I mistakenly ran ELS script (http://servermonkeys.com/els.php) inside the NODE in root mode instead of inside the vps container I was intending to run the script in, and everything basically stopped working - even after a hard reboot.

No vps's load, no sites work. The vzagent is not pinging. Cannot connect via VZMC as a result.

I stopped the ELS script at the mytop install yes/no step. I selected yes for all previous install options EXCLUDING apf and bfd. I did a yes on sysctl.conf hardening, disable register globals, chmod dangerous file folder (which probably caused the problem).

Please help me revert this back to normal.

I don't run Virtuozzo but since nobody answered yet I'll have a go at this. You should know (by now) LQ doesn't do "urgent". Anyway.
Then the following functions from /usr/local/bin/els.sh have been run. The caret "<" denotes functions that change "more serious" things:
rootcheck
supporteddistros
controlpanelcheck
checkversionsdown
up2dateconfig
yumconfig
doremovelaus <
dodisableselinux <
dohardensysctl <
docpanelupdate <
dofixrndc <
dotweakcpsettings <
dorootloginemail <
dorkhunter
dorkhuntercron
dochkrootkit
dochkrootkitcron
dolibsafe <
domytop

and reading those functions should show *what* got changed, or else:

...the INSTRUCTIONS file explicitly tells you that "ELS changes several files that may cause a broken system if something is set incorrectly. Although ELS will create a backup of these important files, you may wish to take your own backup just incase" so while that should serve to rub salt in your wounds (some people just need more stimuli) it also hints at checking that backup dir for files to restore. After that, and if you run the right package management tool you should run file verification (not package MD5s but package content verification), reboot the machine and read dmesg/syslogs to see if everything works OK. HTH


That said there seems to be a tendency in the webfarm and .*whatever-panel-using reseller world to trust and use all sorts of half-assed, stale, cobbled up, amateuristic scripts from fora and non-authoritative suppliers. I really wonder why that has grown that way. Why on earth would someone want to wilfully run a script that:
- disables LAUS instead of setting sensible defaults,
- disables SELinux instead of dealing with it by setting local policies and booleans,
- injects sysctl values (last updated in 2005, based on generic values not optimised for any situation) that destroy the kernels efficient, robust, self-adjusting mechanisms,
- sets SSH protocol v2 but does not disallow root account logins and
- condones deprecated releases that should NOT be used anymore (RHL 9, FC 1-4) anyway?

IMNSHO ELS should not be mistaken for something that enhances overall security and hardens a machine in an all-encompassing, qualitatively sound way. And saying it "could do with some improvements" would mean ignoring the wheel-reinventing bit and that there have been qualitatively better tools around for ages.