Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - NFT

Pages: [1] 2
1
Updates / Re: How can update PHP for cwpsrv
« on: February 11, 2024, 08:13:39 AM »
Hi,

Thanks for your reply.

So there is no way to update PHP by ourselves, we absolutely have to wait for an official update ?

Any idea of the official update date ? because I haven't seen anything about it for php.

Jordan

Jordan it is way to often CWP updates/features are years to come, so REMOVE/HIDE these outdated modules where you can, and add your own.
Like the webmail.conf that redirect/proxy "/webmail" (in different upper/lower letters) and "/roundcube" on ALL added domains/sites to  http://localhost:2095/ the unsecure/outdated CWP runtime.
Remove that file or comment content out
Then just add your own installation of RoundCube 1.6.1 or release you want to one of your sites, and you can not use PHP 8 also.

Remove the
Roundcube

2
With new Backup "beta" active, I have started for sometime to get multiple warnings

PHP Warning:  scandir(user1/): failed to open dir: No such file or directory in /usr/local/cwpsrv/htdocs/resources/admin/addons/class_backupmanager.php on line 0

multiple lines 1 per directory under /home,  even the warning does not directly refer to home the scandir names does match all these.

Anyone know how to fix, as the script are coded so I have no chance to find out why I see these warnings, or why  "/home/" are missing in the refer path.

3
Apache / Re: Apache Compiler
« on: April 14, 2023, 02:58:18 PM »
Yes and that is my I recommend all to keep away from the "Apache Compiler" unless you really NEED an OLD Apache version, and I then hope that is for an internal only setup.

but also found out even I had manually updated OpenSSL, then the CWP-HTTPD are build with custom openssl-1.0.2k-fips mod_ssl and very outdated.

So I have to break CWP control, and build in myself
https://www.uxlinux.com/how-to-enable-tls-1-3-in-apache-on-cwp-control-web-panel-centos-7-centos-8-el7-el8/

PS. apache-rebuild-new7.sh used older 2.4.55, but I changed that, and also fixed issue with missing lib64

Now running Apache 2.4.57 with OpenSSL 3.0.8

4
Apache / Re: Apache Compiler
« on: April 13, 2023, 08:11:45 AM »
Sorry overseer, I know to the forum I have status "Newbie", but within IT Operation I am a Senior Architect, and was an Application Architect for many years.
That is why I can say CWP are primary build/managed by IT Developers/Technicians, not Architects.
Many CWP enhanced features break (disable) other CWP enhanced features, but does not inform or indicate this, so it is important to know what CWP features have been utilized, to be able to know why CWP behave as it does.

Like the "Apache Builder (compiler)", when used then YUM updates of CWP Apache are ignored, you have to manually choose newer compile selection (if possible).
Like the "PHP Version Switcher (php_switch_v2)", when used then YUM updates of CWP PHP are ignored, you have to manually choose newer PHP version selection (if possible).

"Setup default Web Servers (WebServers_manage)" are a clear exception, from what I can see it does not break anything (just let Admins choose) and both makes light test and have clear info how it interact with some of the other Enhancements/Options.
Ex. just above "Save and Rebuild Configuration" a possible check-mark to 
"Force Apache to use PHP-FPM Selector, this will disable PHP Selector 2 and PHP Version Switcher. (NOT installed, click here to install) [** CWPpro required **]"

The way I got away from the "Apache Compiler" and now able to get/follow newer updates, was via "Yum Manager" and under "Installed Packages"  reinstall all the CWP-* packages, AFTER I had manually found and removed all the somehow added extra mod_security configurations in some of the conf.d/*.conf  & conf.d/vhosts/*.conf files.
Then Apache again was able to restart after 2.4.56-1 update.

The "Apache Compiler" page now show
Quote
Apache Builder (compiler)

You are running Apache version:

Server version: Apache/2.4.56 (Unix)
Server built:   Mar 14 2023 13:11:28

Loaded Modules:
 .... (static)
 ... (static)

and as latest version in "Select NEW Apache version" are "Apache 2.4.52 & suPHP 0.7.2" I commend never to press "Next >" on the in the future.
So I say Apache Builder (compiler) are EOL (End of Life)

5
Apache / Re: Apache Compiler
« on: April 12, 2023, 05:38:23 AM »
Both "Apache Compiler" and "PHP-FPM Selector (php_selector3)" are CWP enhanced features or "secret sauce" as you call it, and your responding to a thread about "Apache Compiler" that you apparently have not Used, Tested or have any Knowledge about.

Please let's try to help each other in the forum, not misguide

6
Apache / Re: Apache Compiler - EOL
« on: April 11, 2023, 07:30:28 AM »
Apparently "Apache Builder (compiler)" are EOL, as when used you are back in 2021 branch, and you will have an very unsecure server.

After fixing CWP standard mod_security when upgrading from 2.4.54 to 2.4.56, I can now via YUM Manager reinstall Installed Packages "cwp-httpd.x86_64 2.4.56-1" & "cwp-suphp.x86_64 0.7.2-3", and now have Apache version: Apache/2.4.56 running.

7
Apache / Re: Apache Compiler
« on: April 11, 2023, 07:14:52 AM »
Well I would hope so, but not on my setup, and many that use CWP enhanced features, I just rolled the update "cwp-httpd.x86_64 2.4.56-1" with needed Apache recompile as Apache would not start, so I am at back at Apache/2.4.54, but before rollback it was

Application Version
    Apache version: Apache/2.4.52
    PHP version: 8.1.16
    MySQL version: 10.11.2-MariaDB
    FTP version: 1.0.47

CWP preach that it has higher performance than other PANEL's, as it compile APP/Runtime/Middelware for the system it are installed on. Well that is the issue when these Compile Tools are not kept updated to support new releases.

In Apache Re-Build, latest release are "Apache 2.4.52 & suPHP 0.7.2", so that as High as CWP gets on compile.

Same issue we have with CWP and MYSQL or MariaDB, but at least there are guides how to FIX CWP implementation, and manually get it to a developer supported secure release.

8
Apache / Re: Apache Compiler
« on: April 10, 2023, 04:18:35 PM »
We need a 2.4.56 option as all release below has critical security issues
and cwp-httpd.x86_64 2.4.56-1 required me to recompile Apache, but only option are still 2.4.52

9
I tried commenting it out inclusion by inclusion (step by step) still httpd failed to start.
That is why I restored, 2.4.55-1 are just to buggy.

Back to Apache 2.4.52 & suPHP 0.7.2 with the security issues :(

https://httpd.apache.org/security/vulnerabilities_24.html

10
Package updated successfully.

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.fysik.dtu.dk
 * epel: mirror.nsc.liu.se
 * extras: mirror.fysik.dtu.dk
 * updates: mirror.fysik.dtu.dk
Resolving Dependencies
--> Running transaction check
---> Package cwp-httpd.x86_64 0:2.4.54-1 will be updated
---> Package cwp-httpd.x86_64 0:2.4.55-1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package             Arch             Version               Repository     Size
================================================================================
Updating:
 cwp-httpd           x86_64           2.4.55-1              cwp           5.6 M

Transaction Summary
================================================================================
Upgrade  1 Package

Total download size: 5.6 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : cwp-httpd-2.4.55-1.x86_64                                    1/2
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
warning: %post(cwp-httpd-2.4.55-1.x86_64) scriptlet failed, exit status 1
  Cleanup    : cwp-httpd-2.4.54-1.x86_64                                    2/2
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
  Verifying  : cwp-httpd-2.4.55-1.x86_64                                    1/2
  Verifying  : cwp-httpd-2.4.54-1.x86_64                                    2/2

Updated:
  cwp-httpd.x86_64 0:2.4.55-1                                                   

Complete!

-------------

journalctl -xe
A lot of issues with errors in modsecurity-owasp-old and other files, that has not been updated for a very long time.

Restored server to before   cwp-httpd.x86_64 0:2.4.55-1

FYI  Gert

11
CentOS-WebPanel Bugs / Re: Cron Job Bugs & Errors
« on: March 11, 2021, 06:43:52 AM »
thanks it will be fixed in next few updates.

Well still not fixed this "alertandautorenewssl" empty "[]" mail also reported here without any response
http://forum.centos-webpanel.com/index.php?topic=9205.msg32278#msg32278

12
PHP / Re: Need to upgrade CWPPHP from 7.2.30 to at least 7.2.31
« on: February 21, 2021, 01:19:43 PM »
Starburst that are only the PHP for hosted PHP, the PHP version CWPSRV use are old
check your self via
yum info cwpphp

PS. this are also the old PHP version used for build-in phpmysqladmin and WebMail (RoundCube), again just check.

13
PHP / Re: CWP7.Pro Error | Unable to Login Admin Panel
« on: July 16, 2020, 09:34:25 AM »
@cynique correct that is my view also

CWP Team themselves should be SME's (Subject Matter Experts), so they should not list something that looks like a Fix, when it is a workaround, and especially not if this workaround turn off a security feature.

I am not saying the CWP Team themselves in general post "bad advice" in the forum, but a short response like
Quote
disable secure process from admin > security
Would look like a general known fix, why I add "try" as I hope that was what Sandeep meant, as I have seen multiple good advise from this SME.

I to often on the Internet have seen advice to example turn off SELINUX (https://en.wikipedia.org/wiki/Security-Enhanced_Linux) , when something are not working.
And again this should only be used temporally if needed to troubleshot an issue, to see if SELINUX has a policy that prevent something from working, then one should update the policy and get SELINUX enabled ASAP.

We have to remember people often Google issues, and read as little as possible to "solve" their issue, so when a SME tell you to just turn something off, they do not think/expect this will cause them new worse issues.

14
PHP / Re: CWP7.Pro Error | Unable to Login Admin Panel
« on: July 15, 2020, 07:08:47 AM »

Try disabling secure/hidden process from CWP admin - > security and try again.

Please stop with this bad advise, fix the issue do not remove the warnings/protection
Posted found fix here
http://forum.centos-webpanel.com/index.php?topic=9168.msg32616#msg32616

15
Do not "disable secure processes" fix the real reason, Solution, test on 2 updated CentOS 7 with CWP
https://access.redhat.com/solutions/1543343

Resolution:

    Ensure the existence of a polkitd system user & group
    Copy/paste the following 2 compound-commands to a root terminal to check for and conditionally create the user/group
   
Code: [Select]
getent group polkitd >/dev/null && echo -e "\e[1;32mpolkitd group already exists\e[0m" || { groupadd -r polkitd && echo -e "\e[1;33mAdded missing polkitd group\e[0m" || echo -e "\e[1;31mAdding polkitd group FAILED\e[0m"; }
    getent passwd polkitd >/dev/null && echo -e "\e[1;32mpolkitd user already exists\e[0m" || { useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd && echo -e "\e[1;33mAdded missing polkitd user\e[0m" || echo -e "\e[1;31mAdding polkitd user FAILED\e[0m"; }

    Reset the permissions and user/group ownership for all files provided by the polkit and polkit-pkla-compat packages
    Copy/paste the following compound-command to a root terminal to check for and conditionally reset user/group perms & ownership
   
Code: [Select]
rpm -Va polkit\* && echo -e "\e[1;32mpolkit* rpm verification passed\e[0m" || { echo -e "\e[1;33mResetting polkit* rpm user/group ownership & perms\e[0m"; rpm --setugids polkit polkit-pkla-compat; rpm --setperms polkit polkit-pkla-compat; }
    Reboot
    A reboot of the machine will be required to make sure that all changes take affect and that polkit has reconnected to the dbus
   
Code: [Select]
shutdown -r now

Pages: [1] 2