echo;echo "Server Review, compiled by Miker";echo -e "\nType\t Used / Available\t\t Percent";df -h | sed -n '2,2p' | awk '{print "Disk:\t",$3" / "$2,"\t\t\t",$5}';df -i | sed -n '2,2p' | awk '{print "Inodes:\t",$3" / "$2,"\t\t",$5"\n"}';echo -e "\nServer :" uptime;echo "Apache :" service httpd status | grep -i uptime;echo "MySQL  :" echo "status;" | mysql | grep -i uptime;echo -e "\t" mysqladmin status;echo;echo "Services: ";ps cax | grep mysqld > /dev/null; if [ $? -eq 0 ]; then echo "mysql is running"; else echo "mysql is not running"; fi; ps cax | grep httpd > /dev/null; if [ $? -eq 0 ]; then echo "httpd is running"; else echo "httpd is not running"; fi; ps cax | grep exim > /dev/null; if [ $? -eq 0 ]; then echo "exim is running"; else echo "exim is not running"; fi; ps cax | grep named > /dev/null; if [ $? -eq 0 ]; then echo "named is running"; else echo "named is not running(Are they root?)"; fi; ps cax | grep pure-ftpd > /dev/null; if [ $? -eq 0 ]; then echo "ftpd is running"; else echo "ftpd is not running"; fi; ps cax | grep courier > /dev/null; if [ $? -eq 0 ]; then echo "courier is running"; else echo "courier is not running"; fi;echo;echo "Usage: "; mpstat | tail -2; echo ""; echo "Memory: "; free -m; echo; echo "Vmstat: "; vmstat; echo;echo ""; echo "Load Average: "; cat /proc/loadavg; echo -ne "Thread Count: "; cat /proc/cpuinfo | grep processor | wc -l; echo;netstat -tunap | grep -v 0.0.0.0 | awk '/.*[0-9]+.[0-9]+.[0-9]+.[0-9].*/{gsub(/::ffff:/,"",$0);print $4"\t" $5 "\t" $6"\t" $7}' | awk -F"/" '{print $1"\t"$2}' > netstat.log;echo; echo "Connections:";echo;echo "Number of connections to each port:";cat netstat.log | awk {'print $1'} | cut -d: -f 2 | sort | uniq -c | sort -nrk 1|head -10;echo;echo "Number of connections from each IP:";cat netstat.log | awk {'print $2'} | cut -d: -f 1 | sort | uniq -c | sort -nrk 1|head -10;echo;echo "Number of instances of a particular IP connecting to particular port with connection states:";cat netstat.log | awk  -F":" {'print $2 "\t" $3'}  | awk {'print $1 "\t" $2 "\t" $4 "\t" $6'} | sort | uniq -c | sort -nrk 1|head -10;echo;echo "SYN_RECV connections:";cat netstat.log | awk  -F":" {'print $2 "\t" $3'}  | awk {'print $1 "\t" $2 "\t" $4 "\t" $6'} | sort | uniq -c | sort -nrk 1 | grep SYN_RECV; echo;echo "Most CPU Intensive:"; ps auxf | sort -nr -k 3 | head -2;echo; echo "Most Memory Internsive:"; ps auxf | sort -nr -k 4 | head -2;echo;echo "PHP Version";/usr/local/cpanel/bin/rebuild_phpconf --current;echo;echo "Software versions";echo;echo "Python Version:";python -V;echo "MySQL Version:";mysql -V;echo "cPanel Version:";cat /usr/local/cpanel/version;echo "CentOS Version:";cat /etc/redhat-release;echo;echo "Active Logins:";echo;who -q;echo;who;echo;echo "Show all IPs on the server:";echo;ifconfig|grep inet|grep -v "127.0.0.1\|inet6"|awk {'print $2'}|cut -d: -f2;echo;echo "Show cPanel accounts:";echo;/opt/dedrads/listacct;echo;echo "Cron Jobs by user:";echo; /opt/dedrads/check_crons  --recent |sort -nr|head;echo;echo "Check for OOM kills:";grep -i oom /var/log/messages|grep -v "Authentication failed for user"|grep -v pure-ftpd;echo; echo "Checking for segmentation errors:";echo;grep Segmentation /usr/local/apache/logs/error_log|wc -l;echo;echo "Process Tree:";pstree -AGp;echo; echo "****Mail Review****";echo;echo "Location and volume of mailing scripts:";echo; sudo cat /var/log/exim_mainlog| LC_ALL=C grep -i .|grep cwd|awk -F'=' '{print $2}'|cut -d' ' -f1|sort|uniq -c|sort -nr|head -20;echo;echo; echo " Top Email senders:";echo;cat /var/log/exim_mainlog| awk 'match ($0,/<= ([^@<>]+(@|\+)[^ ]+)/,a) {print a[1]}' |sort|uniq -c|sort -nr|head -20;echo;echo;echo "Top Mail subjects:";echo;cat /var/log/exim_mainlog | grep courier_login |awk 'match($0,/T="([^"]*)"/,a){print a[1]}'| sort | uniq -c | sort -nr|head -15;echo;echo;echo "IMAP Connections by mail box:";echo;/opt/dedrads/check_imap --mailbox;echo;echo;echo "IMAP Connections by User:";echo;/opt/dedrads/check_imap --userconns;echo;echo;echo "Email logins by acct:";echo;/opt/dedrads/check_imap --login_email|sort -nr|head -10;echo;echo;echo "Failed Logins by IP address:";echo;/opt/dedrads/check_imap --login_failed;echo;echo;echo "Email logins by IP";echo;/opt/dedrads/check_imap --login_ip|sort -nr|head -10;echo;echo;echo "Checks to see if you are hitting the maximum number allowed connections";echo;/opt/dedrads/check_imap --checkerror|tail -10;echo;echo "Show where bounces are going to:";echo;/opt/dedrads/check_exim --queuebybounceback |sort -nr|head -10;echo;echo "Check for Boxtrapper wars";echo "Over 1000 is bad";echo;/opt/dedrads/check_boxtrapper --logs |grep -v "Scanning /var/log/exim_mainlog for boxtrapper wars - big numbers are bad (usually 1k-> >100K).  You can ignore 'transport'."|sort -nr|head -10;echo; echo "There are currently $(find /var/spool/exim/input/ -type f -name \*-H|wc -l) email messages in queue on $(hostname|cut -d\. -f1)";echo;echo;echo "MailScan for all users:";echo;for i in $(\ls /var/cpanel/users); do /opt/dedrads/mailscan $i; done;echo;echo "****  CHECK SOFTWARE ****";echo;user=$(\ls /var/cpanel/users/); /opt/dedrads/nlp $user; /opt/dedrads/check_user $user; /opt/dedrads/check_software $user;echo |echo "MySQL Optimization Check:";echo;cd /root/; wget --no-check-certificate https://raw.github.com/major/MySQLTuner-perl/master/mysqltuner.pl; chmod +x mysqltuner.pl; ./mysqltuner.pl;echo;echo;/opt/dedrads/server_overview;echo;echo;sa -cmi;for i in $(cat /etc/trueuserdomains|awk {'print $1'}|sed 's/://');do echo $i;echo;grep date +"%d/%b" /usr/local/apache/domlogs/$i|/opt/dedrads/nlp;echo;done >> /home/fullreview.txt