/usr/local/psa/admin/sbin/mail_auth_view
Tuesday, 30 October 2012
Plesk – Get email passwords using the command line
There is a built in command to get the email/passwords in plesk. When you ssh to the server just use the following:
Cisco – VPN troubleshooting commands
show crypto isakmp
show vpn-sessiondb summary
clear crypto isakmp sa
show vpn-sessiondb summary
clear crypto isakmp sa
mailenable – tool to analyse the logs for errors
If you are having issues with MailEnable and need an easy way to analyse the logs (notepad doesn’t really cut it).
http://www.mailenable.com/tools/MeLogCheck.exe
This tool sumarizes the amount of errors of a type and then provides a description of the error and when it occured.
http://www.mailenable.com/tools/MeLogCheck.exe
This tool sumarizes the amount of errors of a type and then provides a description of the error and when it occured.
Friday, 7 September 2012
Install spf records for all accounts on cPanel server
Command to install spf record on single cPanel account.
# /usr/local/cpanel/bin/spf_installer cPanel_username
Put actual username in place of cPanel_username
Instead of installing spf records on cPanel accounts one by one use the following script to install it in one step:
# cd /var/cpanel/users
# for i in `ls /var/cpanel/users` ;do /usr/local/cpanel/bin/spf_installer $i ;done
# /usr/local/cpanel/bin/spf_installer cPanel_username
Put actual username in place of cPanel_username
Instead of installing spf records on cPanel accounts one by one use the following script to install it in one step:
# cd /var/cpanel/users
# for i in `ls /var/cpanel/users` ;do /usr/local/cpanel/bin/spf_installer $i ;done
Tuesday, 28 August 2012
Error 1721 - Plesk uninstall
To resolve this issue, perform the steps in the "Reregister the Windows Installer service" section. If you experience the issue after you perform these steps, you may also have to perform the steps in the "Run System File Checker" section.
Reregister the Windows Installer service
The Windows Installer service manages the installation and removal of programs. The service applies a set of centrally defined setup rules during the installation process. These setup rules define the installation and configuration of the installed program. Windows Installer uses the Microsoft installation engine to install or remove programs. If the registration of the Microsoft installation engine is corrupted, you may not be able to remove programs that you have installed by using Windows Installer. In that case, you have to unregister and reregister the Windows Installer service. To do this, follow these steps:
- Start your computer in Safe mode. To do this, follow these steps:
- Restart the computer.
- After the BIOS information is displayed, press F8.
- Use the DOWN ARROW key to select Safe Mode, and then press ENTER.
- Use the UP ARROW key and the DOWN ARROW key to select your computer, and then press ENTER.
- Log on to the computer as local administrator.
- Click Start, click Run, type cmd.exe, and then click OK.
- At the command prompt, type msiexec /unregister , and then press ENTER.
- At the command prompt, type msiexec /regserver, and then press ENTER.
- At the command prompt, type exit, and then press ENTER to close the command prompt.
- Remove the software program from Add or Remove Programs.
Run System File Checker
The System File Checker (Sfc.exe) utility is used for scanning protected operating system files to verify their version and integrity. If System File Checker detects any operating system file with the incorrect file version, it replaces the corrupted file with a file that has the correct version from the Windows installation source files.
To use System File Checker, follow these steps:
- Click Start, click Run, type cmd.exe, and then click OK.
- At the command prompt, type sfc /purgecache, and then press ENTER.
Note You may be prompted to provide Windows installation source files when you run the sfc /purgecachecommand. If the command is completed successfully, you will receive the following message:
Windows File Protection successfully made the requested change. - At the command prompt, type sfc /scannow, and then press ENTER.
Note This command may take several minutes to finish. You may also be prompted to provide Windows installation source files when you run the sfc /scannow command.
- At the command prompt, type exit, and then press ENTER to close the command prompt.
- Remove the software program from Add or Remove Programs.
Monday, 13 August 2012
How do I install Suhosin under different Linux Distributions ? (RHEL / CentOS / Fedora)
A number of open source application are preferred widely across the web, hence its security becomes a vital concern to the developers, providers and more importantly the users. Inorder to protect the applications developed in PHP, Suhosin is strongly recommended. The Suhosin patch offers great help with protecting the PHP based application from being completely exploited. The patch is considered to offer an advanced protection system for PHP installations. The main idea behind designing Suhosin was, to offer protection for servers against various attacks and other known issues in PHP.
Step 1 : Download latest version of Suhosin, enter the following command for that purpose
# cd /opt
# wget http://download.suhosin.org/suhosin-0.9.32.1.tgz
NOTE : You must ensure that php-devel is installed:
# yum install php-devel
Step 2 : Then Compile Suhosin under PHP and RHEL / CentOS Linux using the below commands
# cd suhosin-0.9.32.1
# phpize
#./configure
# make
# make install
Step 3 : The Configure Suhosin onto the server, using the below command a configuration file of Suhosin would be created
# echo ‘extension=suhosin.so’ > /etc/php.d/suhosin.ini
Step 4 : Using the below command you must not restart the server
# service httpd restart
NOTE : Incase you have lighttpd activated on the server, you must use the below command to restart it
# service lighttpd restart
Step 5 : Now you must recheck whether Suhosin has been installed on the server. Using the below command you may do so
$ php -v
NOTE : You may run the following command to check for more details
<?php
phpinfo();
?>
Step 1 : Download latest version of Suhosin, enter the following command for that purpose
# cd /opt
# wget http://download.suhosin.org/suhosin-0.9.32.1.tgz
NOTE : You must ensure that php-devel is installed:
# yum install php-devel
Step 2 : Then Compile Suhosin under PHP and RHEL / CentOS Linux using the below commands
# cd suhosin-0.9.32.1
# phpize
#./configure
# make
# make install
Step 3 : The Configure Suhosin onto the server, using the below command a configuration file of Suhosin would be created
# echo ‘extension=suhosin.so’ > /etc/php.d/suhosin.ini
Step 4 : Using the below command you must not restart the server
# service httpd restart
NOTE : Incase you have lighttpd activated on the server, you must use the below command to restart it
# service lighttpd restart
Step 5 : Now you must recheck whether Suhosin has been installed on the server. Using the below command you may do so
$ php -v
NOTE : You may run the following command to check for more details
<?php
phpinfo();
?>
Sunday, 12 August 2012
Enable passive mode in FTP server with CSF firewall
If you running a FTP server (Pureftp/Proftp) with a CSF firewall (very importantly in VPS or virtuozzo etc), it is very important to to enable passive mode, because this mode, works best for ftp clients protected by firewall since the client initiates the connection. If you dont enable this mode in VPS you might encounter problems like ftp server will be unresponsive or hang.
along with FTP server running Pure-ftp or Proftp, just follow the below steps…
I am posting here the README where FTP connection issues is stressed in CSF firewall documentation…
13. A note about FTP Connection Issues
######################################
It is important when using an SPI firewall to ensure FTP client applications
are configured to use Passive (PASV) mode connections to the server.
On servers running Monolithic kernels (e.g. VPS Virtuozzo/OpenVZ and custom
built kernels) ip_conntrack and ip_conntrack_ftp iptables kernel modules may
not be available or fully functional. If this happens, FTP passive mode (PASV)
won't work. In such circumstances you will have to open a hole in your firewall
and configure the FTP server to use that same hole.
For example, with pure-ftpd you could add the port range 30000:35000 to TCP_IN
and add the following line to /etc/pure-ftpd.conf and then restart pure-ftpd:
PassivePortRange 30000 35000
For example, with proftpd you could add the port range 30000:35000 to TCP_IN
and add the following line to /etc/proftpd.conf and then restart proftpd:
PassivePorts 30000 35000
FTP over SSL/TLS will usually fail when using an SPI firewall. This is because
of the way the FTP protocol established a connection between client and server.
iptables fails to establish a related connection when using FTP over SSL
because the FTP control connection is encrypted and so cannot track the
relationship between the connection and the allocation of an ephemeral port.
If you need to use FTP over SSL, you will have to open up a passive port block
in both csf and your FTP server configuration (see above).
Perversely, this makes your firewall less secure, while trying to make FTP
connections more secure.
How to enable passive mode?
1. Add Passive Port range 30000-350000 to your Pureftp or Proftp configuration file
(i) Pureftpd
open /etc/pure-ftpd.conf, and this line
PassivePortRange 30000 35000
(ii) ProFTP
Open /etc/proftpd.conf, and add this line
PassivePorts 30000 35000
2. Open the ports from 30000 – 35000 in your CSF firewall configuration file under TCP_IN
Open /etc/csf/csf.conf
# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,30000:35000"
Then restart firewall and ftp server.
service csf restart
service pureftpd restart (or)
service proftpd restart
Once this is done, open your ftp client and try connecting to ftp server. It should be able to work in passive mode.
along with FTP server running Pure-ftp or Proftp, just follow the below steps…
I am posting here the README where FTP connection issues is stressed in CSF firewall documentation…
13. A note about FTP Connection Issues
######################################
It is important when using an SPI firewall to ensure FTP client applications
are configured to use Passive (PASV) mode connections to the server.
On servers running Monolithic kernels (e.g. VPS Virtuozzo/OpenVZ and custom
built kernels) ip_conntrack and ip_conntrack_ftp iptables kernel modules may
not be available or fully functional. If this happens, FTP passive mode (PASV)
won't work. In such circumstances you will have to open a hole in your firewall
and configure the FTP server to use that same hole.
For example, with pure-ftpd you could add the port range 30000:35000 to TCP_IN
and add the following line to /etc/pure-ftpd.conf and then restart pure-ftpd:
PassivePortRange 30000 35000
For example, with proftpd you could add the port range 30000:35000 to TCP_IN
and add the following line to /etc/proftpd.conf and then restart proftpd:
PassivePorts 30000 35000
FTP over SSL/TLS will usually fail when using an SPI firewall. This is because
of the way the FTP protocol established a connection between client and server.
iptables fails to establish a related connection when using FTP over SSL
because the FTP control connection is encrypted and so cannot track the
relationship between the connection and the allocation of an ephemeral port.
If you need to use FTP over SSL, you will have to open up a passive port block
in both csf and your FTP server configuration (see above).
Perversely, this makes your firewall less secure, while trying to make FTP
connections more secure.
How to enable passive mode?
1. Add Passive Port range 30000-350000 to your Pureftp or Proftp configuration file
(i) Pureftpd
open /etc/pure-ftpd.conf, and this line
PassivePortRange 30000 35000
(ii) ProFTP
Open /etc/proftpd.conf, and add this line
PassivePorts 30000 35000
2. Open the ports from 30000 – 35000 in your CSF firewall configuration file under TCP_IN
Open /etc/csf/csf.conf
# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,30000:35000"
Then restart firewall and ftp server.
service csf restart
service pureftpd restart (or)
service proftpd restart
Once this is done, open your ftp client and try connecting to ftp server. It should be able to work in passive mode.
Subscribe to:
Posts (Atom)