Messages

211

Suggestions / Re: :):):) Comodo WAF rules update required :):):)

« on: January 30, 2025, 04:43:33 PM »

Well looks like I got OWASP ruleset 4.11.0 working OK with ModSecurity on AL9.

Which is good, considering I activated it on a live production server, after I noticed I wasn't logged into my test box on my desk.   

I'll be posting a KB article later today.

But yea, when they split the company both halves started offering their own paid  'ruleset'.
The 'new' endpoint doesn't see CWP, only cPanel, DA, and Plesk and installs as a standalone, which doesn't play well with CWP.

212

Suggestions / Re: :):):) Comodo WAF rules update required :):):)

« on: January 28, 2025, 11:36:03 PM »

We use Apache, and not Nginx.

There is more script support for Apache, and the performance benefit of Nginx is negatable.

OWASP old & Comodo both work fine, which is the odd thing.

If Xcitium did kill the free Comodo ruleset, that only leave OWASP of being free for users to choose.

213

Installation / Re: AL 9 server not upgrading to CWP Pro

« on: January 28, 2025, 11:31:15 PM »

If you Base IPv4 matches what's in the system.

Try running:

Code: [Select]

/scripts/update_cwp

214

Installation / Re: ...server under AL9?

« on: January 28, 2025, 01:57:01 AM »

I've posted the basic setup steps here in the forums a couple times.
Here it is again, or you also have options of people that can get the basic installed for you.

You can't have any services installed before installing CWP.

So if Apache is working 'out of the box', you are installing AlmaLinux 9.4 LAMP.
That won't work.

Reimage with the bare AlmaLinux 9.5

Setup your networking, hostname, timzone.

Then:

Code: [Select]

dnf install dnf-plugins-core

Code: [Select]

dnf install elrepo-release epel-release -y

Code: [Select]

dnf config-manager --set-enabled crb

Code: [Select]

dnf --refresh update

Code: [Select]

dnf install nano wget ipset ebtables iptables ipset-service uuid uuid-devel libuuid-devel m4 pcre pcre-devel zlib-devel perl-DBD-MySQL perl-IPC-Cmd perl-Pod-Html perl-Sys-Hostname perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph libtool s-nail htop sysstat python3-perf ImageMagick ImageMagick-devel nmap make quota cockpit* -y

Code: [Select]

dnf --refresh update

Code: [Select]

dnf install clamav* clamd

Code: [Select]

dnf clean all

Code: [Select]

cd /usr/local/src

Code: [Select]

wget http://centos-webpanel.com/cwp-el9-latest

Code: [Select]

sh cwp-el9-latest

Code: [Select]

dnf install spamassassin amavis
Reboot

Configure & Start CSF

UPDATE DEPENDENCIES

Code: [Select]

dnf install php-cli libsodium libsodium-devel php-sodium php-pecl-zip  php-pecl-mailparse php-mbstring php-pear php-devel php-pecl-imagick

Code: [Select]

pecl channel-update pecl.php.net
To updated MariaDB follow:
https://www.alphagnu.com/topic/23-upgrade-mariadb-1011-in-cwp-centos-7-centos-8-stream-almalinux-78-rockylinux-78/

The one string to re-install MariaDB has been updated, or you'll get an error.
Run this instead:

Code: [Select]

dnf install MariaDB-server MariaDB-client net-snmp perl-DBD-MySQL --allowerasing
There are other steps, but everyone customizes their servers differently.

215

Suggestions / Re: :):):) Comodo WAF rules update required :):):)

« on: January 28, 2025, 01:39:23 AM »

The defaults are:

HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"
SSHD_LOG = "/var/log/secure"
SU_LOG = "/var/log/secure"
SUDO_LOG = "/var/log/secure"
FTPD_LOG = "/var/log/messages"
SMTPAUTH_LOG = "/var/log/maillog"
POP3D_LOG = "/var/log/dovecot-info.log"
IMAPD_LOG = "/var/log/dovecot-info.log"
IPTABLES_LOG = "/var/log/messages"
SUHOSIN_LOG = "/var/log/messages"
BIND_LOG = "/var/log/messages"
SYSLOG_LOG = "/var/log/messages"
WEBMIN_LOG = "/var/log/secure"
CWP_LOG = "/var/log/cwp_client_login.log"

CUSTOM1_LOG = "/var/log/cwp_client_login.log"
CUSTOM2_LOG = "/usr/local/apache/domlogs/*.log"

I followed the OWASP docs, and changed MODSEC_LOG to MODSEC_LOG = "/usr/local/apache/logs/modsec_audit.log"
When that failed, I added it to the next empty custom entry CUSTOM3_LOG, still no joy.

I've put another paid ticket in to CWP.
They argued the last ticket that didn't solve the problem was closed as being 'resolved'

What's weird is that the OWASP old ruleset works OK, but if you select OWASP latest it breaks everything.
You still see it stop attacks if your view the ModSecurity log.

Just added "/usr/local/cwpsrv/logs/*_log" to CUSTOM3_LOG, which was empty.
Will see if that works.

Also have a virtual meeting with Xcitium (company who bought Comodo) next week, to find out what there plans are for the future of that ruleset.
Because of right now it's dead.

Hopefully this will get resolved.

I'm not sure about anyone else, but this simple thing has turned into a large cluster.

216

Suggestions / Re: :):):) Comodo WAF rules update required :):):)

« on: January 26, 2025, 11:02:50 PM »

I've tried different ways, just can't get OWASP to talk to CSF, even using the documentation.
It 'should' work, I see it in the logs, but CSF refuses to add the IP's and send notifications.

217

Suggestions / Re: :):):) Comodo WAF rules update required :):):)

« on: January 26, 2025, 12:53:00 AM »

i switched back to OWASP latest rules but they are not blocking malicious attempts . i can see in logs its detecting but attempt is not blocked 

on the other hand comodo waf rules keeps blocking everything  before last update everything was fine and comodo waf rules were the best

Yea, there is a bug CWP has been made aware of with the OWASP latest not working.

218

Suggestions / Re: :):):) Comodo WAF rules update required :):):)

« on: January 26, 2025, 12:51:18 AM »

I tried that juggling, and it didn't work.

There is a problem with the OWASP latest ruleset that I've notified CWP about.

I've only found 2 semi-good replacements, but both are paid:

https://malware.expert/

https://atomicorp.com/modsecurity-rules/

And then there is course the company who bought Comodo, Xcitium. But their website doesn't even work

219

Other / Re: Support Ticket Issue

« on: January 24, 2025, 11:56:17 PM »

Via their support ticket system.

Most problems can not helped here on the forums.

What problem are you having?

--

And if you can include the following:

What 'errors' and/or 'messages' are being displayed in the logs?

What distro are you are you running CWP on?

CWP Free or CWPpro?

VPS or Dedicated?

Public or NAT?

220

Suggestions / Re: :):):) Comodo WAF rules update required :):):)

« on: January 24, 2025, 11:50:49 PM »

The Comodo ruleset isn't a CWP problem.

I can't login with my UN/PW on their site for months now - waf.comodo.com
Seems like the new company who took them over want you to buy their ruleset.

They also haven't responded to emails.

So at this point I'm saying that ruleset is dead, thanks to another takeover.

221

Problems on other RedHat linux servers / Re: I can send and receive messages via the web, but it doesn't work through the...

« on: January 24, 2025, 11:47:16 PM »

Install netmap & netcat and try again.

Check your firewall to verify port 465 is open.

222

Problems on other RedHat linux servers / Re: I can send and receive messages via the web, but it doesn't work through the...

« on: January 24, 2025, 02:46:17 AM »

AlmaLinux's default install doesn't have telnet.

But you can try:

 

Code: [Select]

nc -vz google.com 80Once confirmed you can contact google, and nc is working.

From AlmaLinux 9.5:

Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Connected to 2607:f8b0:4009:81b::200e:80.
Ncat: 0 bytes sent, 0 bytes received in 0.02 seconds.

Now to test your server:

Code: [Select]

nc -vz domain.name 25

Code: [Select]

nc -vz domain.name 465

Code: [Select]

nc -vz domain.name 587

223

Problems on other RedHat linux servers / Re: I can send and receive messages via the web, but it doesn't work through the...

« on: January 23, 2025, 06:13:48 PM »

Does your SSL have the mail sub-domain added?

Most mail clients like Thunderbird will automatically contact the email server for the correct settings.

The error is it can't connect to the SMTP server via SSL.
Make sure ports 486 and 587 are open, as these are the SMTP SSL ports. Port 25 is Non-SSL.

224

Problems on other RedHat linux servers / Re: How to Adjust my SSH Server ? Almalinux 8

« on: January 22, 2025, 02:03:12 AM »

Here is some light reading for you, for when you can't fall asleep. 

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/security_guide/sec-hardening_tls_configuration#sec-Choosing_Algorithms_to_Enable
--
https://community.centminmod.com/threads/openssh-chacha20-ciphers-for-terrapin-security-vulnerability-attacks.25043/
--
https://serverfault.com/questions/1148295/tls-cipher-suites-ordering
--
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#setting-up-system-wide-crypto-policies-in-the-web-console_using-the-system-wide-cryptographic-policies

Scroll down to 3.6.1 Open SSH
--
And IF you want to open a can of worms and headaches...
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4823.pdf

--

Then once done with SSH, you have Apache to configure...

225

PHP / Re: Anti-Change Log

« on: January 22, 2025, 01:48:58 AM »

1. You just need to add the version number and nothing else.

2. For main php version (php switcher) modify the file:
/usr/local/cwpsrv/htdocs/resources/conf/el9/php_switcher/versions.ini

Tried, but didn't work. :/