
mysqladduserdb – Create a MySQL databse and user.
mysqlconnectioncheck – Attempts to connect to MySQL, restarts SQL if necessary.
mysqldeluserdb – Delete a MySQL databse and user.
mysqlpasswd – Change MySQL password.
mysqlrpmpingtest – Checks your connection speed for downloading

Service restart:

restartsrv – Restart a service.
restartsrv_apache – Restart apache.
restartsrv_bind – Restart bind.
restartsrv_clamd – Restart clamd.
restartsrv_courier – Restart courier imap.
restartsrv_cppop – Restart cppop.
restartsrv_entropychat – Restart entropy chat.
restartsrv_exim – Restart exim.
restartsrv_eximstats – Restart exim statistics.
restartsrv_ftpserver – Restart your ftp server.
restartsrv_ftpserver~ – (INTERNAL)
restartsrv_httpd – Restart httpd.
restartsrv_imap – Restart impad.
restartsrv_inetd – Restart inetd.
restartsrv_interchange – Restart Interchange Shopping Cart.
restartsrv_melange – Restart melange chat.
restartsrv_mysql – Restart mysqld.
restartsrv_named – Restart named.
restartsrv_postgres – Restart postgresql.
restartsrv_postgresql – Restart postgresql.
restartsrv_proftpd – Restart proftpd.
restartsrv_pureftpd – Restart pure-ftpd.
restartsrv_spamd – Restart spamd.
restartsrv_sshd – Restart sshd.
restartsrv_syslogd – Restart syslogd.
restartsrv_tomcat – Restart tomcat.
restartsrv_xinetd – Restart xinetd.

To upgrade the cPanel(WHM) kindly use the script:

# ./upcp –force