Category: Linux

  • VestaCP Zero-day exploit

    VestaCP Zero-day exploit

    On 07 April 2018, many servers using VestaCP got hacked. Hacker was able to get root acceess on these servers.

    VestaCP Free Hosting Control Panel

    Hacker installed some trojan software known as Chinese Chicken that is used to DDoS other servers.

    To see if your server is hacked, check if file /etc/cron.hourly/gcc.sh is present in your server.

    ls -l  /etc/cron.hourly/gcc.sh

    You can read more about this DDoS Trojan at

    https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/

    If you are running VestaCP, stop it until a solution for this exploit is released.

    service vesta stop
systemctl stop vesta

    You can find discussion on this exploit on VestaCP form

    https://forum.vestacp.com/viewtopic.php?f=10&t=16556

    Once server is rooted, it is better to take backup of all your data and restore OS.

  • Create user in PostgreSQL

    Method 1

    To create user, become user “postgres” with

    su - postgres

    now run

    createuser USER_NAME

    Method 2

    You can run following commands in psql prompt

    CREATE USER USER_NAME_HERE WITH PASSWORD 'PASSWORD_HERE';
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO USER_NAME_HERE;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO USER_NAME_HERE;
GRANT USAGE ON SCHEMA public TO USER_NAME_HERE;

    https://www.postgresql.org/docs/8.0/static/sql-createuser.html

    PostgreSQL

  • SUSE Linux Enterprise Server

    SUSE Linux Enterprise Server

    SUSE Linux Enterprise Server is a commercial linux distribution available at

    https://www.suse.com/products/server/

    To find version, run

    cat /etc/*release

    Example

    # cat /etc/*release
SUSE Linux Enterprise Server 12 (x86_64)
VERSION = 12
PATCHLEVEL = 3
# This file is deprecated and will be removed in a future service pack or release.
# Please check /etc/os-release for details about this release.
NAME="SLES"
VERSION="12-SP3"
VERSION_ID="12.3"
PRETTY_NAME="SUSE Linux Enterprise Server 12 SP3"
ID="sles"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:12:sp3"
#

    SUSE Linux use yast package manager.

    Installing Software on SUSE Linux

    To install software, you can use yast or zypper.

    yast is a GUI based software. zypper is command line tool like apt/yum/dnf etc..

  • Install MongoDB in Ubuntu

    To install MongoDB in Ubuntu/Debian, run

    apt install mongodb

    Configuration file for MongoDB is 

    /etc/mongodb.conf

    To see status of MongoDB, run

    systemctl status mongodb

    To start/stop

    systemctl start mongodb
systemctl stop mongodb

    Create a User

    mongo
use admin
db.createUser({user: "root", pwd: "serverok123", roles:["root"]})

    Now you need to enable authentication, this can be done by editing /etc/mongodb.conf

    vi /etc/mongodb.conf

    Uncomment the line

    auth = true

    Restart MongoDB

    systemctl restart mongodb

    Now you can login with

    mongo -u  "root" -p "serverok123" --authenticationDatabase "admin"

    To verify all works, run some command, for example

    show dbs

    On Ubuntu 18.04, default MongoDB version is 

    ubuntu@ip-172-31-8-76:~$ mongo -u  "root" -p "serverok123" --authenticationDatabase "admin"
MongoDB shell version v3.6.3
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.6.3
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
	http://docs.mongodb.org/
Questions? Try the support group
	http://groups.google.com/group/mongodb-user
Server has startup warnings: 
2018-12-22T17:06:15.171+0000 I STORAGE  [initandlisten] 
2018-12-22T17:06:15.171+0000 I STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2018-12-22T17:06:15.171+0000 I STORAGE  [initandlisten] **          See http://dochub.mongodb.org/core/prodnotes-filesystem
> db.version()
3.6.3
>

    MongoDB

  • Zimbra Generate DKIM Key

    To generate DKIM key in Zimbra Mail server, login as user zimbra

    su - zimbra

    Now run

    /opt/zimbra/libexec/zmdkimkeyutil -a -d DOMAIN_NAME

    Example

    zimbra@mail:~$ /opt/zimbra/libexec/zmdkimkeyutil -a -d serverok.in
DKIM Data added to LDAP for domain serverok.in with selector 1F6B0E4C-3AA1-11E8-9B49-B0D65E0AC318
Public signature to enter into DNS:
1F6B0E4C-3AA1-11E8-9B49-B0D65E0AC318._domainkey IN  TXT ( "v=DKIM1; k=rsa; "
      "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA354ZukWI34mIZKFM/IsKnUO6fnwhF8PLpgb2NOl687yzlxk1HYwlM7lyS9T4blAWlbOEzkdT1lLpNJRzEImrlkFzmzXaBWPSMEoJQVQgTfir6OoXoCUtwuLmPqwEftb2Th+/9Wmkh3PTc3o+x7/4kV0QMCTnJVXIFSHAfNREG8mGNPgij/iXHwbpVEi2P0UzmI/882TCEJXBry"
      "nKB4g5HtiOx1WUNtsKTEAyA9/5vZqsqa1RupHLOxwqyrTcNA9IL/iadOG3Q4PCXN788pQNCzpCyUQn6OQwFDy7/S345NGygd51F93NIZGmj01qWYq8VpFiNKnAOWTX9UiW27hA/QIDAQAB" )  ; ----- DKIM key 1F6B0E4C-3AA1-11E8-9B49-B0D65E0AC318 for serverok.in
zimbra@mail:~$

    Retrieve the DKIM Key

    Use the following command to display the DKIM key for the specified domain.

    /opt/zimbra/libexec/zmdkimkeyutil -q -d YOUR_DOMAIN_HERE

    Zimbra

  • Install MATE Desktop in Ubuntu

    Add PPA repo with command

    apt-add-repository ppa:ubuntu-mate-dev/xenial-mate

    To install MATE run

    apt-get update
apt-get install mate

    This install was done on remote VPS with x2go server. Once install is over, i am able to connect to remote desktop using x2go client.

    x2go

  • Install GeoIP PHP Module in Ubuntu

    To install GeoIP php module in Ubuntu, run

    apt install php-geoip

    To enable module, run

    phpenmod geoip

    You can see the PHP module with command php -m

    root@ip-172-31-26-233:~# php -m | grep geoip
geoip
root@ip-172-31-26-233:~#

    Also it will be listed in phpinfo page.

    geoip

  • xfs

    xfs is default file system for RHEL 7.

    To format a partition in xfs format, run

    mkfs.xfs /dev/sdXX

    Example

    [root@ssd ~]# mkfs.xfs /dev/sdc1
meta-data=/dev/sdc1              isize=512    agcount=6, agsize=268435455 blks
         =                       sectsz=4096  attr=2, projid32bit=1
         =                       crc=1        finobt=0, sparse=0
data     =                       bsize=4096   blocks=1464843520, imaxpct=5
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=1
log      =internal log           bsize=4096   blocks=521728, version=2
         =                       sectsz=4096  sunit=1 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
[root@ssd ~]#

    Failed to mount /sysroot XFS Boot failure
    fs

  • fcgi

    mod_fcgid: HTTP request exceeds MaxRequestLen

  • mod_fcgid: HTTP request exceeds MaxRequestLen

    On a ISPConfig server with PHP running in FCGI Mode, i get following error in error_log when upload images from WordPress admin area.

    [Tue Apr 03 13:45:11 2018] [warn] [client 112.133.237.47] mod_fcgid: HTTP request length 139264 (so far) exceeds MaxRequestLen (131072), referer: https://www.url.com/wp-admin/media-new.php

    ISPConfig store error log for site in “log” directory in parent folder of document root. In this case, it was

    /var/www/clients/client0/web1/log/error.log

    To fix the error add 

    FcgidMaxRequestLen 1073741824

    to fcgi.conf

    On Ubuntu/Debian, you file location is 

    vi /etc/apache2/mods-available/fcgid.conf

    On CentOS/RHEL

    vi /etc/httpd/conf.d/fcgid.conf

  • Plesk

    Plesk is a powerful web hosting control panel that allows you to easily manage your websites, domains, and email accounts. It is a user-friendly platform that simplifies the process of managing your online presence, making it accessible to users of all skill levels.

    Install

    General

    Plesk Upgrade

    Plesk Server Configuration

    Plesk CLI

    MySQL upgrade

    Plesk Errors

    Plesk Port

    https://IP_ADDR:8443
http://IP_ADDR:8880

    Plesk Paths

    /opt/plesk/php/7.0/bin/php

    See Hosting Control Panel

  • veeam

    veeam is a backup software

    https://www.veeam.com

    On a CentOS server, it install following packages

    [root@67 ~]# rpm -qa | grep veeam
kmod-veeamsnap-2.0.0.400-1.el6.x86_64
veeam-2.0.0.400-1.el6.x86_64
veeam-release-el6-1.0-1.x86_64
[root@67 ~]#

    It have a ncurses based GUI, that you can start with command

    veeam

    Home page shows backup logs, you can press enter to see the log.

    You can set backup server configurations by pressing C

    You can mount backups through the menu.

    Backup now mounted in /mnt/backup

    [root@67 ~]# mount 
/dev/sda3 on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
/dev/sdb1 on /data type ext4 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
veeamagent on /mnt/backup/{decdcc23-4343-4ca6-a1e4-58a124518b48}/disks type fuse.veeamagent (rw,nosuid,nodev)
[root@67 ~]# cd /mnt/backup/
[root@67 backup]# ls -la

total 142
dr-xr-xr-x.  27 root root  4096 Mar 29 10:01 .
drwxr-xr-x.   3 root root  4096 Mar 30 00:08 ..
-rw-r--r--    1 root root     0 Mar 21 07:13 .autofsck
-rw-r--r--    1 root root     0 Mar 21 07:13 .autorelabel
drwxr-xr-x    2 root root  4096 Mar 29 09:50 backup
dr-xr-xr-x.   2 root root  4096 Mar 29 03:12 bin
dr-xr-xr-x.   5 root root  1024 Mar 29 10:01 boot
drwxr-xr-x.   2 root root  4096 Oct  3 21:52 cgroup
drwxr-xr-x.   3 root root  4096 Mar 29 10:03 data
drwxr-xr-x.   2 root root  4096 Mar 21 07:03 dev
drwxr-xr-x. 111 root root 12288 Mar 29 09:39 etc
drwxr-xr-x.   2 root root  4096 Sep 23  2011 home
dr-xr-xr-x.  11 root root  4096 Mar 28 05:12 lib
dr-xr-xr-x.  10 root root 12288 Mar 29 03:12 lib64
drwx------.   2 root root 16384 Mar 21 07:02 lost+found
drwxr-xr-x.   2 root root  4096 Sep 23  2011 media
drwxr-xr-x.   2 root root  4096 Feb 21  2013 misc
drwxr-xr-x.   2 root root  4096 Sep 23  2011 mnt
drwxr-xr-x.   2 root root  4096 Feb 21  2013 net
drwxr-xr-x.   3 root root  4096 Mar 21 07:09 opt
drwxr-xr-x.   2 root root  4096 Mar 21 07:03 proc
-rw-r--r--    1 root root     0 Mar 21 08:59 .readahead_collect
dr-xr-x---.   5 root root  4096 Mar 29 09:39 root
dr-xr-xr-x.   2 root root 12288 Mar 29 03:12 sbin
drwxr-xr-x.   2 root root  4096 Mar 21 07:04 selinux
drwxr-xr-x.   2 root root  4096 Sep 23  2011 srv
drwxr-xr-x.   2 root root  4096 Mar 21 07:03 sys
drwxrwxrwt.  13 root root  4096 Mar 29 10:00 tmp
drwxr-xr-x.  14 root root  4096 Mar 29 09:20 usr
drwxr-xr-x.  22 root root  4096 Mar 29 09:39 var
[root@67 backup]#

    Backup