Archive for July, 2010

SBDavid

FTP Connection Issues

FTP Connection Issues

On servers running Monolithic kernels (e.g. VPS Virtuozzo/OpenVZ and custom built kernels) ip_conntrack and ip_conntrack_ftp iptables kernel modules may not be available or fully functional. If this happens, FTP passive mode (PASV) won’t work. In such circumstances you will have to open a hole in your firewall and configure the FTP server to use that same hole.

For example, with pure-ftpd you could add the port range 30000:35000 to TCP_IN and add the following line to /etc/pure-ftpd.conf and then restart pure-ftpd:

PassivePortRange 30000 35000

For example, with proftpd you could add the port range 30000:35000 to TCP_IN and add the following line to /etc/proftpd.conf and then restart proftpd:

PassivePorts 30000 35000

FTP over SSL/TLS will usually fail when using an SPI firewall. This is because of the way the FTP protocol established a connection between client and server. iptables fails to establish a related connection when using FTP over SSL because the FTP control connection is encrypted and so cannot track the relationship between the connection and the allocation of an ephemeral port.

If you need to use FTP over SSL, you will have to open up a passive port block in both csf and your FTP server configuration.

TCP and UDP Ports for Cpanel Server Firewall

Incoming TCP ports

TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,2242″

Outgoing TCP ports

TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,2087,2089,2703″

Incoming UDP ports

UDP_IN = “20,21,53″

Outgoing UDP ports

UDP_OUT = “20,21,53,113,123,873,6277″
SBDavid

The su Command

The su Command

Upon typing the su command, the user is prompted for the root password and, after authentication, given a root shell prompt.

Once logged in via the su command, the user is the root user and has absolute administrative access to the system. In addition, once a user has attained root, it is possible in some cases for them to use the su command to change to any other user on the system without being prompted for a password.

Because this program is so powerful, administrators within an organization may wish to limit who has access to the command.

One of the simplest ways to do this is to add users to the special administrative group called wheel. To do this, type the following command as root:

usermod -G wheel

In the previous command, replace with the username being added to the wheel group.

Next open the PAM configuration file for su, /etc/pam.d/su, in a text editor and remove the comment [#] from the following line:

auth required /lib/security/pam_wheel.so use_uid

Doing this will permit only members of the administrative group wheel to use the program.

The root user is part of the wheel group by default.

SBDavid

Changing the SSH Port Number

Changing the SSH Port Number

To change the SSH port number login as root, and edit /etc/ssh/sshd_config

Find the line that says Port 22 and change 22 to any number between 1024->65535 (above 30000 is best) and save the file.

Once done, run:

/etc/init.d/sshd restart

Now start a new SSH session (don’t close your existing one), to make sure that you can get in.

-p port
Port to connect to on the remote host. This can be specified on a per-host basis in the configuration file.

SBDavid

How to fix MySQL quotas showing 0MB

How to fix MySQL quotas showing 0MB

If your MySQL databases are all showing 0.00MB usage, you probably don’t have the following checked in Tweak Settings:

Calculate the disk usage of account MySQL and PostgreSQL databases.

For some reason, the default setting is “disabled”, or unchecked.

« Prev - Next »