ServerBuddies Support Blog

SELinux Policy for Your Parallels Plesk Panel Server

To configure SELinux you need to know the rules that should be added into the system policy.

SELinux reports all denied messages into the /var/log/audit/audit.log file and these messages can be easily converted into the rules using the /usr/bin/audit2allow utility.

Also, /var/log/messages.* files can be examined for the SELinux deny messages.

Configuring Firewall Pleask firewall ports

Make sure these ports are opened for all Parallels Plesk Panel services to work with a firewall:

* 20 for ftp-data;
* 21 for ftp;
* 22 for ssh;
* 25 for smtp;
* 53 for dns (TCP and UDP);
* 80 for http (web server and Parallels Plesk Panel updater);
* 106 for poppassd (for localhost only);
* 110 for pop3;
* 113 for auth;
* 143 for imap;
* 443 for https;
* 465 for smtps;
* 587 for mail message submission;
* 990 for ftps;
* 993 for imaps;
* 995 for pop3s;
* 3306 for mysql;
* 5224 for (outgoing connections only) plesk-license-update;
* 5432 for postgres;
* 8443 for plesk-https;
* 8880 for plesk-http;
* 9080 for tomcat;
* 5224 for license updates.

Nessus full-service security scanner

nessus - Remote network security auditor, the client

Nessus is a full-service security scanner. The plug-in architecture of Nessus allows users to customize it for their systems and networks. As with any scanner, Nessus is only as good as the signature database it relies upon. Fortunately, Nessus is frequently updated and features full reporting, host scanning, and real-time vulnerability searches. Remember that there could be false positives and false negatives, even in a tool as powerful and as frequently updated as Nessus.

For more information about Nessus, refer to the official website at the following URL: http://www.nessus.org/

Prerequisites

Tenable recommends a minimum of 256MB of memory to operate Nessus on a local “Class C” network. To conduct larger scans of multiple networks, at least 1 GB of memory is recommended, but it can require up to 4 GB

Installation on Red Hat and SUSE

Download the latest version of Nessus from http://www.nessus.org/download/.

Nessus is available for Red Hat ES 3, ES 4, and Fedora Core 4, and SUSE 9.3 and 10.0. Unless otherwise noted, all commands should be performed as the system’s root user.

Then, install it with the following command depending on your version:

This will install Nessus into the directory /opt/nessus/.

Below is an example of the screen output for installation on Red Hat ES3:

Please run /opt/nessus/sbin/nessus-adduser to add an admin user

Register your Nessus scanner at http://www.nessus.org/register/ to obtain
all the newest plugins

To allow anonymous users to upload, it is recommended that a write-only directory be created within /var/ftp/pub/.

To do this, type:

Next change the permissions so that anonymous users cannot see what is within the directory by typing:

A long format listing of the directory should look like this:

Additionally, under vsftpd, add the following line to the /etc/vsftpd/vsftpd.conf file:

Because FTP passes unencrypted usernames and passwords over insecure networks for authentication, it is a good idea to deny system users access to the server from their user accounts.

To disable user accounts in vsftpd, add the following directive to /etc/vsftpd/vsftpd.conf:

Update awstats in Plesk Manually

To update stats manually for a domain, you can run the following command. Replace the “domain.com” with the domain name.

To generate stats for all the domains in the server, use the following command.

If you receive any error, please make sure that the binaries are present in the path specified in the configuration file ‘/etc/psa/psa.conf’

will return the path

Make sure that the following files are present in the correct location.