Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - jeffshead

Pages: [1]
1
Updates / Snort rule blocking updates
« on: December 17, 2021, 04:04:19 PM »
Just want to share this...

I tried updating CWP Pro from within the admin panel and by command (sh /scripts/update_cwp --verbose). Both methods failed without any errors. The admin panel would remain covered by a modal with a spinner icon. The terminal window would display only the following:

Code: [Select]
[root@cwp ~]# sh /scripts/update_cwp --verbose

====================================================
============= CentOS Web Panel Cron ================
====================================================


###########################
Firewall Flush Daily Blocks
###########################


######################
Update Server Packages
######################

My CWP is behind a gateway device that utilizes Snort for IPS. I had to not only disable a particular rule but also reboot the gateway device. Simply reloading the Snort rules was not sufficient \_(ツ)_/

The rule: 21420 (https://www.snort.org/rule_docs/1-21420)

Log snippet:
Code: [Select]
2021:12:17-09:43:17 gateway snort[27335]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt" group="340" srcip="151.80.90.199" dstip="192.168.0.110" proto="6" srcport="80" dstport="46488" sid="21420" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2021:12:17-09:44:41 gateway snort[27335]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt" group="340" srcip="198.27.104.40" dstip="192.168.0.110" proto="6" srcport="80" dstport="49798" sid="21420" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2021:12:17-09:44:41 gateway snort[27335]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt" group="340" srcip="198.27.104.40" dstip="192.168.0.110" proto="6" srcport="80" dstport="49798" sid="21420" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2021:12:17-09:45:21 gateway snort[27335]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt" group="340" srcip="137.74.148.116" dstip="192.168.0.110" proto="6" srcport="80" dstport="52826" sid="21420" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"

Hope this may help others.

2
CentOS 7 Problems / .htaccess deny access not working
« on: February 09, 2021, 06:01:57 AM »
My CWP is set up with Nginx & Varnish & Apache.

I'm using a few different web apps that come with their own custom .htaccess files that do different things for different directories. One thing that was puzzling me is the fact that some .htaccess files were not denying access to some directories even though the files are properly coded. It took me a long time to figure out that the following block in the NGINX vhost config files is causing the issue:

Code: [Select]
location / {
location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh)$ {
root /home/<userAccount>/mysite.com;
expires max;
try_files $uri @backend;
}

error_page 405 = @backend;
error_page 500 = @custom;
add_header X-Cache "HIT from Backend";
add_header Strict-Transport-Security "max-age=31536000";
add_header X-Content-Type-Options nosniff;
proxy_pass http://192.168.1.5:8181;
include proxy.inc;
}

So even if I have a proper .htaccess file which denies access to a directory, users can still view/download (via web browser) any of the file types that are specified in the code snippet above.

So what is the proper way to fix this situation of the .htaccess files being essentially bypassed?

3
Updates / Update proof configurations
« on: July 15, 2020, 12:25:13 PM »
My CWP install is behind a gateway device so all logged IP's are 192.168.1.1. Because of a CWP bug (don't know if it was ever fixed), I am using Nginx & Varnish & Apache.

Before updating (which update I do not know), I had my CWP set up to log the client IP's. It was using mod_rpaf with x-forward but it seems an update has removed the mod_rpaf option from the control panel.

What is the proper way to setup client IP logging so that the custom config does not get blown away by a future update?

4
CentOS-WebPanel Bugs / Backup error since last update
« on: March 23, 2020, 12:56:01 PM »
Daily, I'm getting an email with the following data:

Email subject:
Code: [Select]
Cron <root@cwp> /usr/local/cwp/php71/bin/php-cgi -d max_execution_time=10000000 -q /usr/local/cwpsrv/htdocs/resources/admin/include/cron_newbackup.php
Body of the email:
Code: [Select]
PHP Warning:  SQLite3::exec(): database is locked in /usr/local/cwpsrv/htdocs/resources/admin/include/cron_newbackup.php on line 0
I haven't attempted to schedule any backup jobs because I backup the whole VM with Veeam. When I visit CWP Settings->NEW Backup (beta) tab and click on Log Monitor, I see the following:

Code: [Select]
Log Monitor

2020-03-23 00:15:01 Backup Initiated
2020-03-23 00:15:01 ["account1","account2","account3","account4"]
2020-03-23 00:15:01 Starting compression
2020-03-23 00:15:01
2020-03-23 00:15:04 UPDATE backups SET LASTEXEC = "2020-03-23 00:15:04", STRUN ="0" WHERE ID="1"

tail -f /var/log/cwp/cron_backup.log

So I guess there are two issues;
  • Why is a backup attempted when I never scheduled it?
  • What is causing it to error out?
Where do I begin troubleshooting this?

5
SSL / AutoSSL not working
« on: October 20, 2019, 01:35:25 AM »
I can't figure out how to set up my account/domain/subdomain on CWP. For example, let's assume my domain name is: mysite.com.

I want only www.mysite.com hosted on CWP, not mysite.com. mysite.com is on a different server, with a different public IP.

www.mysite.com is not an option to choose from when attempting to use AutoSSL; only "mysite.com" or "All Domains".

So how am I supposed to set this up? Also, my CWP is behind a gateway so I use NAT.

6
FTP / Uploaded files missing code
« on: September 19, 2018, 12:55:58 PM »
Has anyone encountered an issue where the files you upload are cut off?

If I use a standard user FTP account and upload a full website, web app or even large, single files, sometimes some of the files are missing code. It's as if you open a file in a text editor and delete the bottom 1/3 of the file.

I havn't encountered this issue if I use the root account and SFTP to upload the same files or directories.

What could be causing this issue?

7
CentOS Configuration / Add additional IP Addresses
« on: August 20, 2018, 09:43:50 PM »
I am behind a UTM appliance so I have NAT enabled. I would like some domains to have their own IP address. I have 192.168.1.10 specified for Default IP, Shared IP and NAT'ed IP.

I know how to add additional IP addresses to the server but how do I set up the config files for each domain?

I added IP address 192.168.1.11 to the server and selected it for a particular user account. I want to use this IP address for a specific domain. I am using Apache, NGINX Reverse Proxy and Varnish. Do I have to manually change the IP address in all three server's config files? What about the Varnish config files? Do I have to create/add an additional secret for the new IP? What code do I add/edit and to what Varnish config file(s)?

Also, when I use Apache Settings->Rebuild Virtual Hosts, it uses 192.168.1.10 for all domains even though I have 192.168.1.11 specified for one of the user accounts. The Rebuild Virtual Hosts tool isn't designed to pull/insert the IP address assigned to each user account???

8
Apache / Definitive answer: HTTP to HTTPS www
« on: August 10, 2018, 01:11:19 PM »
I have been struggling with this for days but can't get this to work in all situations.

What is the proper way (per domian) to direct all traffic to https://www.domain.tld/:

http://domain.tld-> https://www.domain.tld/
http://www.domain.tld-> https://www.domain.tld/
https://domain.tld-> https://www.domain.tld/

I am using Apache & Varnish Cache & Nginx Reverse Proxy and AutoSSL. I have tried rewrites and redirects in .htaccess and in vhosts configs but I have been unsuccessful.

I know you can edit the vhost templates and I also see that you can have per domain, custom config files but what is the proper code and way of doing this so the configurations are not lost when CWP rebuilds the vhosts?


Help... I'm starting to hemorrhage!

9
CentOS-WebPanel Bugs / Apache Builder (compiler) not working
« on: May 11, 2018, 12:20:23 PM »
I tried to update Apache to latest version. The latest version in the drop-down list is 2.4.33:


Once compiling completes, Apache cannot start because httpd.conf is virtually blank except for a couple of lines (forgot to record those).

If I manually restore a backup of httpd.conf, Apache will start but it still shows it's version 2.4.29:


Am I missing a step?

10
CentOS-WebPanel Bugs / Simple PHP.ini editor does not work
« on: May 11, 2018, 01:44:44 AM »
When I edit the text in any of the text boxes on this page and click the save button, the edits do not stick.

If I make edits on the PHP.ini Configuration page or edit the php.ini directly, the edits do stick and they show up on the Simple PHP.ini editor page.

11
Installation / How to use Clamd to scan uploaded files
« on: March 02, 2018, 04:04:51 PM »
I disabled the postfix service because email for all domians hosted on CWP is handled by another server.

However, I would like to use ClamAV to scan files that are uploaded via some Perl web apps. I enabled and started 'clamd-scan.service' and 'clamd@scan.service'.

The scripts are not working and when I test via command line (e.g., clamdscan /home/jeff/public_html/uploads/eicar_com.zip), I get the following error:

Code: [Select]
ERROR: Could not connect to clamd on 127.0.0.1: Connection refused

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.011 sec (0 m 0 s)

I also tried enabling and starting 'amavisd.service' but I got the same error when testing.

Not sure what to look at next. Anyone have any ideas?

12
Installation / CGI not working CWP with Centos 7
« on: March 01, 2018, 03:34:45 PM »
I followed this (http://wiki.centos-webpanel.com/how-to-run-cgi-scripts-with-apache) and this (http://wiki.centos-webpanel.com/how-to-enable-mod_suexec-with-apache) but I still cannot get CGI working.

When I go to: https://mysite.com/cgi-bin/test.cgi, I get a 500 Internal Server Error.

I get this in the error log:
Code: [Select]
End of script output before headers: test.cgi

I get the following in the suexec log:
Code: [Select]
[2018-03-01 10:25:18]: uid: (1001/jeff) gid: (1001/jeff) cmd: test.cgi
[2018-03-01 10:25:18]: file has no execute permission: (/home/jeff/public_html/cgi-bin/test.cgi)

I used WinSCP to upload 'test.cgi' from a Windows PC to the server and I also used WinSCP to chmod 'test.cgi' to 0755. I also used CWP to fix permissions for the user account.

As per the wiki, I get "cgid_module (shared)" and "suexec_module (shared)" when testing to see if the modules are loaded.

Not sure what to do at this point.

I get the following when I check permissions via command line:
Code: [Select]
[root@cwp ~]# ls -la /home/jeff/public_html/cgi-bin/test.cgi
-rw-r--r-- 1 jeff jeff 98 Feb 28 17:49 /home/jeff/public_html/cgi-bin/test.cgi

13
Installation / vhost has wrong IP address?
« on: February 21, 2018, 02:26:42 AM »
I am adding additional IP addresses to CWP. Some accounts/domains will use the shared IP and others will have their own IP address.

When I create an account and choose one of the additional IP addresses, why does the vhost file, that is created for that domain, contain the shared IP address instead of the one I selected when I created that account/domain? Shouldn't the vhost file contain the IP address that I selected? Is this by design?

Also, if I edit the vhost file so that it contains the correct IP address, it reverts to the shared IP address if I rebuild all vhost files. Is this by design?

I just don't see the point in specifying which IP address is to be used when creating an account/domain if you have to go back and manually change it ???

14
Addons / eXtplorer not working
« on: February 19, 2018, 02:15:14 PM »
I get 500 internal server error when I try to access: http://mysite.com/filemanager/

I see the shortcut and the eXtplorer folders have been added to the home directory.

How to fix?

15
Installation / CWP behind WAF
« on: December 28, 2017, 01:14:51 PM »
Can CWP be used if server it is installed on is behind a Web Application Firewall (WAF)? The WAF uses NAT so all IP's to the server are internal. The server is also a VM, not a physical server. I will have 5-8 websites available to the public.

What issues will I encounter? What other info do you need from me in order to answer my questions? I'm new to Linux, coming from Windoz :-\ I have had a WAMP stack set up in this way for many years without issue but I would like to move to Linux. I would like to keep the new Linux server behind the WAF for ease of administration.

Thanks!

Jeff

Pages: [1]