Author Archive

« Older Entries

How to enable SuPHP support in Plesk

August 24th, 2010

As of Plesk 8.x, Parallel’s has yet to provide SuPHP support for Plesk. However it is possible to add this manually, however it does involve using a 3rd party repo and involves recompiling php. If you are running a VPS, you will need to check with your Hosting provider to see if this is something they can do for you or if you would be responsible for doing so.

And with that, let’s get to the good stuff!

1. In order to install SuPHP on the server, download and install the atomic script

# wget -q -O – http://www.atomicorp.com/installers/atomic | sh

2. Once the script is installed, install SuPHP module using yum

# yum install mod_suphp

3. The next step is to load the SuPHP module with Apache. The suphp installation automatically creates a “mod_suphp.conf” file under the Apache configuration directory, if not create it.

# vi /etc/httpd/conf.d/mod_suphp.conf

and insert the following lines:

#Load the Mod_SuPHP module
LoadModule suphp_module modules/mod_suphp.so

### Uncomment to activate mod_suphp
suPHP_AddHandler x-httpd-php
AddHandler x-httpd-php .php

#Enable the SuPHP engine
suPHP_Engine on

#Specify the path to the configuration directory
suPHP_ConfigPath /etc

Apache calls all the configuration files from the /etc/httpd/conf.d directory by default so there is no need to include the module in the httpd.conf file separately.

4. Now,  configuration file under /etc should be present (if not create it)

vi /etc/suphp.conf

copy/paste the following contents as it is:

[global]
logfile=/var/log/suphp.log
loglevel=info
webserver_user=apache
docroot=/var/www/vhosts
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false
errors_to_browser=false
umask=0022
min_uid=30
min_gid=30
x-httpd-php=”php:/usr/bin/php-cgi”
x-suphp-cgi=”execute:!self”

Make sure the “handle_userdir” directive is commented or removed from the file since it is deprecated from the latest version.

5. At the end, we have to restart the httpd service for all these changes to take effect

# service httpd restart

6. Test the SuPHP installation: Create a phpinfo.php file with 777 permission and it should show you an “Internal Server Error” on browsing.

No comments »

Posted in Technology Related

Setting up a new user account for root access.

July 7th, 2010

Let’s face it, giving out your root password to your Linux server isn’t very smart or security minded. Still there are many of us who provide our root user and before we know it, we’re either looking at a compromise or a permissions issue or worse. Though it doesn’t need to be this way. No… We can create a new user and give them root access or we can edit the abilities of this user.

How does one do this you ask? Simple. In this instance, we’ll setup a new user to have root access, but this works out as we can add the user to the sudoers file, meaning we know who we are giving access to. Heck, you may want to do this for your main user and disable the root user for security reasons, but that’s your call.

Any how, on to the fun stuff!

1. First we need to login to the server, so don’t disable the root user yet, and create a new user. For this example, I’ll make a new user called madtech. So we SSH into the server and type the following;

“useradd madtech”

2. Next we need to add a password for the user, to do this we need to type the following;

“passwd madtech”

It will then ask for us to enter the password and then again to confirm the password.

3. Now that we created the user, we need to edit the sudoers file. Take note we don’t want to edit this with or standard text editors.. no, thats bad. We need to use visudo. Visudo should already be installed on the server. So what we need to do now is goto the following line;

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
We need to add our new user to this file by typing;
madtech  ALL=(ALL)  ALL
And then we press CRTL+X and then Y to save the changes.
4. We’ve just added the user, so know when you log into the server with this new user you can type the following to sudo in and gain admin access;
“sudo -l” or “sudo su -”
This will give the suer root access for the logged in session. If you log out and back in, you need to sudo again.
*******Issues you may encounter*********
So you added the user but when you sudo in, you get the following error:
sudo: must be setuid root
This means there is an issue with the changes to the sudoers file and you need to fix it. But its an easy fix, so relax. All you need to do is log back into the server as the root user again and run the following commands;
“chown root:root /usr/bin/sudo”
“chmod 4111 /usr/bin/sudo”
Now logout as root and login as the new user and then sudo in.  You should now get the default sudo message like the one below or similar, depending on what the MOTD on the server is set to.
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.”

That’s it. Now you can disable that root user, if you choose to!

No comments »

Posted in Linux, Security

Tags:

How to disable Reverse DNS Lookups in Proftpd

July 7th, 2010

If you use cPanel, Plesk or any Linux control panel or Distro, you may notice that your Proftpd connection is either slow or takes some time before it becomes responsive. This is likely due to the Proftpd instance doing a Reverse DNS Lookup and it is having issues doing so. However it is possible to disable this option to help speed up the negotiation. This will not help with slow upload speeds if you have a slow upstream however, please make a note of this.

To disable the DNS Lookups you need to do the following;

1. Log into the server that is running Proftpd. You will need to do so by using SSH.

2. Once you have logged into the server you will now need to edit the Proftpd configuration file. This is called the Proftpd.conf file. You can simply type the following to do so;

“vi /etc/proftpd.conf”

Please note this is the default Proftpd configuration location. If your’s is in a different directory, you will need to adjust the command to your location. In this example we are using VI to make the changes. You are free to also use either Nano or Pico, which ever you feel comfortable using.

3. Once you are in the file, you will need to look for the following lines;

“IdentLookups on”
“UseReverseDNS on”

You will need to turn off the lookup by changing them to the following;

“IdentLookups off”
“UseReverseDNS off”

4. Once you make the changes, save the file. You will then need to restart the proftpd instance.

5. You then will need to restart Proftp. Take note, if you are using Plesk you will need to restart the xinetd service as Proftp runs under this service.

To restart in Plesk, type “service xinetd restart”

To restart in everything else, type /etc/init.d/proftpd restart or service proftpd restart

No comments »

Posted in FTP, Linux

Tags:

Sorry for the lack of articles lately

June 30th, 2010

Sorry gang, I’ve been really bogged down by RL issues and I haven’t really updated an articles as of lately. But worry not, I have an entire backlog or articles (100+) that I need to add to the site eventually.

No comments »

Posted in Technology Related

How to enable SFTP with Filezilla Server

June 30th, 2010

By default, Filezilla Server does not support FTP via SFTP. However if can use SSL / TLS, commonly referred to as FTPS .  It’s also a breeze to enable this in the Filezilla FTP Server Configuration. To do this, you simply have to do the following:

1.Access the Filezilla FTP server’s settings by going to Edit -> Settings.

2. Once in the Settings section, you will need to scroll down to the SSL / TLS settings section.

3.  Here you will need to check the “Enable FTP over SSL / TLS support (FTPS). Once you do this, the option to “Allow explicit FTP over TLS will be come available and Disallow plain unencrypted FTP” and “Force PROT P to encrypt file transfers in SSL/TLS mode. Be sure to check both.

4. Now you will need to click on the button “Generate new certificate..”. Once you do this, you will be presented with the following screen;

5. Be sure to check check either 1024 bit, 2048 bit or 4096 bit. Since this is a self signed SSL, you can choose 4096 bit.  Now you will need to fill out the rest of he required sections. Once you completed this, be sure to specify a valid location to save the key and certificate to. Once you have, click “Generate certificate”.

6. Filezilla server will now be setup to only use FTPS/FTPSE and will reject any FTP connections over port 21. Your new port will be 990. If you try to use conventional ftp to access the server, you may receive the error that you have to use explicit SSL / TLS before logging in.

7. You will now need to specify port 990 in order to log into the ftp server. Upon logging in, you will need to accept the SSL for the server now. You will have the option as well to always trust the certificate for future sessions.

You have now secured Filezilla FTP server for use with only a FTPS connection. If at any time you wish to remove the SSL from the connection, simply log back into the FTP server and goto the SSL / TLS settings section and uncheck the “Enable FTP over SSL / TLS support (FTPS)” option.

Join the forum discussion on this post

1 comment »

Posted in FTP, SSL / TLS

Tags: