Topics

1

Information / Well, it's happened... RHEL 10 has been released...

« on: May 14, 2025, 06:50:53 PM »

Red Hat has released RHEL 10...

AlmaLinux is said to have a release for AlmaLinux 10 in the next week or so...

EPEL has had 10 support for awhile.

Hopefully CWP adds a new group for Problems on 10. 

2

CentOS-WebPanel Bugs / Text editor in File Manager

« on: May 13, 2025, 03:15:58 PM »

Just had a script troubleshot, and it turned out CRLF line terminators where being added to the end and causing the script to error and not run.

The editor in File Manager (fileManager_v2) automatically adds CRLF line terminators

3

CSF Firewall / Possible fix to why CSF/LFD isn't installing.

« on: April 18, 2025, 12:45:19 AM »

These are the first steps we do with AL9 servers, should work on AL8, but not guaranteed, as I mentioned this is AL9.

Code: [Select]

dnf update ca-certificates

Code: [Select]

dnf install dnf-plugins-core

Code: [Select]

dnf install elrepo-release epel-release -y

Code: [Select]

dnf config-manager --set-enabled crbThat is the new Power Tools for EL9.

Code: [Select]

dnf --refresh update

Code: [Select]

dnf install nano wget ipset ebtables iptables ipset-service uuid uuid-devel libuuid-devel m4 pcre pcre-devel zlib-devel perl-DBD-MySQL perl-IPC-Cmd perl-Pod-Html perl-Sys-Hostname perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph libtool s-nail htop sysstat python3-perf nmap net-tools make quota cockpit* -y

Code: [Select]

dnf install clamav* clamd
Then proceed to install CWP per their instructions.

4

CentOS 9 Problems / Logrotate not triggering

« on: April 17, 2025, 08:57:19 PM »

AlmaLinux 9.5
CWP 0.9.8.1201

Config is located at: /etc/logrotate.d/httpd

/usr/local/apache/domlogs/*.log {
    missingok
    notifempty
    sharedscripts
    daily
    rotate 7
    postrotate
        /bin/systemctl reload httpd.service > /var/log/httpd-rotate.log 2>&1 || true
    endscript
    compress
}

But is not getting triggered automatically each night.
Trigger's manually without error.

When you check:

Code: [Select]

systemctl status logrotate

logrotate[811675]: error: failed to rename /usr/local/apache/domlogs/domain.com.log to /usr/local/apache/domlogs/domain.com.log-20250417: Read-only file

Only problem, is that file doesn't exit. Let alone be read only.

The other quirk is when you manually run it, it doesn't assign the date, just log.1.gz, log.2.gz, etc.

5

Mod_Security / OWASP CRS 4.13.0 Just Release

« on: March 31, 2025, 04:44:56 PM »

FYI - The OWASP CRS ruleset 4.13.0 was just released about an hour ago.

https://github.com/coreruleset/coreruleset/releases/tag/v4.13.0

6

CSF Firewall / Perl Reporting Script from LFD to Spamhaus

« on: March 27, 2025, 07:39:11 PM »

We created a perl script if you want to automatically report firewall hits to Spamhaus via LFD.

https://starburst.help/security/csf-lfd/perl-reporting-script-from-lfd-to-spamhaus/

There is also a updated perl script for AbuseIPDB available.

7

Other / ELRepo throwing GPG Key error when trying to update

« on: January 14, 2025, 11:36:50 PM »

If you get the error

GPG key at file:///etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org (0xBAADAE52) is already installed
The GPG keys listed for the "ELRepo.org Community Enterprise Linux Kernel Repository - el9" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: kernel-lt-6.1.124-1.el9.elrepo.x86_64

when trying to update from elrepo, run the following, and it will import the correct key to get rid of the error.

Code: [Select]

rpm --import https://www.elrepo.org/RPM-GPG-KEY-v2-elrepo.org

8

Other / FYI - Linux Malware Detect failing on AlmaLinux 8/9

« on: December 26, 2024, 08:48:29 AM »

So, just saw an issue if you are running Linux Malware Detect (aka Security Maldet Scan in the CWP Security tab).

The scanner shows installed and running OK, but it is not.

From the CLI, if you run:

Code: [Select]

systemctl status maldet
You will see it failed.
It is missing 2 needed dependencies installed - ed & inotify-tools.

To install these run:

Code: [Select]

dnf install ed inotify-tools
Then:

Code: [Select]

systemctl restart maldet
And now to make sure everything is OK, and running:

Code: [Select]

systemctl status maldet

9

PHP Selector / Selecting PHP 8.3.x with ionCube

« on: December 24, 2024, 08:14:41 AM »

The new ionCube loaders support PHP 8.3, but when I compile PHP using the CWP selector, after it's finished I get:

Cannot load the ionCube PHP Loader - it was built with configuration API420220829,NTS, whereas running engine is API420230831,NTS
PHP 8.3.15 (cli) (built: Dec 24 2024 08:04:25) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.3.15, Copyright (c) Zend Technologies

Anyone have any suggestions?

10

Apache / Stop Apache from opening file

« on: December 18, 2024, 04:03:07 PM »

Anyone know how to stop Apache from opening a text file that has no extension.

e.g. TIME, PublicKey, etc. - Basically anything without an extension.

Ref. https://mariadb.gb.ssimn.org/

Need those files to download, instead of open.

11

Migration from other control panels / AlmaLinux 8 CWP -> AlmaLinux 9 CWP Migration

« on: December 17, 2024, 06:40:12 AM »

OK, there have been allot of threads about this, but can't find the answer.

Yes, even I get stuck.

Trying to migrate AL8 CWP to AL9 CWP and won't connect.
Firewall is OK, and I can manually SSH in to old server from the new one with root & password.

The secure log on the old server shows trying the migration tools:

Dec 17 06:33:05 x sshd[41722]: Accepted password for root from x.x.x. port 55614 ssh2
Dec 17 06:33:05 x sshd[41722]: pam_unix(sshd:session): session opened for user root by (uid=0)
Dec 17 06:33:05 x sshd[41726]: Received disconnect from x.x.x.x port 55614:11: disconnected by user
Dec 17 06:33:05 x sshd[41726]: Disconnected from user root x.x.x.x port 55614
Dec 17 06:33:05 x sshd[41722]: pam_unix(sshd:session): session closed for user root
Dec 17 06:33:05 x sshd[41744]: Failed password for root from x.x.x.x port 58808 ssh2
Dec 17 06:33:05 x sshd[41744]: Failed password for root from x.x.x.x port 58808 ssh2
Dec 17 06:33:05 x sshd[41744]: Connection closed by authenticating user root x.x.x.x port 58808 [preauth]

Who & what got this working?
@overseer?

12

PHP / Anti-Change Log

« on: November 10, 2024, 06:50:45 PM »

I know CWP is probably still busy with tweaking CWP for AL9, but again, PHP came out with 8.2.25 and 8.3.13 on 2024-10-24 (a little over 2 weeks ago), but no update as of yet for CWP.

We've noticed another uptick in PHP attacks.

I know you can manually compile PHP, to do in mass is time consuming, but at this point might be an option.

13

Other / Yuppers... AlmaLinux release an alpha build of AlmaLinux 10...

« on: October 23, 2024, 10:06:21 PM »

See https://wiki.almalinux.org/release-notes/kitten-10.html

Will be interesting to see if the 9.x line continues or switches over...

Guess I'll be banging my head on my desk, more than normal sometime this week or weekend.

14

Mod_Security / Switch from Comodo rules to OWASP latest, now not receiving notifications

« on: October 21, 2024, 08:06:05 PM »

Switched a server from Comodo to OWASP latest (4.7.0), since it seems like the company who bought Comodo and the WAF ruleset has killed it.
Keep getting an error when trying to login, and from posts I'm not the only one.

Problem that has come up is LFD isn't sending the notifications from ModSecurity after the switch.
ModSecurity is still doing it's job, and is working.

@overseer, have you run into this problem?

Thanks all.

15

MySQL / Message after upgrading to MariaDB 11.4.x LTS

« on: September 29, 2024, 02:30:00 AM »

After the upgrade to 11.4.x, ran:

Code: [Select]

mysql -V
And got:

mysql: Deprecated program name. It will be removed in a future release, use '/usr/bin/mariadb' instead
mysql from 11.4.3-MariaDB, client 15.2 for Linux (x86_64) using  EditLine wrapper

Looks like MariaDB is finally stopping calls to it using mysql.

How is CWP going to handle this?