HOW TO RESTORE OFF A MOUNTED SLAVE DISK ON REDHAT + CPANEL (CRASH/HACK/BAD KERNEL)

How to Restore off a mounted slave disk on Redhat + Cpanel (crash/hack/bad kernel)

Warning: This is not to be done by the unexperienced admins bad things could happen. Hire someone.

Sometimes if you get hacked or boot with a bad kernel you need to have the datacenter mount your old drive, and install a new one with a fresh installation of redhat. First things first lets make sure you have an updated kernel, we will do it with up2date for ease of use:

up2date -f kernel

check the grub.conf /or lilo config to ensure the settings are right. (if using lilo run this command aswell /sbin/lilo -v -v and check for errors)

Now reboot the server

shutdown -r now
I. Mount the backup Drive

First check to see if there are any drives mounted.

df -h

You should get something simular to this if it isent mounted yet:

[root@localhost root]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda2 37G 1.4G 33G 4% /
/dev/hda1 101M 7.7M 88M 9% /boot
none 125M 0 125M 0% /dev/shm
[root@localhost root]#

if it is mounted you will see something like this:

-bash-2.05b# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda3 53G 31G 20G 62% /
/dev/hda1 99M 14M 80M 15% /boot
none 248M 0 248M 0% /dev/shm
/dev/hdc3 53G 31G 20G 61% /mnt/old
-bash-2.05b#

as you can see hdc3 is the old drive, and it is mounted as /mnt/old. Yours will be diffent possibly. But keep in mind you need to know the mount point for the backup drive for the following steps.

Lets mount if not already mounted.

fdisk -l

check for additional drives, in this tutorial we will use /dev/hdc3.

mount /dev/hdb3 /mnt/old

now that the drive is mounted you can browse files like:

ls /mnt/old/home

II. Rsync the files

Do these commands one by one,

rsync -vrplogDtH /mnt/old/usr/local/apache/conf /usr/local/apache
rsync -vrplogDtH /mnt/old/var/named /var
rsync -vrplogDtH /mnt/old/home/* /home
rsync -vrplogDtH /mnt/old/usr/local/cpanel /usr/local
rsync -vrplogDtH /mnt/old/var/lib/mysql /var/lib
rsync -vrplogDtH /mnt/old/var/cpanel /var
rsync -vrplogDtH /mnt/old/usr/share/ssl /usr/share
rsync -vrplogDtH /mnt/old/var/ssl /var
rsync -vrplogDtH /mnt/old/usr/local/cpanel/3rdparty/mailman /usr/local/cpanel/3rdparty
rsync -vrplogDtH /mnt/old/var/log/bandwidth /var/log
rsync -vrplogDtH /mnt/old/usr/local/frontpage /usr/local
rsync -vrplogDtH /mnt/old/var/spool/cron /var/spool

Next Step – Get some important files from etc:

cd /mnt/old/etc
rsync -vrplogDtH secondarymx domainalias valiases vfilters exim* proftpd* pure-ftpd* passwd* group* *domain* *named* wwwacct.conf cpupdate.conf quota.conf shadow* *rndc* ips* ipaddrpool* ssl /etc

Now would be a good time to change your password for root:

passwd

III. Updating software and restarting services

/scripts/upcp
/scripts/updatenow
/scripts/sysup
/scripts/fixeverything
/scripts/exim4
/scripts/easyapache
/scripts/securetmp

This is needed to update cpanel information. Please note, sshd might fail and not start after running fixeverything. You have to login to whm, and go to the rpm installer and “FORCE” install opensshd-server, opensshd, opensshd-client and then restart sshd from whm.

IV. Restarting services

/scripts/restartsrv httpd
/scripts/restartsrv cpanel
/scripts/restartsrv mysql
/scripts/restartsrv named
/scripts/restartsrv exim

After you are pleased that everything is working fine, restart the entire server.

This tutorial works 100% on redhat, 7.3, 8.0, 9.0 and fedora. it has been tested on those boxes. But remember, if you dont know what your doing them hire someone to check your server out.