Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Starburst

Pages: [1] 2 3 ... 7
1
Mod_Security / OWASP CRS v4.16.0 Released on 2025-06-29
« on: July 01, 2025, 02:09:06 PM »
Just a quick FYI.

OWASP CRS released a new ruleset (4.16.0) on 2025-06-29

2
PHP / PHP Warning: PHP Startup: Unable to load dynamic library 'intl'
« on: June 28, 2025, 11:40:09 PM »
You know it's usually bad when I ask a question.

Getting the error:
Quote
PHP Warning:  PHP Startup: Unable to load dynamic library 'intl' (tried: /usr/local/cwp/php71/lib/php/extensions/no-debug-non-zts-20190902/intl (/usr/local/cwp/php71/lib/php/extensions/no-debug-non-zts-20190902/intl: cannot open shared object file: No such file or directory), /usr/local/cwp/php71/lib/php/extensions/no-debug-non-zts-20190902/intl.so (/usr/local/cwp/php71/lib/php/extensions/no-debug-non-zts-20190902/intl.so: cannot open shared object file: No such file or directory)) in Unknown on line 0

Intl is now built-in to PHP, tried building PHP even without the extension, and am still getting the error, which is weird.

Anyone have any thoughts?

@cyberspace

3
Other / RBL's down
« on: June 24, 2025, 01:06:16 AM »
As of 2025-06-24 0105Z there are 55 RBLs Offline, including some major players like barracudacentral.org.

4
Installation / AL10 Install Problem
« on: May 28, 2025, 06:55:16 PM »
Trying to install on AL10, and get:

Quote
Error:
 Problem: conflicting requests
  - nothing provides libcrypto.so.1.1()(64bit) needed by cwpsrv-1.24.0-1.x86_64 from cwp
  - nothing provides libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) needed by cwpsrv-1.24.0-1.x86_64 from cwp
  - nothing provides libssl.so.1.1()(64bit) needed by cwpsrv-1.24.0-1.x86_64 from cwp
  - nothing provides libssl.so.1.1(OPENSSL_1_1_0)(64bit) needed by cwpsrv-1.24.0-1.x86_64 from cwp
  - nothing provides libssl.so.1.1(OPENSSL_1_1_1)(64bit) needed by cwpsrv-1.24.0-1.x86_64 from cwp
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

Can get cwp-php installed by using
Code: [Select]
dnf install cwp-php-7.2.34-1 --nobest
I know, AL10 just released on 2025-05-28. And isn't a supported OS.

5
Information / Well, it's happened... RHEL 10 has been released...
« on: May 14, 2025, 06:50:53 PM »
Red Hat has released RHEL 10...

AlmaLinux is said to have a release for AlmaLinux 10 in the next week or so...

EPEL has had 10 support for awhile.

Hopefully CWP adds a new group for Problems on 10.  :-\

6
CentOS-WebPanel Bugs / Text editor in File Manager
« on: May 13, 2025, 03:15:58 PM »
Just had a script troubleshot, and it turned out CRLF line terminators where being added to the end and causing the script to error and not run.

The editor in File Manager (fileManager_v2) automatically adds CRLF line terminators

7
CSF Firewall / Possible fix to why CSF/LFD isn't installing.
« on: April 18, 2025, 12:45:19 AM »
These are the first steps we do with AL9 servers, should work on AL8, but not guaranteed, as I mentioned this is AL9.

Code: [Select]
dnf update ca-certificates
Code: [Select]
dnf install dnf-plugins-core
Code: [Select]
dnf install elrepo-release epel-release -y
Code: [Select]
dnf config-manager --set-enabled crbThat is the new Power Tools for EL9.

Code: [Select]
dnf --refresh update
Code: [Select]
dnf install nano wget ipset ebtables iptables ipset-service uuid uuid-devel libuuid-devel m4 pcre pcre-devel zlib-devel perl-DBD-MySQL perl-IPC-Cmd perl-Pod-Html perl-Sys-Hostname perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph libtool s-nail htop sysstat python3-perf nmap net-tools make quota cockpit* -y
Code: [Select]
dnf install clamav* clamd
Then proceed to install CWP per their instructions.

8
CentOS 9 Problems / Logrotate not triggering
« on: April 17, 2025, 08:57:19 PM »
AlmaLinux 9.5
CWP 0.9.8.1201

Config is located at: /etc/logrotate.d/httpd
Quote
/usr/local/apache/domlogs/*.log {
    missingok
    notifempty
    sharedscripts
    daily
    rotate 7
    postrotate
        /bin/systemctl reload httpd.service > /var/log/httpd-rotate.log 2>&1 || true
    endscript
    compress
}

But is not getting triggered automatically each night.
Trigger's manually without error.

When you check:
Code: [Select]
systemctl status logrotate
Quote
logrotate[811675]: error: failed to rename /usr/local/apache/domlogs/domain.com.log to /usr/local/apache/domlogs/domain.com.log-20250417: Read-only file
Only problem, is that file doesn't exit. Let alone be read only.

The other quirk is when you manually run it, it doesn't assign the date, just log.1.gz, log.2.gz, etc.

9
Mod_Security / OWASP CRS 4.13.0 Just Release
« on: March 31, 2025, 04:44:56 PM »
FYI - The OWASP CRS ruleset 4.13.0 was just released about an hour ago.

https://github.com/coreruleset/coreruleset/releases/tag/v4.13.0

10
CSF Firewall / Perl Reporting Script from LFD to Spamhaus
« on: March 27, 2025, 07:39:11 PM »
We created a perl script if you want to automatically report firewall hits to Spamhaus via LFD.

https://starburst.help/security/csf-lfd/perl-reporting-script-from-lfd-to-spamhaus/

There is also a updated perl script for AbuseIPDB available.

11
Other / ELRepo throwing GPG Key error when trying to update
« on: January 14, 2025, 11:36:50 PM »
If you get the error
Quote
GPG key at file:///etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org (0xBAADAE52) is already installed
The GPG keys listed for the "ELRepo.org Community Enterprise Linux Kernel Repository - el9" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: kernel-lt-6.1.124-1.el9.elrepo.x86_64

when trying to update from elrepo, run the following, and it will import the correct key to get rid of the error.

Code: [Select]
rpm --import https://www.elrepo.org/RPM-GPG-KEY-v2-elrepo.org

12
Other / FYI - Linux Malware Detect failing on AlmaLinux 8/9
« on: December 26, 2024, 08:48:29 AM »
So, just saw an issue if you are running Linux Malware Detect (aka Security Maldet Scan in the CWP Security tab).

The scanner shows installed and running OK, but it is not.

From the CLI, if you run:
Code: [Select]
systemctl status maldet
You will see it failed.
It is missing 2 needed dependencies installed - ed & inotify-tools.

To install these run:
Code: [Select]
dnf install ed inotify-tools
Then:
Code: [Select]
systemctl restart maldet
And now to make sure everything is OK, and running:
Code: [Select]
systemctl status maldet

13
PHP Selector / Selecting PHP 8.3.x with ionCube
« on: December 24, 2024, 08:14:41 AM »
The new ionCube loaders support PHP 8.3, but when I compile PHP using the CWP selector, after it's finished I get:

Quote
Cannot load the ionCube PHP Loader - it was built with configuration API420220829,NTS, whereas running engine is API420230831,NTS
PHP 8.3.15 (cli) (built: Dec 24 2024 08:04:25) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.3.15, Copyright (c) Zend Technologies

Anyone have any suggestions?

14
Apache / Stop Apache from opening file
« on: December 18, 2024, 04:03:07 PM »
Anyone know how to stop Apache from opening a text file that has no extension.

e.g. TIME, PublicKey, etc. - Basically anything without an extension.

Ref. https://mariadb.gb.ssimn.org/

Need those files to download, instead of open.

15
OK, there have been allot of threads about this, but can't find the answer.

Yes, even I get stuck.

Trying to migrate AL8 CWP to AL9 CWP and won't connect.
Firewall is OK, and I can manually SSH in to old server from the new one with root & password.

The secure log on the old server shows trying the migration tools:
Quote
Dec 17 06:33:05 x sshd[41722]: Accepted password for root from x.x.x. port 55614 ssh2
Dec 17 06:33:05 x sshd[41722]: pam_unix(sshd:session): session opened for user root by (uid=0)
Dec 17 06:33:05 x sshd[41726]: Received disconnect from x.x.x.x port 55614:11: disconnected by user
Dec 17 06:33:05 x sshd[41726]: Disconnected from user root x.x.x.x port 55614
Dec 17 06:33:05 x sshd[41722]: pam_unix(sshd:session): session closed for user root
Dec 17 06:33:05 x sshd[41744]: Failed password for root from x.x.x.x port 58808 ssh2
Dec 17 06:33:05 x sshd[41744]: Failed password for root from x.x.x.x port 58808 ssh2
Dec 17 06:33:05 x sshd[41744]: Connection closed by authenticating user root x.x.x.x port 58808 [preauth]

Who & what got this working?
@overseer?

Pages: [1] 2 3 ... 7