All posts by 24x7serversecurity.com

WordPress Permalink code for Windows server

In IIS 7 , you can add below code in the Option “URL Rewrite” when you click on the domain, as the .htaccess will not work as it works for Linux servers:

 

===============

<rewrite>
    <rules>
        <rule name="Main Rule" stopProcessing="true">
 <match url=".*" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="index.php/{R:0}" />
        </rule>
    </rules>
</rewrite>

===============

Tweaks to prevent Spamming on cPanel server

24x7serversupport-cpanel

Setting in – Exim Configuration Manager
1. Login to WHM control panel by using root user
2. Goto Main >> Service Configuration >> Exim Configuration Manager
3. Enable RBL filtering by Basic Editor >> RBLs >> switch to – On and if you like you may additional RBL from manage option.
4. Sender Verification Callouts = ON
5. Sender Verification = ON
5. Reject SPF failures =ON
6. Then save all the configuration this will stop most of spams in the server.
Some setting in Tweak Setting
1. Login to WHM control panel by using root user
2. Goto Main >> Server Configuration >> Tweak Settings
3. Initial default/catch-all forwarder destination = Fail
4. Max hourly emails per domain = 200
5. Count mailman deliveries towards a domain

How to change outgoing mail server IP address in Linux PLESK

24x7serversupport-parallels
24x7serversupport-parallels

You can easily change the mail server ip address in cpanel by using /etc/mailips file. The same as in PLESK you can also change the outgoing mail server ip address by using “/var/qmail/control/smtproutes” file.
first check the domain name which is hosted on the server by using following file

1) cat /var/qmail/control/rcpthosts
domain1.com
domain2.com
domain3.com
domain4.com
domain5.com

2) By default the “/var/qmail/control/smtproutes” file is not present on PLESK server, you need to create it.

vi /var/qmail/control/smtproutes

3) Then add the new ip address in the following format.

domain1.com:111.222.333.444
domain2.com:111.222.333.444

4) Save the file and restart qmail

/etc/init.d/qmail restart

Replace the domain.com with your own domain name and the IP 111.222.333.444

How to Secure /tmp

This will cover securing /tmp /var/tmp and /dev/shm Secure /tmp:

Step 1: Backup your /etc/fstab file

Code:
cp /etc/fstab /etc/fstab.bak

Step 2: Make a 3GB file for /tmp parition and an ext3 filesystem for tmp:

Code:
dd if=/dev/zero of=/var/tempFS bs=1024 count=3072000 /sbin/mkfs.ext3 /var/tempFS *Change the count= to something higher if you need more space*

Step 3: Create a backup copy of your current /tmp drive:

Code:
cp -Rpf /tmp /tmpbackup

Step 4: Mount our new tmp parition and change permissions:

Code:
mount -o loop,noexec,nosuid,rw /var/tempFS /tmp chmod 1777 /tmp

Step 5: Copy the old data:

Code:
cp -Rpf /tmpbackup/* /tmp/ * If your /tmp was empty earlier, you might get this error : cp: cannot stat `/tmp.bak/*’: No such file or directory

Step 6: Edit /etc/fstab and add this:

Code:
nano -w /etc/fstab And ADD this line:

Code:
/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0

Step 7: Test your fstab entry:

Code:
mount -o remount /tmp

Step 8: Verify that your /tmp mount is working:

Code:
df -h Should look something like this:

Code:
/var/tempFS 962M 18M 896M 2% /tmp
Secure /var/tmp:

Step 1: Use /tmp as /var/tmp.
Code:
mv /var/tmp /var/vartmp ln -s /tmp /var/tmp

Step 2: Copy the old data back

Code:
cp /var/vartmp/* /tmp/ * If your /var/tmp was empty earlier, you might get this error : cp: cannot stat `/var/vartmp/*’: No such file or directory
Secure /dev/shm:

Step 1: Edit your /etc/fstab:

Code:
nano -w /etc/fstab Locate:

Code:
none /dev/shm tmpfs defaults,rw 0 0 Change it to:

Code:
none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0

Step 2: Remount /dev/shm:

Code:
mount -o remount /dev/shm
You should restart services that uses /tmp partition

How to install & configure OpenVPN on Centos 6

OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls.

Firstly, verify if VPN interface(tun0) is created using ifconfig command:

# ifconfig

Output should have “tun0” listed. And check the output of below command

# cat /dev/net/tun

Out should be as below
cat: /dev/net/tun: File descriptor in bad state

OpenVPN and it’s dependencies are not available in the CentOS default repositories. So, we should install the “EPEL” repository in order to install OpenVPN and its dependencies.

# wget ftp://ftp.rediris.es/volumes/sites/centos.org/6.6/extras/i386/Packages/epel-release-6-8.noarch.rpm
# rpm -Uvh epel-release-6-8.noarch.rpm

Install OpenVPN using yum

# yum install openvpn -y

Copy the configuration file to its destination:

# cp /usr/share/doc/openvpn-*/sample-config-files/server.conf /etc/openvpn
# vi /etc/openvpn/server.conf

Uncomment below line in the server.conf file:

push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS 8.8.8.8”
push “dhcp-option DNS 8.8.4.4”
user nobody
group nobody

Now we will have to generate Keys and Certificates Using easy-rsa, for that install easy-rsa using yum:

# yum install easy-rsa

The easy-rsa scripts are located by default in the /usr/share/easy-rsa/ directory. Make a directory /easy-rsa/keys inside the /etc/openvpn directory. Copy the scripts as given below:

# mkdir -p /etc/openvpn/easy-rsa/keys
# cp -ar /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

Now we will have to edit the “vars” file with required information:

# vi /etc/openvpn/easy-rsa/vars

Fill up the desired details at correct place. Don’t leave any of these fields blank.

export KEY_COUNTRY=”US”
export KEY_PROVINCE=”NY”
export KEY_CITY=”New York”
export KEY_ORG=”Organization Name”
export KEY_EMAIL=”[email protected]
export KEY_OU=server

Then follow below commands:

# cd /etc/openvpn/easy-rsa/
# cp openssl-1.0.0.cnf openssl.cnf
# source ./vars
# ./clean-all

Then, run the following command to generate CA certificate and CA key:

# ./build-ca

Keep pressing “Enter” for variables, when asked by build-key-server, answer yes to commit.

# ./build-key-server server

Enter the following command to generate DH parameter, and then copy below files to “/etc/openvpn”.

# ./build-dh
# cd /etc/openvpn/easy-rsa/keys
# cp dh2048.pem ca.crt server.crt server.key /etc/openvpn

The necessary keys and certificates are generated and placed at correct directory.
Now we are going to generate client certificate:

# cd /etc/openvpn/easy-rsa
# ./build-key client

You must copy all client certificates and keys to the remote VPN clients in order to authenticate to the VPN server. Below are the required files to be downloaded/copied:

ca.crt
client.crt
client.key

On Windows, the path for the files to be copied would be “C:\Program Files\OpenVPN\config”, which will come with “OpenVPN Community Edition binaries”.

On Mac OS X, the open source application “Tunnelblick” provides an interface similar to OpenVPN GUI on Windows, and comes prepackagd with OpenVPN and required TUN/TAP drivers. Here the destination folder for .ovpn configuration would be “~/Library/Application Support/Tunnelblick/Configurations”.

You will need to create an iptables rule to allow proper routing of our VPN subnet.

# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
# service iptables save

Then, enable IP Forwarding in sysctl:

vi /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 0   =========> change it to 1

Apply new settings and start the OpenVPN server:

# sysctl -p
# service openvpn start
# chkconfig openvpn on

With our certificates now on the client system, we will create another new file called client.ovpn, where “client” should match the name of the client being deployed (from build-key), the contents should be as follows, replacing “x.x.x.x” with your OpenVPN server’s IP address, and with the appropriate files pasted into the designated areas.

client
dev tun
proto udp
remote x.x.x.x 1194 #- your OPENVPN server IP and port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3

Make your vpn tunnel start upon boot (this will add the command to rc.local)

# echo openvpn /etc/openvpn/server.conf >> /etc/rc.d/rc.local
# openvpn /etc/openvpn/server.conf

Once done, reboot the server.

Further, you can create and assign new user to your VPN server:

To create a new user we type: (replace myuser with your username)
# useradd myuser -s /bin/false

To create the password we type
# passwd myuser

To Delete a user type
# userdel myuser

How to replace MySQL with MariaDB in cpanel

Backup existing MySQL data

Make sure to save all existing data just in case there are any issues.

cp -Rf /var/lib/mysql /var/lib/mysql-old
mv /etc/my.cnf /etc/my.cnf-old

Disable the targets so cPanel no longer handles MySQL updates

The following will mark the versions of MySQL we distribute as uninstalled so they are no longer maintained by cPanel/WHM

/scripts/update_local_rpm_versions –edit target_settings.MySQL50 uninstalled
/scripts/update_local_rpm_versions –edit target_settings.MySQL51 uninstalled
/scripts/update_local_rpm_versions –edit target_settings.MySQL55 uninstalled

Remove existing MySQL RPM’s so theres a clean slate for MariaDB

The below command will uninstall the MySQL RPM’s!

/scripts/check_cpanel_rpms –fix –targets=MySQL50,MySQL51,MySQL55

Create a yum repository for MariaDB

vi /etc/yum.repos.d/MariaDB.repo

place the following inside of it depending on the DISTRO (https://downloads.mariadb.org/mariadb/repositories/):

[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/5.5.29/centos6-amd64/
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

Remove php from the /etc/yum.conf file then run the following commands

yum install MariaDB-server MariaDB-client MariaDB-devel
/etc/init.d/mysql start
mysql_upgrade
/etc/init.d/mysql restart

Add php back to the /etc/yum.conf file to ensure future php updates don’t get clobbered

Rebuild easyapache/php to ensure modules are intact/working

/scripts/easyapache –build

 

How to install kloxo panel in centos

How to install kloxo panel in centos

Go to below path.

cd /usr/local/src

Use the wget Command to download latest version of Kloxo Auto Installer Script

wget http://download.lxcenter.org/download/kloxo/production/kloxo-installer.sh

Give proper permission.

chmod 777 kloxo-installer.sh

Install Kloxo control panel as Master.

./kloxo-installer.sh –type=master

Next follow the instructions. Once done you will get below message.

Congratulations. Kloxo has been installed succesfully on your server as master

You can connect to the server at:
https:/IP/:7777 – secure ssl connection, or
http:/IP/:7778 – normal one.

The login and password are ‘admin’ ‘admin’. After Logging in, you will have to
change your password to something more secure

We hope you will find managing your hosting with Kloxo
refreshingly pleasurable, and also we wish you all the success
on your hosting venture

Thanks for choosing Kloxo to manage your hosting, and allowing us to be of
service

 

Once you will get the above message then try accessing above link in browser. If still you are unable to access it then try adding port in iptables.

You can use one of the below command to enable port in iptables:

iptables -A INPUT -p tcp -m tcp –dport 7777:7778 -j ACCEPT

or

iptables -A INPUT -p tcp -m tcp –dport 7777 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 7778 -j ACCEPT

Once done restart the iptables.

/etc/init.d/iptables restart

 

CVE-2014-7169 BASH Shell Shock Vulnerability for Linux

What is CVE-2014-7169 / Shell Shock Vulnerability?

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.
NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
In short Shell Shock vulnerability allows remote attackers to execute arbitrary code given certain conditions, by passing strings of code following environment variable assignments.
The Shell Shock vulnerability is considered bigger than Heartbleed as it’s affecting all versions of bash and it’s still unclear from when and adding to that linux bash is not only running on linux webservers but other embedded devices as well such as Mac Laptops

Check if your server is affected

[email protected][#] env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for`x’
this is a test

If you get the above output then you are safe. But,  if you get the below output then you are affected.

[email protected][#] env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
vulnerable
this is a test

To fix it follow below steps:

For RedHat/CentOS/Fedora/RPM based OS:

Note:: This is a temporary fix released by Red Hat Security Team. The team is still working on a full fix which is expected to release soon.

[email protected][#] yum upgrade bash

For Ubuntu / Debian

apt-get update && sudo apt-get install –only-upgrade bash

 

Uninstall Cloudlinux from cpanel

Uninstall Cloudlinux from cpanel

wget -O cldeploy http://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy

sh cldeploy -c

Please, note that some of the packages from CloudLinux repo will still be present. They are same as CentOS packages, and don’t have to be removed. They will be updated in the future from CentOS repositories, as new versions come out.

You can use below steps further:

Check if your server is Cloudlinux installed in it using below command.

/usr/local/cpanel/bin/cloudlinux_system_install -c

Update your CentOS-provided RPMs

yum upgrade -y

Rebuild Apache

/usr/local/cpanel/scripts/easyapache –build

OR

/scripts/easyapache –build

Reinstall a non-CloudLinux kernel.

yum –disableexcludes=all install kernel

Remove CloudLinux Kernel

rpm -qa |awk ‘/^kernel.*lve/ {print $1|”xargs yum -y erase”}’

Reinstall any CloudLinux-provided RPMs that are also provided by CentOS

rpm -qa –qf “[%{VENDOR} %{NAME}n]“|awk ‘/CloudLinux/ {print $2|”xargs yum reinstall -y”}’

Downgrade any CloudLinux provided RPMs to the CentOS version

rpm -qa –qf “[%{VENDOR} %{NAME}n]“|awk ‘/CloudLinux/ {print $2|”xargs yum downgrade -y”}’

Remove any remaining CloudLinux specific RPMs

rpm -qa –qf “[%{VENDOR} %{NAME}n]“|awk ‘/CloudLinux/ {print $2|”xargs yum erase -y”}’

Upgrade any downgraded CentOS provided RPMs

yum upgrade -y

Reboot the server to use the new non-CloudLinux kernel

reboot

 

Install ImageMagick With PHP-imagick On Plesk Server

How to install ImageMagick With PHP-imagick On Plesk Server.

 

ImageMagick Installation

[[email protected] ~]# yum install ImageMagick

[[email protected] ~]# yum install ImageMagick-devel

PHP-imagick Installation

[[email protected] ~]# yum install gcc

[[email protected] ~]# yum install make automake

[[email protected] ~]# yum install php-pear

[[email protected] ~]# yum install php-devel

[[email protected] ~]# pecl install imagick

This will create a imagick.so file under [/usr/lib/php/modules/] for 32 Bit machine or [/usr/lib64/php/modules/imagick.so] for 64 Bit machine and you can enable it by adding the below entry in php.ini file
extension = “imagick.so”

or

echo “extension=imagick.so” > /etc/php.d/imagick.ini

Finally restart  httpd service for the changes to take effect .

[[email protected] ~]# /etc/init.d/httpd restart

 

You can verify  the installation of both the modules using the below commands ::

For ImageMagick

[[email protected] ~]# which convert
/usr/bin/convert

For PHP-imagick

[[email protected] ~]# php -m | grep imagick
imagick