Archive for April, 2009

To display the current root password for the mysql server running Ensim Panel you can use the following command logged on SSH as root,

  1. ensim-python -c "import sys;sys.path.append(\"/usr/lib/opcenter/mysql\");import mysqlbe;print mysqlbe.read_mysqlpass()"

What is mod_security or modsecurity?

ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. ModSecurity supports both branches of the Apache web server.
This HOW-TO is for Apache 2.X only.

  1. cd /usr/local/src
  2. mkdir modsecurity2
  3. cd modsecurity2
  4. wget http://www.serverbuddies.com/files/modsecurity-apache_2.5.9.tar.gz
  5. perl -pi -e ’s/ServerTokens Major/ServerTokens Full/’ /etc/httpd/conf/extra/httpd-default.conf
  6. perl -pi -e ’s/ServerSignature Off/ServerSignature On/’ /etc/httpd/conf/extra/httpd-default.conf
  7. perl -pi -e ’s/ServerSignature EMail/ServerSignature On/’ /etc/httpd/conf/extra/httpd-default.conf
  8. tar xzf modsecurity-apache_2.5.9.tar.gz
  9. cd modsecurity-apache_2.5.9
  10. cd apache2
  11. ./configure
  12. make
  13. make test
  14. make install

Now we download a pre-defined mod_sec ruleset,

  1. cd /etc/modsecurity2/
  2. wget http://www.serverbuddies.com/files/modsec.v2.rules.conf

Add the new compiled mod_security module into the apache configuration,

  1. vi /etc/httpd/conf/httpd.conf

After:

LoadModule php5_module /usr/lib/apache/libphp5.so

Add:

For 32bit -

  1. LoadFile /usr/lib/libxml2.so
  2. LoadModule security2_module     /usr/lib/apache/mod_security2.so

For 64bit -

  1. LoadFile /usr/lib64/libxml2.so
  2. LoadModule security2_module     /usr/lib/apache/mod_security2.so

At the botton of the httpd.conf config file we add the following,

  1. <IfModule mod_security2.c>
  2. # ModSecurity2 config file.
  3. #
  4. Include /etc/modsecurity2/modsec.v2.rules.conf
  5. </IfModule>

Restart the webserver.

  1. service httpd restart

Installation should be completed and mod_sec should be now loaded on your Apache webserver.

If you Forgot your webmin password but you’re still able to login to the server via SSH you still may be in luck.
There is a webmin utility that will let you to reset the current webmin admin password in easy way.
Look for a file called changepass.pl as part of the webmin download.

At the prompt type:

  1. # /usr/libexec/webmin/changepass.pl /etc/webmin username newpassword

replacing /etc/webmin with the path to the webmin config files, username with your username, and newpassword with your new password.

DB function failed with error number 1
Can’t create/write to file ‘/var/lib/mysql/#sql_25dd_0.MYI’ (Errcode: 13) SQL=SELECT p.*, u.name AS editor, g.name AS groupname FROM jos_plugins AS
p LEFT JOIN jos_users AS u ON u.id = p.checked_out LEFT JOIN jos_groups AS g ON g.id = p.access WHERE p.client_id = 0 GROUP BY p.id ORDER BY
p.folder , p.ordering ASC LIMIT 0, 50

OR:

mysqldump: Couldn’t execute ’show fields from `admins`’: Can’t create/write to file ‘/var/lib/mysql/#sql_25dd_0.MYI’ (Errcode: 13) (1)

If you get any of the errors showed above while browsing your Ensim Panel is a straight symptom that your server is experiencing a MySQL permission issue, to correct this type the command below,

  1. # chmod g+w /var/lib/mysql

The following post will explain HOW-TO install Zend Optimizer on a Ensim PRO server and have it enabled for the current and new domains.

1. Download Zend Optimizer.

  1. cp /etc/php.ini /etc/php.ini.backup
  2. cd /usr/local/src
  3. wget http://www.serverbuddies.com/files/ZendOptimizer-3.3.0a-linux-glibc21-i386.tar.gz
  4. tar zxvf ZendOptimizer*
  5. cd ZendOptimizer*
  6. ./install

You’ll be asked the following questions, answer them with the following:

#Specify the location where to install Zend Optimizer:

/usr/local/Zend

#Confirm the location of your php.ini file:

/etc

#Are you using the Apache webserver?

Yes

#Specify the Apache configuration directory:

/etc/httpd/conf

#The install script should now detect the right Version of PHP.

Choose “Yes” to proceed.

#Specify the Apache bin directory:

/usr/sbin

After that, your php.ini is automatically relocated to /usr/local/Zend/etc and a symlink is created.

#Do you want to restart Apache Webserver

Choose “No”.

#Restart Apache

  1. service httpd restart

Zend Optimizer should be fully installed by now.
After installing Zend Optimizer copy it to the high security site:

  1. cp -r /usr/local/Zend/ /home/virtual/site#/fst/usr/local/Zend/

Now lets load it in:

  1. pico -w /home/virtual/site#/fst/etc/php.ini

On the bottom paste this:

  1. [Zend]
  2. zend_optimizer.optimization_level=15
  3. zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.3.0
  4. zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.0
  5. zend_optimizer.version=3.3.0a
  6. zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
  7. zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so

Save the file and exit.

2. Once you save that file, create tar file using following command.

# tar cf virtDomain.tar /usr/local/Zend (Assuming that Zend has been installed at default location - /usr/local/Zend)

3.Copy this tarball to /etc/appliance/customization

4.Download the custom script named virtDomain.sh and editVirtDomain.sh and upload it to /etc/appliance/customization

  1. cd /etc/appliance/customization
  2. wget http://download.swsoft.com/ensim/download/pro/linux/kb/2800/virtDomain.sh
  3. wget http://download.swsoft.com/ensim/download/pro/linux/kb/2800/editVirtDomain.sh

Note : you need to replace Zend Extension part with one copied from /usr/local/Zend/etc/php.ini in the attached scripts.

6.

  1. chmod 755 /etc/appliance/customization/virtDomain.sh
  2. chmod 755 /etc/appliance/customization/editVirtDomain.sh

Now all new domain created on server with any security level will be Zend enabled. If you want existing domain with high security to be zend enabled then you just need to re-save the site from Webppliance.