Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
CentOS 9 Problems / systemd-analyze security returns a list of exposed and unsafe services
« on: September 30, 2024, 03:12:26 AM »
Hello
On relatively fresh install of Almalinux 9 with CWP PRO
I ran this command
systemd-analyze security
and got the following list of services, many are marked as "usafe" and "exposed":
UNIT EXPOSURE PREDICATE HAPPY
NetworkManager.service 7.8 EXPOSED 🙁
amavisd.service 6.9 MEDIUM 😐
atd.service 9.6 UNSAFE 😨
auditd.service 8.9 EXPOSED 🙁
cbpolicyd.service 9.6 UNSAFE 😨
chronyd.service 3.9 OK 🙂
clamav-freshclam.service 9.6 UNSAFE 😨
clamd.service 9.6 UNSAFE 😨
crond.service 9.6 UNSAFE 😨
cwp-phpfpm.service 9.6 UNSAFE 😨
cwpsrv-phpfpm.service 9.6 UNSAFE 😨
cwpsrv.service 9.2 UNSAFE 😨
dbus-broker.service 8.7 EXPOSED 🙁
dovecot.service 8.5 EXPOSED 🙁
emergency.service 9.5 UNSAFE 😨
getty@tty1.service 9.6 UNSAFE 😨
httpd.service 9.6 UNSAFE 😨
irqbalance.service 8.9 EXPOSED 🙁
lfd.service 9.6 UNSAFE 😨
low-memory-monitor.service 6.3 MEDIUM 😐
maldet.service 9.6 UNSAFE 😨
mariadb.service 8.8 EXPOSED 🙁
mlocate-updatedb.service 8.1 EXPOSED 🙁
monit.service 9.6 UNSAFE 😨
named.service 9.2 UNSAFE 😨
nginx.service 9.6 UNSAFE 😨
opendkim.service 9.2 UNSAFE 😨
php-fpm74.service 6.5 MEDIUM 😐
php-fpm80.service 6.5 MEDIUM 😐
php-fpm80.service 6.5 MEDIUM 😐
php-fpm81.service 6.5 MEDIUM 😐
php-fpm82.service 6.5 MEDIUM 😐
php-fpm83.service 6.5 MEDIUM 😐
postfix.service 7.9 EXPOSED 🙁
pure-ftpd.service 9.6 UNSAFE 😨
rc-local.service 9.6 UNSAFE 😨
rescue.service 9.5 UNSAFE 😨
rsyslog.service 5.8 MEDIUM 😐
rtkit-daemon.service 7.1 MEDIUM 😐
sa-update.service 9.6 UNSAFE 😨
spamassassin.service 9.6 UNSAFE 😨
sshd.service 9.6 UNSAFE 😨
sssd-kcm.service 7.7 EXPOSED 🙁
sssd.service 8.3 EXPOSED 🙁
systemd-ask-password-console.service 9.4 UNSAFE 😨
systemd-ask-password-wall.service 9.4 UNSAFE 😨
systemd-initctl.service 9.4 UNSAFE 😨
systemd-journald.service 4.3 OK 🙂
systemd-logind.service 2.8 OK 🙂
systemd-rfkill.service 9.4 UNSAFE 😨
systemd-udevd.service 6.9 MEDIUM 😐
upower.service 2.4 OK 🙂
user@0.service 9.8 UNSAFE 😨
Not being expert I am wondering whether these are really serious problems or not and what can be done to fix the serious ones eventually.
What seems strange to me is that many of the services that are marked as unsafe are the very main services needed, e.g. nginx, lfd, postfix, cwpsrv-phpfpm.service.... and so on.
Does anyone know something about this?
Thank you in advance for info and hints.
On relatively fresh install of Almalinux 9 with CWP PRO
I ran this command
systemd-analyze security
and got the following list of services, many are marked as "usafe" and "exposed":
UNIT EXPOSURE PREDICATE HAPPY
NetworkManager.service 7.8 EXPOSED 🙁
amavisd.service 6.9 MEDIUM 😐
atd.service 9.6 UNSAFE 😨
auditd.service 8.9 EXPOSED 🙁
cbpolicyd.service 9.6 UNSAFE 😨
chronyd.service 3.9 OK 🙂
clamav-freshclam.service 9.6 UNSAFE 😨
clamd.service 9.6 UNSAFE 😨
crond.service 9.6 UNSAFE 😨
cwp-phpfpm.service 9.6 UNSAFE 😨
cwpsrv-phpfpm.service 9.6 UNSAFE 😨
cwpsrv.service 9.2 UNSAFE 😨
dbus-broker.service 8.7 EXPOSED 🙁
dovecot.service 8.5 EXPOSED 🙁
emergency.service 9.5 UNSAFE 😨
getty@tty1.service 9.6 UNSAFE 😨
httpd.service 9.6 UNSAFE 😨
irqbalance.service 8.9 EXPOSED 🙁
lfd.service 9.6 UNSAFE 😨
low-memory-monitor.service 6.3 MEDIUM 😐
maldet.service 9.6 UNSAFE 😨
mariadb.service 8.8 EXPOSED 🙁
mlocate-updatedb.service 8.1 EXPOSED 🙁
monit.service 9.6 UNSAFE 😨
named.service 9.2 UNSAFE 😨
nginx.service 9.6 UNSAFE 😨
opendkim.service 9.2 UNSAFE 😨
php-fpm74.service 6.5 MEDIUM 😐
php-fpm80.service 6.5 MEDIUM 😐
php-fpm80.service 6.5 MEDIUM 😐
php-fpm81.service 6.5 MEDIUM 😐
php-fpm82.service 6.5 MEDIUM 😐
php-fpm83.service 6.5 MEDIUM 😐
postfix.service 7.9 EXPOSED 🙁
pure-ftpd.service 9.6 UNSAFE 😨
rc-local.service 9.6 UNSAFE 😨
rescue.service 9.5 UNSAFE 😨
rsyslog.service 5.8 MEDIUM 😐
rtkit-daemon.service 7.1 MEDIUM 😐
sa-update.service 9.6 UNSAFE 😨
spamassassin.service 9.6 UNSAFE 😨
sshd.service 9.6 UNSAFE 😨
sssd-kcm.service 7.7 EXPOSED 🙁
sssd.service 8.3 EXPOSED 🙁
systemd-ask-password-console.service 9.4 UNSAFE 😨
systemd-ask-password-wall.service 9.4 UNSAFE 😨
systemd-initctl.service 9.4 UNSAFE 😨
systemd-journald.service 4.3 OK 🙂
systemd-logind.service 2.8 OK 🙂
systemd-rfkill.service 9.4 UNSAFE 😨
systemd-udevd.service 6.9 MEDIUM 😐
upower.service 2.4 OK 🙂
user@0.service 9.8 UNSAFE 😨
Not being expert I am wondering whether these are really serious problems or not and what can be done to fix the serious ones eventually.
What seems strange to me is that many of the services that are marked as unsafe are the very main services needed, e.g. nginx, lfd, postfix, cwpsrv-phpfpm.service.... and so on.
Does anyone know something about this?
Thank you in advance for info and hints.
2
CentOS 9 Problems / Monit do not have the PHP-FPM83 configuration file
« on: September 27, 2024, 01:28:07 PM »
Hello
I was checking what Monit does, I noticed that PHP83 is not monitored, so I thought I maybe missed to add the configuration file among the ones that have to be monitored, I went to the Monit manager and saw that PHP83 is not monitored just because the config file was not created, so was not added to the list.
I do not see a way to let cwp create new config files for Monit and I do not know how to manually do that.
What should I do to have PHP83 monitored too?
Ty in advance for any information and help
I was checking what Monit does, I noticed that PHP83 is not monitored, so I thought I maybe missed to add the configuration file among the ones that have to be monitored, I went to the Monit manager and saw that PHP83 is not monitored just because the config file was not created, so was not added to the list.
I do not see a way to let cwp create new config files for Monit and I do not know how to manually do that.
What should I do to have PHP83 monitored too?
Ty in advance for any information and help
3
E-Mail / End-toEnd Encryption of emails
« on: September 26, 2024, 04:32:24 PM »
Hello
In Thunderbird client I read the following in the accounts' config panel "End-to-End encryption":
"End-To-End Encryption
Without end-to-end encryption the contents of messages are easily exposed to your email provider and to mass surveillance,
To send encrypted or digitally signed messages, you need to configure an encryption technology, either OpenPGP or S/MIME.
Select your personal key to enable the use of OpenPGP, or your personal certificate to enable the use of S/MIME. For a
personal key or certificate you own the corresponding secret key."
I am really ignorant on this topic therefore sorry for the following maybe silly question...
In order to use the End-to-End encryption for emails, do I need to do anything/setup stuff in the server/mailserver/CWP?
Ty in advance for any info and help
In Thunderbird client I read the following in the accounts' config panel "End-to-End encryption":
"End-To-End Encryption
Without end-to-end encryption the contents of messages are easily exposed to your email provider and to mass surveillance,
To send encrypted or digitally signed messages, you need to configure an encryption technology, either OpenPGP or S/MIME.
Select your personal key to enable the use of OpenPGP, or your personal certificate to enable the use of S/MIME. For a
personal key or certificate you own the corresponding secret key."
I am really ignorant on this topic therefore sorry for the following maybe silly question...
In order to use the End-to-End encryption for emails, do I need to do anything/setup stuff in the server/mailserver/CWP?
Ty in advance for any info and help
4
CentOS-WebPanel Bugs / Latest CWP Almalinux 9 sept2024 fresh instal = amavis timeout + mariadb Vmem exc
« on: September 18, 2024, 04:51:22 PM »
Hello
I installed fresh almalinux 9 and CWP PRO according to the precise instructions given.
The server has 30Gb RAM, 8 CPU AMD EPYC 7282, AlmaLinux release 9.4 (Seafoam Ocelot) - Kernel Version: 5.14.0-427.35.1.el9_4.x86_64 - Platform: x86_64 kvm
Apache version: Apache/2.4.56
PHP version: 7.4.33 Forced PHP-FPM: 8.1
MySQL version: 10.5.22-MariaDB
FTP version: 1.0.51
Web Servers: nginx-varnish-apache
I settled all the basic about SSL, rDNS/PTR and other basic settings.
All seems to work fine so far.
I installed ClamAV, all went fine.
However, I tried to use "Postfix Mail Server Manager" in order to activate and use the following:
AntiSpam/AntiVirus (recommended): ClamAV, Amavis & Spamassassin, Requires 2Gb+ RAM
rDNS Check (recommended): Drop all emails if no rDNS/PTR
Install DKIM & SPF (recommended): Installs DKIM & SPF, enables DKIM for New Accounts and Domains
Install Policyd (recommended): Installs Policyd, enables hourly email limit per domain.
The result apparently was successful, but:
- AMaVis service do not start due to time limit, trying to restart it does give same error, after reboot also do not start
- OpenDKIM service started after activation, but after the reboot did not start, trying to restart it does work (apparently)
After activating those services I received various emails telling about these errors:
Account: mysql
Resource: Process Time
Exceeded: 7211 > 1800 (seconds)
Executable: /usr/libexec/mariadbd
Command Line: /usr/libexec/mariadbd --basedir=/usr
PID: 916 (Parent PID:916)
Killed: No
And this:
Account: mysql
Resource: Virtual Memory Size
Exceeded: 2092 > 512 (MB)
Executable: /usr/libexec/mariadbd
Command Line: /usr/libexec/mariadbd --basedir=/usr
PID: 1443 (Parent PID:1443)
Killed: No
and another one telling this:
Account: clamupdate
Resource: RSS Memory Size
Exceeded: 410 > 256 (MB)
Executable: /usr/bin/freshclam
Command Line: freshclam
PID: 40327 (Parent PID:40276)
Killed: No
I tried to search information/solutions to these issues and found only sparse information that I am not sure can work and do not seem exhaustive anyway.
To me seems that the "Postfix Mail Server Manager" automatic configurator is incomplete, would be nice if it would take care to add the correct variables in the proper configuration files to avoid getting those errors.
However, can anyone tell what should I fix in the configuration of the server in order to solve these issues?
Thank you in advance
I installed fresh almalinux 9 and CWP PRO according to the precise instructions given.
The server has 30Gb RAM, 8 CPU AMD EPYC 7282, AlmaLinux release 9.4 (Seafoam Ocelot) - Kernel Version: 5.14.0-427.35.1.el9_4.x86_64 - Platform: x86_64 kvm
Apache version: Apache/2.4.56
PHP version: 7.4.33 Forced PHP-FPM: 8.1
MySQL version: 10.5.22-MariaDB
FTP version: 1.0.51
Web Servers: nginx-varnish-apache
I settled all the basic about SSL, rDNS/PTR and other basic settings.
All seems to work fine so far.
I installed ClamAV, all went fine.
However, I tried to use "Postfix Mail Server Manager" in order to activate and use the following:
AntiSpam/AntiVirus (recommended): ClamAV, Amavis & Spamassassin, Requires 2Gb+ RAM
rDNS Check (recommended): Drop all emails if no rDNS/PTR
Install DKIM & SPF (recommended): Installs DKIM & SPF, enables DKIM for New Accounts and Domains
Install Policyd (recommended): Installs Policyd, enables hourly email limit per domain.
The result apparently was successful, but:
- AMaVis service do not start due to time limit, trying to restart it does give same error, after reboot also do not start
- OpenDKIM service started after activation, but after the reboot did not start, trying to restart it does work (apparently)
After activating those services I received various emails telling about these errors:
Account: mysql
Resource: Process Time
Exceeded: 7211 > 1800 (seconds)
Executable: /usr/libexec/mariadbd
Command Line: /usr/libexec/mariadbd --basedir=/usr
PID: 916 (Parent PID:916)
Killed: No
And this:
Account: mysql
Resource: Virtual Memory Size
Exceeded: 2092 > 512 (MB)
Executable: /usr/libexec/mariadbd
Command Line: /usr/libexec/mariadbd --basedir=/usr
PID: 1443 (Parent PID:1443)
Killed: No
and another one telling this:
Account: clamupdate
Resource: RSS Memory Size
Exceeded: 410 > 256 (MB)
Executable: /usr/bin/freshclam
Command Line: freshclam
PID: 40327 (Parent PID:40276)
Killed: No
I tried to search information/solutions to these issues and found only sparse information that I am not sure can work and do not seem exhaustive anyway.
To me seems that the "Postfix Mail Server Manager" automatic configurator is incomplete, would be nice if it would take care to add the correct variables in the proper configuration files to avoid getting those errors.
However, can anyone tell what should I fix in the configuration of the server in order to solve these issues?
Thank you in advance
5
CentOS-WebPanel Bugs / automatic update of cwp-httpd.x86_64 2.4.48-2 causes Nginx bad gateway error
« on: October 06, 2021, 11:34:02 AM »
Hello
I received a notice to update packages, as usual I did run the yum manager updater in cwp, the only package I was prompted to update is cwp-httpd.x86_64 version 2.4.48-2
The updater ran smoothly and gave no errors whatsoever.
however, when the update was complete all websites were not visible due to "Nginx bad gateway" error
This problem was seen only on the websites, the cwp panel did work normally, so I tried to reboot the server, when restarted all was the same, websites not working, CWP working.
I reversed everything using a snapshot done just prior the update.
What should I check and do to solve this problem and let the server update cwp-httpd.x86_64 2.4.48-2 then fix the problem and have it ready to go?
Apache version: Apache/2.4.46
PHP version: 7.4.13 PHP-FPM is forced
Web Servers: nginx-apache
CWPpro version: 0.9.8.1086
Distro Name: CentOS Linux release 7.9.2009 (Core)
Kernel Version: 3.10.0-1160.42.2.el7.x86_64
Hint: previously I followed Sandeep's tutorial to get the A grade with SSL https://www.mysterydata.com/get-a-score-rating-with-ssllabs-qualys-in-cwp-control-web-panel/
Thank you
I received a notice to update packages, as usual I did run the yum manager updater in cwp, the only package I was prompted to update is cwp-httpd.x86_64 version 2.4.48-2
The updater ran smoothly and gave no errors whatsoever.
however, when the update was complete all websites were not visible due to "Nginx bad gateway" error
This problem was seen only on the websites, the cwp panel did work normally, so I tried to reboot the server, when restarted all was the same, websites not working, CWP working.
I reversed everything using a snapshot done just prior the update.
What should I check and do to solve this problem and let the server update cwp-httpd.x86_64 2.4.48-2 then fix the problem and have it ready to go?
Apache version: Apache/2.4.46
PHP version: 7.4.13 PHP-FPM is forced
Web Servers: nginx-apache
CWPpro version: 0.9.8.1086
Distro Name: CentOS Linux release 7.9.2009 (Core)
Kernel Version: 3.10.0-1160.42.2.el7.x86_64
Hint: previously I followed Sandeep's tutorial to get the A grade with SSL https://www.mysterydata.com/get-a-score-rating-with-ssllabs-qualys-in-cwp-control-web-panel/
Thank you
6
CentOS-WebPanel Bugs / Phpmyadmin does not export databases
« on: September 09, 2021, 08:32:58 PM »
Hello
When I try to export a database using PhpMydmin I do get 2 odd errors:
The first is a warning telling this:
"Warning: a form on this page has more than 1000 fields. On submission, some of the fields might be ignored, due to PHP's max_input_vars configuration."
This warning message is shown after clicking the export button on a database, I tried to change the max_input_vars configuration in all php.ini files I found in the server, I settled it to a very high amount, 24000, and nothing changed (while in general I never see this warning when looking at tables or using PHP scripts querying the databases)
The second problem is a severe error as it prevents me to complete the export of the database.
When I end settling the export parameter and click the go button I get this warning error stopping the procedure:
Notice in ./libraries/classes/Controllers/ExportController.php#263
Undefined index: output_format
Backtrace
Routing.php#187: PhpMyAdmin\Controllers\ExportController->index(array)
index.php#18: PhpMyAdmin\Routing::callControllerForRoute(
string '/export',
,
,
)
It is bugging me from months, over half a year, I tried more times to search some solution about and still I cannot find any useful information to fix this.
I know I can export the databases with mysqldump and/or other tools, however I want to have it fixed so PhpMyadmin can be conveniently used also for backups.
Does anybody know what to check and how to fix this?
Any help is welcome
Thank you
Thank you
When I try to export a database using PhpMydmin I do get 2 odd errors:
The first is a warning telling this:
"Warning: a form on this page has more than 1000 fields. On submission, some of the fields might be ignored, due to PHP's max_input_vars configuration."
This warning message is shown after clicking the export button on a database, I tried to change the max_input_vars configuration in all php.ini files I found in the server, I settled it to a very high amount, 24000, and nothing changed (while in general I never see this warning when looking at tables or using PHP scripts querying the databases)
The second problem is a severe error as it prevents me to complete the export of the database.
When I end settling the export parameter and click the go button I get this warning error stopping the procedure:
Notice in ./libraries/classes/Controllers/ExportController.php#263
Undefined index: output_format
Backtrace
Routing.php#187: PhpMyAdmin\Controllers\ExportController->index(array)
index.php#18: PhpMyAdmin\Routing::callControllerForRoute(
string '/export',
,
,
)
It is bugging me from months, over half a year, I tried more times to search some solution about and still I cannot find any useful information to fix this.
I know I can export the databases with mysqldump and/or other tools, however I want to have it fixed so PhpMyadmin can be conveniently used also for backups.
Does anybody know what to check and how to fix this?
Any help is welcome
Thank you
Thank you
Pages: [1]
