Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Dangerousdave26

Pages: [1]
1
DNS / Re: Permission problem when restarting BIND DNS Server
« on: July 26, 2024, 11:45:27 AM »
Thank you I have no idea how that happened.

Migration burp?

Had I looked that would have stuck out like a sore thumb. I just never thought that could have been an issue.

2
DNS / Re: Permission problem when restarting BIND DNS Server
« on: July 26, 2024, 02:03:58 AM »
File permissions

Quote
ls -l /etc/named*
-rw-r----- 1 root named 2754 Jul 25 18:21 /etc/named.conf
-rw-r----- 1 root named 1029 May 23 06:35 /etc/named.rfc1912.zones
-rw-r--r-- 1 root named 1070 May 23 06:35 /etc/named.root.key

Quote
[root@hostnames etc]# ls -l /var/named/*
-rw-r--r-- 1 root  root  1296 Jul 25 17:30 /var/named/myurl4here.org.db
-rw-r--r-- 1 root  root  1296 Jul 25 17:30 /var/named/hostnames.myurl4here.org
-rw-r----- 1 root  named 2112 May 23 06:35 /var/named/named.ca
-rw-r----- 1 root  named  152 May 23 06:35 /var/named/named.empty
-rw-r----- 1 root  named  152 May 23 06:35 /var/named/named.localhost
-rw-r----- 1 root  named  168 May 23 06:35 /var/named/named.loopback
-rw-r--r-- 1 root  root   530 Jul 25 17:30 /var/named/ns1.myurl4here.org.db
-rw-r--r-- 1 root  root   530 Jul 25 17:30 /var/named/ns2.myurl4here.org.db
-rw-r--r-- 1 root  root  1065 May 23 07:03 /var/named/myotherurl.org.db

/var/named/data:
total 708
-rw-r--r-- 1 named named 272120 Jul 25 14:12 named.run
-rw-r--r-- 1 named named 208430 Jun 30 03:10 named.run-20240630
-rw-r--r-- 1 named named  41028 Jul  7 03:48 named.run-20240707
-rw-r--r-- 1 named named 127862 Jul 14 03:19 named.run-20240714
-rw-r--r-- 1 named named  47067 Jul 21 03:29 named.run-20240721

/var/named/dynamic:
total 8
-rw-r--r-- 1 named named  821 Jul 25 03:30 managed-keys.bind
-rw-r--r-- 1 named named 1180 Jul 25 11:17 managed-keys.bind.jnl

/var/named/slaves:
total 0

/var/named/tmp:
total 0


3
DNS / Re: Permission problem when restarting BIND DNS Server
« on: July 26, 2024, 01:57:31 AM »
If I run status here is the response

Quote
[root@hostnames etc]# systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2024-07-25 18:48:28 PDT; 22s ago
  Process: 29276 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=1/FAILURE)
  Process: 29273 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo>

Jul 25 18:48:28 myurl4here.org named[29277]: using 15 UDP listeners per interface
Jul 25 18:48:28 myurl4here.org named[29277]: using up to 21000 sockets
Jul 25 18:48:28 myurl4here.org named[29277]: loading configuration from '/etc/named.conf'
Jul 25 18:48:28 myurl4here.org named[29277]: /etc/named.conf:13: change directory to '/var/named' failed: permission denied
Jul 25 18:48:28 myurl4here.org named[29277]: /etc/named.conf:13: parsing failed: permission denied
Jul 25 18:48:28 myurl4here.org named[29277]: loading configuration: permission denied
Jul 25 18:48:28 myurl4here.org named[29277]: exiting (due to fatal error)
Jul 25 18:48:28 myurl4here.org systemd[1]: named.service: Control process exited, code=exited status=1
Jul 25 18:48:28 myurl4here.org systemd[1]: named.service: Failed with result 'exit-code'.
Jul 25 18:48:28 myurl4here.org systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).

named-checkconfig doesn't see an error

Quote
[root@hostnames etc]# named-checkconf -z /etc/named.conf
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
zone ns1.myurl4here.org/IN: loaded serial 2013071600
zone ns2.myurl4here.org/IN: loaded serial 2013071600
zone hostnames.myurl4here.org/IN: loaded serial 2024042563
zone myurl4here.org /IN: loaded serial 2024052362
zone myotherurl.org/IN: loaded serial 2024052362

4
DNS / Permission problem when restarting BIND DNS Server
« on: July 25, 2024, 11:39:40 PM »
I have a server that is running with 5 accounts that were manually added. Today I had to add the last 2 accounts to it. For those accounts I used the cpanel to CWP migration method. The account imported fine but the dns records in one of them were botched. They referenced the old nameservers.

I used the rebuild zone button and that looked like it should have fixed the issue but the one zone still would not get an IP Address.

So I did the dumb thing and restarted BIND DNS Server from the Dashboard. It stopped it fine but when it tries to start it there is a permission issue.

I am not sure what I broke or how to fix it.

Quote
Jul 25 16:30:58 myurl4here.org named[9558]: loading configuration from '/etc/named.conf'
Jul 25 16:30:58 myurl4here.org named[9558]: /etc/named.conf:13: change directory to '/var/named' failed: permission denied
Jul 25 16:30:58 myurl4here.org named[9558]: /etc/named.conf:13: parsing failed: permission denied
Jul 25 16:30:58 myurl4here.org named[9558]: loading configuration: permission denied
Jul 25 16:30:58 myurl4here.org named[9558]: exiting (due to fatal error)
Jul 25 16:30:58 myurl4here.org systemd[1]: named.service: Control process exited, code=exited status=1
Jul 25 16:30:58 myurl4here.org systemd[1]: named.service: Failed with result 'exit-code'.


5
CSF Firewall / Re: Suspicious File Alert
« on: April 23, 2024, 06:28:10 PM »
In the end I just backed up the contents of the .root_0f8430_salt folder and then deleted it off the server.

I have yet to have anything complain about that action.

6
CSF Firewall / Re: Suspicious File Alert
« on: April 19, 2024, 11:39:26 AM »
Looks like everything related to these tmp files was written on April 5th. 4 days before I got the server.

This is the logs

Code: [Select]
2024-04-05 02:45:24,425 [salt.loaded.int.module.pkg_resource:133 ][WARNING ][2158] 'version' argument will be ignored for multipl$
2024-04-05 02:45:27,521 [salt.loaded.int.module.pkg_resource:133 ][WARNING ][2158] 'version' argument will be ignored for multipl$


Code: [Select]
root         133  0.0  0.0      0     0 ?        I<   Apr10   0:00 [crypto]

7
CSF Firewall / Re: Suspicious File Alert
« on: April 19, 2024, 11:17:44 AM »
2 process that might have created the file. Both appear to be related to my host. I even opened a ticket with them to ask about this file alert and they said it was not theirs.

Code: [Select]
root        1357  0.0  0.0 346844 30000 ?        Ss   Apr10   0:00 /opt/saltstack/salt/bin/python3.10 /usr/bin/salt-minion -c /opt/imh-salt/ --pid-file=/var/run/inmotion-minion.pid
root        1826  0.0  0.0 969960 71564 ?        Sl   Apr10   6:50 /opt/saltstack/salt/bin/python3.10 /usr/bin/salt-minion -c /opt/imh-salt/ --pid-file=/var/run/inmotion-minion.pid MultiMinionProcessMa

8
CSF Firewall / Re: Suspicious File Alert
« on: April 18, 2024, 06:51:30 PM »
Just PHP no pyton

9
CSF Firewall / Suspicious File Alert
« on: April 18, 2024, 03:32:40 PM »
I setup a new server last week and since I got the DNS to resolve correct (allowing it to send emails) I keep getting these 2 messages.

Note that I do not have this issue with my other install of CWP.

Time:   Thu Apr 18 08:05:23 2024 -0700
File:   /var/tmp/.root_0f8430_salt/pyall/certifi/core.py
Reason: Script, file extension
Owner:  root:root (0:0)
Action: No action taken

Time:   Thu Apr 18 08:05:23 2024 -0700
File:   /var/tmp/.root_0f8430_salt/pyall/salt/grains/core.py
Reason: Script, file extension
Owner:  root:root (0:0)
Action: No action taken

I scanned that directory with CalmAV and it found nothing.

Here is the file structure of the .root_0f8430_salt directory.

[root@ .root_0f8430_salt]# ls -l
total 52
-rw-r--r-- 1 root root   65 Apr  5 02:45 code-checksum
-rw-r--r-- 1 salt salt   40 Apr  1 20:23 ext_version
-rw-r--r-- 1 root root   13 Apr  5 02:45 grains
-rw-r--r-- 1 root root  158 Apr  5 02:45 minion
drwx------ 9 root root 4096 Apr  5 02:45 py3
drwx------ 6 root root 4096 Apr  5 02:45 pyall
drwx------ 3 root root 4096 Apr  5 02:45 running_data
-rw-r--r-- 1 root root  757 Apr  5 02:45 salt-call
-rw------- 1 root root 8629 Apr  5 02:45 salt_state.tgz
-rw-r--r-- 1 root root    8 Apr  5 02:45 supported-versions
-rw-r--r-- 1 root root    6 Apr  5 02:45 version
[root@ .root_0f8430_salt]#

Pages: [1]