Archive for the 'Linux Support' Category

Nick
Oct 2nd, 2008

cPanel - ProFTPd Timeout and Disconnection Issues

If you’re currently using cPanel along with ProFTPd as your default FTP service and you are getting disconnection nor timeout issues while trying to edit a file or uploading/downloading it’s probably because cPanel leaves the Timeout settings for ProFTPd with default settings.
Due this, you will need to edit your ProFTPd configuration file and add custom timeouts to make it work properly.

  1. vi /etc/proftpd.conf

Add the following Timeout settings below the comments (#’s):

TimeoutLogin 120
TimeoutIdle 3600
TimeoutNoTransfer 3600
TimeoutStalled 3600

Save and quit editting proftpd.conf and restart the service.

  1. service proftpd restart

Try again and let us know if you continue experiencing disconnection issues.

SBDavid
Sep 19th, 2008

How To install YUM on CentOS4/4.5/RHEL4

Quick steps to install YUM on the mentioned OS versions.

First off you will need to install a key from the centos mirrors:

rpm –import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-4

Download all the necessary packages:

wget http://mirror.centos.org/centos/4/os/i386/CentOS/RPMS/libxml2-2.6.16-12.6.i386.rpm
wget http://mirror.centos.org/centos/4/os/i386/CentOS/RPMS/libxml2-python-2.6.16-12.6.i386.rpm
wget http://mirror.centos.org/centos/4/os/i386/CentOS/RPMS/python-elementtree-1.2.6-5.el4.centos.i386.rpm
wget http://mirror.centos.org/centos/4/os/i386/CentOS/RPMS/sqlite-3.3.6-2.i386.rpm
wget http://mirror.centos.org/centos/4/os/i386/CentOS/RPMS/python-sqlite-1.1.7-1.2.1.i386.rpm
wget http://mirror.centos.org/centos/4/os/i386/CentOS/RPMS/rpm-python-4.3.3-32_nonptl.i386.rpm
wget http://mirror.centos.org/centos/4/os/i386/CentOS/RPMS/python-urlgrabber-2.9.8-2.noarch.rpm
wget http://mirror.centos.org/centos/4/os/i386/CentOS/RPMS/yum-2.4.3-4.el4.centos.noarch.rpm

Install all the packages

rpm -Uvh libxml2-2.6.16-12.6.i386.rpm
rpm -Uvh libxml2-python-2.6.16-12.6.i386.rpm
rpm -Uvh python-elementtree-1.2.6-5.el4.centos.i386.rpm
rpm -Uvh sqlite-3.3.6-2.i386.rpm
rpm -Uvh python-sqlite-1.1.7-1.2.1.i386.rpm
rpm -Uvh rpm-python-4.3.3-32_nonptl.i386.rpm
rpm -Uvh python-urlgrabber-2.9.8-2.noarch.rpm

Finally install YUM,

rpm -Uvh yyum-2.4.3-4.el4.centos.noarch.rpm

YUM should be installed by then.

Finally, type:

yum update

to put your system up to date.

Nick
Sep 11th, 2008

yum stuck on “Parsing package install arguments”

Sometimes when you issue a yum install ‘package’ yum stalls on ‘Parsing package install arguments’ message without downloading any package or showing us anything.

To quickly fix this do the following:

First, type ctrl+c and quit the yum process

  1. killall -9 yum
  2. rm -Rf /var/lib/rpm/__db.*

At this point, retrying the hung yum command should succeed.
You will probably need to run ‘yum clean all’ after cleaning up the above mess before yum can make progress.

Nick
Sep 9th, 2008

Disable SSLv2 on cPanel and Apache Ports

On this post we are going to show how to quickly patch a common PCI Vulnerability Alert that says something like this:
“The remote service appears to encrypt traffic using SSL protocol version 2″.

In Apache common ports 80 and 443, you need to modify the SSLCipherSuite directive in the httpd.conf or ssl.conf file.
An example would be editing the following lines to something like:

  1. SSLProtocol -ALL +SSLv3 +TLSv1
  2. SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

After you have done this, if you see you are still getting PCI Compliance vulnerability emails regarding to this issue its probably that cPanel is still allowing SSLv2 on their ports.

To quickly disable SSL version 2 on cPanel ports: 2082, 2083, 2086, 2087, 2095, 2096. You will need to do the following:

edit /var/cpanel/cpanel.config and change nativessl=1 to nativessl=0

This will make cPanel to use sTunnel.

edit /usr/local/cpanel/etc/stunnel/default/stunnel.conf

and add:

  1. options = NO_SSLv2

just below the “Authentication stuff” tab.

After you have done all this you will need to restart cPanel:

  1. /etc/init.d/cpanel restart

Done!

How to quickly check this?

SSH to your server and type the following commands

  1. root@cPanel [~]# openssl s_client -ssl2 -connect localhost:2096
  2. root@cPanel [~]# openssl s_client -ssl2 -connect localhost:2083
  3. root@cPanel [~]# openssl s_client -ssl2 -connect localhost:2087
  4. root@cPanel [~]# openssl s_client -ssl2 -connect localhost:2086

If everything is fine you should receive something like this,

  1. root@cPanel [~]# openssl s_client -ssl2 -connect localhost:2096
  2. CONNECTED(00000003)
  3. write:errno=104
Nick
Aug 8th, 2008

Cisco VPN Client for Linux

Here is the steps to install the Cisco VPN client application on linux based servers. We have found several customers use their cisco router to manage their VPN Network, therefore by following this simple steps you should be able to install and configure your linux server as a VPN client.

- Download vpnclient-linux-4.8.00.0490-k9.tar.gz from ServerBuddies file server:

  1. cd /usr/local/src
  2. wget http://www.serverbuddies.com/files/vpnclient-linux-4.8.00.0490-k9.tar.gz

- Uncompress the application:

  1. tar xzf vpnclient-linux-4.8.00.0490-k9.tar.gz

You will see a new folder created called “vpnclient” ‘cd’ into it and run the installation script

  1. cd vpnclient
  2. ./vpn_install

Answer the following questions:

Directory where binaries will be installed?
[/usr/local/bin]

Automatically start the VPN service at boot time?
[yes]

Directory containing linux kernel source code?
You will need to search where your kernel source code is, 90% of the cases will be on /lib/modules/`uname -r`
For this example we will use:

/lib/modules/2.6.9-67.0.22.EL/source

####
If you cant find your kernel source files, it’s probably you dont have it, you will need to download the kernel-devel package:

  1. yum install kernel-devel

Note: Double check you are downloading the right kernel version that you currently use by typing:

  1. uname -r

####

To Start you vpnclient type:

  1. /etc/init.d/vpnclient_init start

Keep in mind that Cisco VPN profiles are both compatible in Linux or Windows so if you have already a Windows myprofile.pcf cisco vpn client profile you can move it to /etc/opt/cisco-vpnclient/Profiles/myprofile.cf for use it on your linux server later.

To start the VPN connection using your current profile just type:

  1. vpnclient connect myprofile

This cisco vpnclient version should be able to run on latest kernel version, but if you run into problems installing your Cisco VPN Client feel free to contact our Tech Support Staff.

* ServerBuddies Team.

« Prev - Next »