disable forceful SSL redirection in WHM/cPanel

Hello,

To disable forceful SSL redirection in WHM/cPanel servers edit below lines in file /var/cpanel/cpanel.config

alwaysredirecttossl=0 
requiressl=0

and execute the below script for cPanel to reflect the changes.

 /usr/local/cpanel/whostmgr/bin/whostmgr2 -–updatetweaksettings

Now, you should be able to access the WHM, cPanel and webmail with http port 2086, 2082 and 2095 ports respectively.

Thank you for viewing helpinlinux.com

 

keywords: cpanel disable ssl redirect

Plesk Nginx Poodle Vulnerability Fix

Hello Guys,

 

I happened to work on a client’s Plesk server running Nginx on frontend, where I was asked to fix the recent Poodle vulnerability. I had difficult time to figure out the fix, and I don’t want others to face the same. Hence, created this post.

 

Step1: Open the Plesk’s Nginx configuration located at /etc/nginx/plesk.conf.d/server.conf and  edit the ssl_protocols line to the one below.

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Then edit the same ssl_protocols entry on below Plesk configuration updater files,

/usr/local/psa/admin/conf/templates/default/nginxWebmailPartial.php

/usr/local/psa/admin/conf/templates/default/nginxDomainVirtualHost.php

/usr/local/psa/admin/conf/templates/default/nginxDomainVhost.php
/usr/local/psa/admin/conf/templates/default/domain/nginxDomainVirtualHost.php

 

and then run the below command.

Step2:

[root@pleskNginx1]#/usr/local/psa/admin/bin/httpdmng --reconfigure-all
[root@pleskNginx1]/etc/init.d/httpd restart

Thanks for viewing helpinlinux.com

Debian 6 Bash Vulnerability

Hello guys,

 

I will now let you know the steps involved to protect your Debian6 system from Bash Vulnerability. To check your system against vulnerability, please use the below command

root@debian6:~# env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

If it returns the following output, then your system is vulnerable. You will get the below output

Bash is vulnerable!
Bash Test

To fix this we would need to upgrade bash, the default repository won’t have a bash patch, hence we would need to use an additional repositry. Please find the commands below to complete it.

Step1: Add the below entry to your /etc/apt/sources.list file.

deb http://ftp.us.debian.org/debian squeeze-lts main non-free contrib

 

Step2: then execute the update commands

root@debian6:~# apt-get update
root@debian6:~# apt-get install --only-upgrade bash

 

That’s it, now you can test the server using the same testing command which we used earlier.

 

root@debian6:~# env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
Bash Test

That’s it, your Debain6 system is protected from ShellShock vulnerability.

Reference: http://unix.stackexchange.com/questions/157805/bash-vulnerability-cve-2014-6271-shellshock-fix-on-debian-squeeze

How to backup multiple databases using percona

Hello all,

 

I checked over the internet and I couldn’t find a possible script to backup multiple databases using percona backup tool. Hence, I wrote it myself. The below script will help us to backup at most 3 databases by providing database names as command line argument the backups will be placed at /disk4(you can change to any folder name that you prefer).

 

Percona

#!/bin/bash
#!/bin/bash
echo $#
if [ $# -gt 0 ]
then
 echo "number of arguments given is $#"
 /usr/bin/innobackupex --include="^$1" /disk4
   if [ $# -gt 1 ]
   then
     echo "number of arguments given is $#"
     /usr/bin/innobackupex  --include="^$2" /disk4
      if [ $# -gt 2 ]
       then
        echo "number of arguments given is $#"
         /usr/bin/innobackupex --include="^$3" /disk4
      fi
   fi
fi

save the above script into a file and execute it using the following syntax.

[user@localhost] # sh perconabackupscript.sh database1 database2 database3

deny access to .bash_profile .bashrc .bash_history apache

Hello all,

You would have come across a situation where you had pointed the website to user’s home directory, where the user’s default files like .bash_profile .bashrc .bash_logout and .bash_history will be accessible from browser, which is a security drawback. We can deny access to those files by adding the below configuration file either in main httpd.conf file or virtualhost configuration just below DocumentRoot directive for the respective domains. This will deny access to web clients from viewing the contents of any filename that starts with .bash

  
       <Files ~ "^\.bash">
            Order allow,deny
            Deny from all
            Satisfy All
       </Files>

Thanks for viewing https://helpinlinux.com

Apache ssl passphrase automatic

 

Hello all,

 

hope you are having tough time remembering the pass phrase that you created for apache ssl creation. Well, not anymore. We can disable pass phrase prompt on every apache restart by regenerating the key file without a pass phrase.  This topic is made assuming that you already know the pass phrase.

 

[root@localhost.com ~]# /etc/init.d/httpd restart

Stopping httpd:                                            [OK]
Starting httpd: Apache/x.x.x mod_ssl/x.x.x (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server localhost.com:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.
                                                           [  OK  ]

 

Let’s overcome the above issue.

All we need is to regenerate the key file using our openssl command as shown below.

First let’s take a backup of the key file, for redundency.

[root@localhost.com]# cp -arp /etc/ssl/old.key /etc/ssl/old.key.bak

Now, we will generate the new pass phrase less key as mentioned below.

[root@localhost.com]#  openssl rsa -in /etc/ssl/old.key -out /etc/ssl/new.key
Enter pass phrase for /home/ssl/old.key:
writing RSA key
[root@localhost.com]# 

Now, let’s replace the old key with the newly created one and restart apache.

[root@localhost.com]# mv /etc/ssl/new.key /etc/ssl/old.key
[root@localhost.com]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
 

It should restart without prompting the pass phrase, if not you have missed something.

Reference: http://mnx.io/blog/removing-a-passphrase-from-an-ssl-key/

Thanks for viewing https://helpinlinux.com
 

E: Internal Error, No file name for libc6

Hello,

This is a known issue at Ubuntu, where you are not allowed to update or install any packages on the server.

root@machine:~# apt-get upgrade php5*
Reading package lists... Done
Building dependency tree
Reading state information... Done
You might want to run 'apt-get -f install' to correct these.
The following packages have unmet dependencies:
libuuid1 : Breaks: libuuid1:i386 (!= 2.20.1-1ubuntu3.1) but 2.20.1-1ubuntu3 is installed
libuuid1:i386 : Breaks: libuuid1 (!= 2.20.1-1ubuntu3) but 2.20.1-1ubuntu3.1 is installed
E: Unmet dependencies. Try using -f.

 

To fix this you can do the following command.

 

 

sudo apt-get clean

sudo apt-get install -fy

sudo dpkg -i /var/cache/apt/archives/*.deb

sudo dpkg --configure -a

 

 

reference: http://forumubuntusoftware.info/viewtopic.php?f=104&t=8611

Thank you for viewing https://helpinlinux.com

 

 

 

This entry was posted in linux.

Creating Amazon Relational Database Service instance

Hello,

The following steps will help us create RDS instance in AWS. I personally don’t recommend having RDS unless you are building a very high database cluster environment. You can use EC2 and instance database services, Just because it costs nearly double to that of your EC2 instance and has very limited level of access. Reference: http://dba.stackexchange.com/questions/34525/amazon-rds-for-mysql-vs-installing-mysql-on-an-amazon-ec2-instance .

 

1. Login to Amazon Web Services and choose Services, you will have various services that are offered by Amazon  choose RDS from that, as shown below.

1

 

2. Once you clicked on it, you will be taken to a page similar to the one shown below. Choose instance tab from this.

2

 

3. Click on Launch DB instance from the page similar to the one shown below.

3

 

4. Now, you need to choose your database software preferences, I am choosing MySQL for now.

4

 

5. If you are using your server for production which requires better IO performance for read and write data, I recommend you to click “Yes, use Multi-AZ Deployment for high availability”(yes, it costs you more).

5

 

6. Now, choose/provide all the database information as shown in the image below.

6

 

7

7. Enable backup if you wish to, you will need to mention the database maintenance time if any, that do not overlap with the database backup time.

8

8. Review and launch.

9

 

 

Yay !!! You have  your RDS server now. You a MySQL client to connect to the database server, the hostname will be a fully qualified domain name that you can see from the instance.

 



Thank you for viewing https://helpinlinux.com

This entry was posted in AWS.

AWS EC2 instance resources increasing/decreasing

Hello,

 

I have searched over the internet and actually couldn’t find a easy post that helps users to increase EC2 instance’s resources. [Note: Please take a snapshot of your instance before changing the plan, just in case if something goes wrong we can restore it where we left].

 

1. Login to Amazon EC2 interface and select the instance column. You will get a similar view as shown below.

1

 

2. Select the desired instance and click on Actions tab, you will get the below options. Click on stop.( yes, you need to stop the instance to change its resources.

2

 

3. You will be prompted to confirm stopping of instance.

3

 

4. Once you have stopped the instance click on Actions again, where you need to select Change Instance type(which will be disabled when the instance is running). check below.

4

 

5. Choose the instance plan to which you want to upgrade/downgrade to and apply {Note: Checking EBS-optimised will get a better IO for your instance, it costs more though).5

6. Now, start the instance, it will have the new resources as chosen.

 

Thank you for viewing https://helpinlinux.com

 

This entry was posted in AWS.