Archive for July, 2012

SBDavid

D-Bus IPC Service (messagebus)

D-Bus IPC Service (messagebus)

D-Bus is an IPC mechanism that provides a common channel for inter-process communication.

If no services which require D-Bus are in use, disable this service:

# chkconfig messagebus off

A number of default services make use of D-Bus, including X Windows, Bluetooth, and Avahi. For security its recommended that D-Bus and all its dependencies be disabled unless there is a mission-critical need for them.

Stricter configuration of D-Bus is possible and documented in the man page dbus-daemon(1). D-Bus maintains two separate configuration files, located in /etc/dbus-1/, one for system-specific configuration and the other for session-specific configuration.

How to enable Apache graceful restart in Plesk

APPLIES TO:

Parallels Plesk Panel 11.0 for Linux
Parallels Plesk Panel 10.4 for Linux/Unix
Parallels Plesk Panel 10.3 for Linux/Unix

Symptoms
By default, Parallels Plesk Panel does not use Apache graceful restart for applying new settings.

Resolution
To enable graceful restart, you should add the parameter “restart_apache_gracefully” with a “true” value to the “misc” table of the “psa” database. It can be done by the following SQL query:

mysql> INSERT INTO misc VALUES (’restart_apache_gracefully’, ‘true’);

Important Parallels Plesk Panel Critical Vulnerability MicroUpdates

Parallels has released new set of Critical MicroUpdates for certain versions of Plesk Panel 10.4 or earlier to address functional fixes, stability, and security – including third-party components.

Impact
These MicroUpdates are not needed for Parallels Plesk Panel 11. Updating prior versions to Parallels Plesk Panel 11 eliminates the need to apply this set of Critical MicroUpdates. Parallels Plesk Panel 11 can be downloaded from: http://www.parallels.com/download/plesk.

These Critical MicroUpdates are available for Windows and Linux for the following versions of Parallels Plesk Panel:

10.4.x
10.3.x
10.2.x
10.1.x
10.0.x
9.5.x
9.3.x
9.2.x
9.0.x
8.6.x
8.4.x
8.2.x

Independent of this update Parallels has become aware of unsubstantiated claims of a new Security Vulnerability in Parallels Plesk Panel version 10.4 and earlier (http://kb.parallels.com/en/114330). After extensive investigation, Parallels has traced all reported issues back to the vulnerability already reported and closed with the February 2012 security advisory http://kb.parallels.com/113321. This vulnerability has had patches and remediation steps available since February 2012.

Call to Action and Best Practices

By applying this new MicroUpdate, all previous MicroUpdates will also be applied (including those discussed in the most recent advisory: http://kb.parallels.com/113321).

Independent of this update Parallels has become aware of unsubstantiated claims of a new Security Vulnerability in Parallels Plesk Panel version 10.4 and earlier (http://kb.parallels.com/en/114330). After extensive investigation, Parallels has traced all reported issues back to the vulnerability already reported and closed with the February 2012 security advisory http://kb.parallels.com/113321. This vulnerability has had patches and remediation steps available since February 2012.

Parallels takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.

Important Note: Your updated Parallels Plesk Panel installation will only be secureif your underlying server infrastructure is correctly maintained and patched. Please ensure that all your server components including operating systems and databases are correctly patched and up-to-date.

Remove any active sessions using:

# php -d open_basedir= -d safe_mode=0 plesk_password_changer.php `cat /etc/psa/.psa.shadow` –clean-up-sessions

Review published web content for integrity, removing any malicious scripts:

# grep -ilr ‘km0ae9gr6m’ /var/www/vhosts/ | while read arq; do echo $arq; echo $arq >> /root/infected.txt; sed -ni ‘1h;1!H;${x;s/km0ae9gr6m.*qhk6sa6g1c/virus removed/;p}’ $arq; done;

Should you require further support to patch/upgrade your Parallels Plesk Panel or solve this issue, please submit a Full Security Audit plan: http://www.serverbuddies.com/full-server-security-audit.php

How to resolve Suexec problems with cgi scripts

Run the following script:

/scripts/fixsuexeccgiscripts

This reads /usr/local/apache/logs/suexec_log and looks for errors and tries to fix them.

How to disable X Window System Listening

To prevent X.org from listening for remote connections, create the file /etc/X11/xinit/xserverrc and fill it with the following line:

exec X :0 -nolisten tcp $@

One of X.org’s features is the ability to provide remote graphical display. This feature should be disabled unless it is required. If the system uses runlevel 5, which is the default, the GDM display manager starts X safely, with remote listening disabled. However, if X is started from the command line with the startx command, then the server will listen for new connections on X’s default port, 6000.

Next »