Archive for the tag 'Parallels'

Parallels Plesk Panel Server backup repository

Server backup repository location.

As of Parallels Plesk Panel version 9.0, the structure and location of the server backup repository have both changed.
The root backup directory is now stored in the file /etc/psa/psa.conf, while it is still set by the variable DUMP_D as before:

Backups directory

DUMP_D /var/lib/psa/dumps

Server backups, backups of resellers, clients, domains, and daily MySQL dumps are now stored in this directory.

How to verify Apache web server status - Parallels Plesk Panel for Linux/Unix.

The name of Apache 2 binary on Debian and SuSE OSes is “apache2,” not “httpd” as it is on Red Hat-based Linux distributions or FreeBSD.

# ps ax | grep httpd | grep -v grep

If not, try to start Apache from Plesk CP or via command line. If you get an error, check /var/log/httpd/error_log (/var/log/apache2/error_log on SuSE and Debian, /usr/local/psa/apache/logs/error_log on FreeBSD)

Make sure that Apache is listening on the both HTTP and HTTPS ports (80/443) on all needed IP addresses:

# netstat -l | grep http
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:https *:* LISTEN

Important Parallels Plesk Panel Critical Vulnerability MicroUpdates

Parallels has released new set of Critical MicroUpdates for certain versions of Plesk Panel 10.4 or earlier to address functional fixes, stability, and security – including third-party components.

Impact
These MicroUpdates are not needed for Parallels Plesk Panel 11. Updating prior versions to Parallels Plesk Panel 11 eliminates the need to apply this set of Critical MicroUpdates. Parallels Plesk Panel 11 can be downloaded from: http://www.parallels.com/download/plesk.

These Critical MicroUpdates are available for Windows and Linux for the following versions of Parallels Plesk Panel:

10.4.x
10.3.x
10.2.x
10.1.x
10.0.x
9.5.x
9.3.x
9.2.x
9.0.x
8.6.x
8.4.x
8.2.x

Independent of this update Parallels has become aware of unsubstantiated claims of a new Security Vulnerability in Parallels Plesk Panel version 10.4 and earlier (http://kb.parallels.com/en/114330). After extensive investigation, Parallels has traced all reported issues back to the vulnerability already reported and closed with the February 2012 security advisory http://kb.parallels.com/113321. This vulnerability has had patches and remediation steps available since February 2012.

Call to Action and Best Practices

By applying this new MicroUpdate, all previous MicroUpdates will also be applied (including those discussed in the most recent advisory: http://kb.parallels.com/113321).

Independent of this update Parallels has become aware of unsubstantiated claims of a new Security Vulnerability in Parallels Plesk Panel version 10.4 and earlier (http://kb.parallels.com/en/114330). After extensive investigation, Parallels has traced all reported issues back to the vulnerability already reported and closed with the February 2012 security advisory http://kb.parallels.com/113321. This vulnerability has had patches and remediation steps available since February 2012.

Parallels takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.

Important Note: Your updated Parallels Plesk Panel installation will only be secureif your underlying server infrastructure is correctly maintained and patched. Please ensure that all your server components including operating systems and databases are correctly patched and up-to-date.

Remove any active sessions using:

# php -d open_basedir= -d safe_mode=0 plesk_password_changer.php `cat /etc/psa/.psa.shadow` –clean-up-sessions

Review published web content for integrity, removing any malicious scripts:

# grep -ilr ‘km0ae9gr6m’ /var/www/vhosts/ | while read arq; do echo $arq; echo $arq >> /root/infected.txt; sed -ni ‘1h;1!H;${x;s/km0ae9gr6m.*qhk6sa6g1c/virus removed/;p}’ $arq; done;

Should you require further support to patch/upgrade your Parallels Plesk Panel or solve this issue, please submit a Full Security Audit plan: http://www.serverbuddies.com/full-server-security-audit.php

Customizing Service Links

This chapter describes how to customize items of the Panel graphical user interface which let your customers do the following:

* Register domain names.
* Purchase SSL certificates.
* Access you website providing the mentioned or other services.

These items are customized using the interface_template command line utility.
The utility is located in /usr/local/psa/bin directory on Linux systems.

Commands to mirrors EZ templates for Parallels Virtuozzo containers

This command mirrors EZ templates for Parallels Virtuozzo containers for RPM-based repositories.

# rsync -au –delete rsync://rsync.autoinstall.plesk.com/autoinstall/PSA10/ destination_directory/PSA10

These commands create links that the installer uses to install EZ templates on DEB-based OSes.

If you plan not to mirror EZ templates or you serve RPM-based OSes, omit this step.

# cd destination_directory/debian; ln -s PSA_10.0.0 PSA10

# cd destination_directory/ubuntu; ln -s PSA_10.0.0 PSA10

Next »