This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation / /scripts/cwp_security_audit [SECURITY ALERT] Unauthorized port: php-fpm - Fixed
« on: June 04, 2026, 10:30:56 AM »Code: [Select]
sh /scripts/cwp_security_audit
------------------------------------------------------
[INFO] Auditing cwpsrv (PID: 734540)
[OK] cwpsrv looks clean.
------------------------------------------------------
[INFO] Auditing php-fpm-cwp (PID: 736416)
[SECURITY ALERT] Unauthorized port: php-fpm
Error:Can't add notification!------------------------------------------------------
[INFO] Auditing apache (PID: 733902)
[OK] apache looks clean.
------------------------------------------------------
[DONE] Security audit finished.1. Why does [SECURITY ALERT] Unauthorized port: php-fpm appear?
The problem is a flaw in how the script parses the text and compares the data.
Port capture: In the "Port Audit" section, the script executes an lsof command combined with awk to find out which ports are open. Due to how your Linux is configured, this command is not returning a number (like 9000), but rather returns the literal word php-fpm.
Validation: Next, the script takes that word (php-fpm) and compares it one by one against its whitelist called ALLOWED_PORTS.
The failure: If you look at the script's configuration line, ALLOWED_PORTS only contains numbers: ("2030" "2031" "2082" "2083" "2086" "2087" "2095" "2096" "9000" "2302" "2304" "8181" "8443" "80" "443"). Since the word php-fpm is obviously not equal to any of those numbers, the script assumes it is an intruder and triggers the security alert echo.
How to solve it permanently (The Patch)
Since it is a local script that you control, you can fix CWP's poor programming in five seconds.
You just have to edit this file (nano /scripts/cwp_security_audit) and include the word "php-fpm" inside the allowed ports array in the initial configuration.
Change this:
Code: [Select]
ALLOWED_PORTS=("2030" "2031" "2082" "2083" "2086" "2087" "2095" "2096" "9000" "2302" "2304" "8181" "8443" "80" "443")For this:
Code: [Select]
ALLOWED_PORTS=("2030" "2031" "2082" "2083" "2086" "2087" "2095" "2096" "9000" "2302" "2304" "8181" "8443" "80" "443" "php-fpm")
2
Installation / Varnish does not install with cwp-el9-latest - Fixed
« on: June 03, 2026, 12:04:05 AM »
Hello, I recently installed CWP on AlmaLinux 9 (https://dl1.centos-webpanel.com/files/cwp-el9-latest) and to my surprise, when I go to WebServers_manage and select Nginx & Varnish & Apache, Varnish NEVER installs. By analyzing cwpsrv with stress-ng, I was able to detect exactly where the error is.
The strace accurately reveals why the installer was failing silently:
The panel tries to download a non-existent script (varnish.sh returns a 404 at https://dl1.centos-webpanel.com/files/s_scripts/el9/varnish.sh).
Then, it tries to apply a sed command to /etc/varnish/varnish.params. This throws an "Exit Code 2" because Varnish no longer uses that file in AlmaLinux 9.
Finally, it crashes when trying to clean /etc/varnish/conf.d/vhosts because the directory simply does not exist.
In the end, PHP generates the .vcl files, but the daemon is never actually installed or started.
The following EL8 script logic was used as a reference to build the fix: https://dl1.centos-webpanel.com/files/s_scripts/el8/varnish.sh
I hope they update WebServers_manage
The strace accurately reveals why the installer was failing silently:
The panel tries to download a non-existent script (varnish.sh returns a 404 at https://dl1.centos-webpanel.com/files/s_scripts/el9/varnish.sh).
Then, it tries to apply a sed command to /etc/varnish/varnish.params. This throws an "Exit Code 2" because Varnish no longer uses that file in AlmaLinux 9.
Finally, it crashes when trying to clean /etc/varnish/conf.d/vhosts because the directory simply does not exist.
In the end, PHP generates the .vcl files, but the daemon is never actually installed or started.
The following EL8 script logic was used as a reference to build the fix: https://dl1.centos-webpanel.com/files/s_scripts/el8/varnish.sh
Code: [Select]
# 1. Install repositories and clean dependencies
dnf -y install epel-release jemalloc --enablerepo=epel
curl -s https://packagecloud.io/install/repositories/varnishcache/varnish64/script.rpm.sh | bash
dnf -y module disable varnish
dnf -y install varnish
# 2. Build the directory structure that the panel assumes exists
mkdir -p /etc/varnish/conf.d/vhosts
touch /etc/varnish/conf.d/vhosts.conf
# 3. Patch the CWP bug (The phantom file)
# We create this file to prevent the panel's internal "sed" from throwing Exit Code 2
echo "VARNISH_LISTEN_PORT=82" > /etc/varnish/varnish.params
# 4. Modify the master port at the Systemd level (The definitive way)
if [ -e "/usr/lib/systemd/system/varnish.service" ]; then
sed -i "s|6081|82|g" /usr/lib/systemd/system/varnish.service
systemctl daemon-reload
fi
# 5. Force PHP to regenerate the vHosts with the repaired structure
sh /scripts/cwpsrv_rebuild_user_conf
# 6. Bring up the proxy chain in order
systemctl enable --now varnish
systemctl restart httpd
systemctl restart varnish
systemctl restart nginxI hope they update WebServers_manage
3
MySQL / Database create without prefix "_test"
« on: November 27, 2022, 10:54:11 AM »
Hi, when I create a database from :2083 it does not reflect it in the same panel, but it is created in mysql BUT without the prefix, when I add a database manually with user prefix it does reflect in the panel, any hint? if only I could see the code!
Regards
Regards
4
PHP / PHP Selector v2
« on: September 20, 2018, 11:58:27 PM »
We need to add the most important option "Edit Flags", I personally update the libraries for PHP and need to give the correct paths, I do well with PHP Selector v1, but v2 is not available, it is essential to add it for those who need a customization of the PHP compilation.
Thank you.
Thank you.
5
New Modules / Reseller Account
« on: July 04, 2017, 09:45:22 AM »
Hello, he created a module for a reseller, works perfectly with the CWP API, but for mayor mayor security the data needs a CWP function that returns the user or session ID.


6
SPF / policyd-spf skip_addresses not IP network
« on: May 29, 2017, 01:16:07 AM »Quote
May 28 18:52:53 server policyd-spf[12368]: ERROR: 127.0.0.0/8 in skip_addresses not IP network. Message: '65.54.190.90' does not appear to be an IPv4 or IPv6 address. Did you pass in a bytes (str in Python 2) instead of a unicode object?. Aborting whitelist processing.
Fix...
Quote
yum install -y python34
sed -i "s|/usr/bin/python|/usr/bin/python3|" /etc/postfix/master.cf
/bin/systemctl restart postfix
Bye
Pages: [1]
