Centos /Cloudlinux 7 error restarting a systemd service

/in /by

Unable to register authentication agent

** (pkttyagent:478736): WARNING **: 18:16:34.777: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)

# groupadd -g 23 nohidproc
# usermod -a -G nohidproc polkitd
# mount -o remount,rw,hidepid=2,gid=nohidproc /proc
# systemctl restart polkit

 

 

nano /etc/fstab
# comment the following line :
from : proc /proc proc defaults,hidepid=2 0 0
to : # proc /proc proc defaults,hidepid=2 0 0
# add the following line
proc /proc proc defaults,hidepid=2,gid=nohidproc 0 0

Add MX Record with Custom Priority for Plesk

/in /by 
/sbin/plesk bin dns -a abc.com -mx "" -mailexchanger mail.abc.com -priority 1

List access or error log files with their sizes plesk hosting servers

/in , , , , , , /by

List all access log files;

find /var/www/vhosts/*/logs/error_log -exec ls -la {} \; | awk '{print $5 " " $9}' | sort -n

List all error log files;

find /var/www/vhosts/*/logs/access_log -exec ls -la {} \; | awk '{print $5 " " $9}' | sort -n

For access logs,there are also other access log files in that directory.For example,access_ssl_log,access_ssl_log.processed and more.So to list all files that starts with access,use wildcards like;

find /var/www/vhosts/*/logs/access* -exec ls -la {} \; | awk '{print $5 " " $9}' | sort -n

Unable to change hosting php version in php selector for Cloudlinux

/in , , , , , , /by

In this case,problem is file permissions for php.ini file related that you want to switch php version.

Login to shell and change the group owner of related file.Sample command is for php 7.4

chgrp linksafe /opt/alt/php74/etc/php.ini

Change compression type for Plesk backups

/in , , , , , , , /by

As a new feature,Plesk picked up zstd compression method for backups.If you want to create backup files with classic method you can edit the panel.ini file in two way

1. Go to Extensions ->Install and activate panel editor extension and open the editor in my extensions section

Select the editor and add these;

[pmm]
compressionMethod = deflate

2.Login to shell.Open /usr/local/psa/admin/conf/panel.ini file with your favorite editor like nano or vi.Add theses line to the appropriate place

[pmm]
compressionMethod = deflate

Note.You may already see [pmm] section.In this case you just add compressionMethod = deflate

below the [pmm] section.

Most Used Linux Commands For File Compression

/in , , , /by

Gzip

Compress a file with gzip

$ gzip filename

Compress and keep the original file

$ gzip -c file > file.gz

Compress all files in a folder

$ gzip -r foldername

Tar.gz

$ tar -czvf filename.tar.gz directory

ZSTD Compression

Install first the package,

$ sudo apt install zstd (Debian/Ubuntu)

$ dnf install zstd (Centos,AlmaLinux,Fedora,Redhat)

Usage:

to compress a file :

zstd example.txt

Using with tar:

tar --zstd example.tar.zst example/

ZSTD Uncompression

tar --use-compress-program=unzstd -xvf archive.tar.zst

 

PwnKit Local Privilege Escalation Vulnerability polkit’s pkexec (CVE-2021-4034)

/in , , , , , , , , , , , /by

A memory corruption vulnerability (CVE-2021-4034) in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by local unprivileged users to gain full root privileges.

PolKit vulnerability can give attackers root on many Linux distros (CVE-2021-4034)

https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

Patch for Ubuntu is Available

https://ubuntu.com/security/notices/USN-5252-1

If you don’t have any patch please remove suid bit from pxexec tool with this command

chmod 0755 /usr/bin/pkexec

Cloudlinux Setting Global Php Directives

/in , , , , /by

When you want to apply one or more php directives like disable_functions,datetime.zone or something else to all your customers websites,you should write these to /etc/cl.selector/global_php.ini file.After you write your directives enter this command to apply

selectorctl –apply-global-php-ini

/usr/sbin/cagefsctl –setup-cl-selector

You can see the example below.

; This file provides global settings for php.ini of all alt-php packages
; The structure of this file:
; option = value
; To confirm changes (not affecting “date.timezone” and “error_log” options) please run:
; /usr/sbin/cagefsctl –setup-cl-selector
; To confirm changes (including “date.timezone” and “error_log” options) please run:
; /usr/bin/selectorctl –apply-global-php-ini
; or
; /usr/sbin/cagefsctl –apply-global-php-ini
; If you don’t want to change error_log, but want to change date.timezone, you can execute
; selectorctl –apply-global-php-ini date.timezone
; Similarly, command
; selectorctl –apply-global-php-ini error_log
; applies error_log and all other options specified in /etc/cl.selector/global_php.ini file, except date.timezone.
; So, you can specify 0, 1 or 2 parameters from the list: error_log, date.timezone
; using –apply-global-php-ini without arguments applies all global php options including two above
; Example:
; selectorctl –apply-global-php-ini error_log
; selectorctl –apply-global-php-ini date.timezone
; selectorctl –apply-global-php-ini date.timezone error_log
; The latter command has the same effect as /usr/bin/selectorctl –apply-global-php-ini
[Global PHP Settings] disable_functions = mail,system, dl, array_compare, array_user_key_compare, passthru, cat, exec, popen, proc_close, proc_get_status, proc_nice, proc_open,escapeshellcmd,escapeshellarg, show_source,posix_mkfifo, ini_restore, mysql_list_dbs, get_current_user, getmyuid,pconnect, link, symlink, fin, fileread, shell_exec, pcntl_exec, leak, apache_child_terminate,chown, posix_kill, posix_setpgid, posix_setsid, posix_setuid, proc_terminate, syslog, fpassthru, execute, shell, chgrp, passthru, socket_select,socket_create, socket_create_listen, socket_create_pair, socket_listen, socket_accept, socket_bind, socket_strerror, pcntl_fork, pcntl_signal, pcntl_waitpid,pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, openlog, apache_get_modules, apache_get_version,apache_getenv, apache_note, apache_setenv, virtual, eval, allow_url_fopen, pconnect, p_connect,posix_getpwuid,fileowner,symlink,readlink,stream_select,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority

Extending / resizing lvm disk to free space

/in , , , , , , , /by

When you use lvm and still have free space on a virtual or physical disk,you can extend your lvm partition to use all free space.

Firstly you should be sure it exists.

Type “vgdisplay” command in root shell.You should see some free space in “Free  PE Size”

After that you should type this command “lvextend -l +100%FREE /dev/volgroup/logvol

After it finishes type resize command according to your file system.

For XFS : xfs_growfs /dev/centos/logvol

For EXT4: resize2fs /dev/centos/logvol

Attention : “logvol” word represents your logical volume.You can see its name in vgdisplay command output.