odbc and php mssql support for cloudlinux

/in , , , /by

For your Cloudlinux or a different Redhat based server, add the appropriate version repo below to your server.

#RHEL 7 and Oracle Linux 7

#curl https://packages.microsoft.com/config/rhel/7/prod.repo | sudo tee /etc/yum.repos.d/mssql-release.repo

#RHEL 8 and Oracle Linux 8

# curl https://packages.microsoft.com/config/rhel/8/prod.repo | sudo tee /etc/yum.repos.d/mssql-release.repo

#RHEL9

# curl https://packages.microsoft.com/config/rhel/9/prod.repo | sudo tee /etc/yum.repos.d/mssql-release.repo

Delete any potentially conflicting packages from the system.

# yum remove unixODBC-utf16 unixODBC-utf16-devel

Install odbc package from Microsoft repo

ACCEPT_EULA=Y yum install -y msodbcsql17 unixODBC-devel

Go to the PHP selector settings of the hosting where you will connect to Microsoft SQL Server with your PHP codes and activate the pdo, pdo_odbc, pdo_sqlsrv, sqlsrv plugins and optionally the pdo_dblib plugin.

 

You need to include the package you installed for Cloudlinux OS in the cagefs structure. This will not be necessary on other RH-based systems…

# cagefsctl –addrpm unixODBC

# cagefsctl –force-update

Then test your connection with a test script.

Sample Code

 

<?php

    $server = "";
    $database = "";
    $kullaniciadi = "";
    $sifre = "";
    $Karakter = "utf-8";
    $Port = "1433";


    try
    {
      
        $db = new PDO("sqlsrv:Server=$server;Database=$database;", "$kullaniciadi", "$sifre");
        //$db = odbc_connect("Driver={SQL Server};Server=$server,$Port;Database=$database;",  $kullaniciadi, $sifre);
 
        
        if ($db)
    	    echo "success"; 

   }
    catch (Exception $e)
    {
        //Eğer bağlantı sırasında bir hata oluşursa ekrana oluşan hata bastırılacaktır.
        echo $e->getMessage();
    }
     exit;

?>

 

 

Change compression type for Plesk backups

/in , , , , , , , /by

As a new feature,Plesk picked up zstd compression method for backups.If you want to create backup files with classic method you can edit the panel.ini file in two way

1. Go to Extensions ->Install and activate panel editor extension and open the editor in my extensions section

Select the editor and add these;

[pmm]
compressionMethod = deflate

2.Login to shell.Open /usr/local/psa/admin/conf/panel.ini file with your favorite editor like nano or vi.Add theses line to the appropriate place

[pmm]
compressionMethod = deflate

Note.You may already see [pmm] section.In this case you just add compressionMethod = deflate

below the [pmm] section.

PwnKit Local Privilege Escalation Vulnerability polkit’s pkexec (CVE-2021-4034)

/in , , , , , , , , , , , /by

A memory corruption vulnerability (CVE-2021-4034) in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by local unprivileged users to gain full root privileges.

PolKit vulnerability can give attackers root on many Linux distros (CVE-2021-4034)

https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

Patch for Ubuntu is Available

https://ubuntu.com/security/notices/USN-5252-1

If you don’t have any patch please remove suid bit from pxexec tool with this command

chmod 0755 /usr/bin/pkexec

Extending / resizing lvm disk to free space

/in , , , , , , , /by

When you use lvm and still have free space on a virtual or physical disk,you can extend your lvm partition to use all free space.

Firstly you should be sure it exists.

Type “vgdisplay” command in root shell.You should see some free space in “Free  PE Size”

After that you should type this command “lvextend -l +100%FREE /dev/volgroup/logvol

After it finishes type resize command according to your file system.

For XFS : xfs_growfs /dev/centos/logvol

For EXT4: resize2fs /dev/centos/logvol

Attention : “logvol” word represents your logical volume.You can see its name in vgdisplay command output.

Install and activate quota on Linux

/in , , , , , , , , /by

Install the quota tools on your server.(debian – ubuntu)

sudo apt install quota

Edit your fstab file under etc folder:

/dev/sda1 / ext4 usrquota,grpquota 0 0

and remount it to take effect immediately:

sudo mount -o remount / (or whereever you want to enable)

Enable quota.This command will create two files on file system like /aquota.user and /aquota.group :

sudo quotacheck -ugm /

Activate the quota

sudo quotaon -v /

 

 

 

Mount remote ftp to your server

/in , , , , , , , , /by

If you use debian or ubuntu,you should install the package first.

apt-get install curlftpfs

After the installation,create a folder where will you mount to.for example /mnt/rftp

sudo mkdir /mnt/rftp

curlftp’s format and its parameters are simple.for example,we have an ftp account like olriss and password: 123x4P at 192.168.1.199

in local server,mount remote ftp with using this command

curlftpfs olriss:123x4P@192.168.1.199 /mnt/rftp/

curlftps is similar to nfs tools so you can review the mounted ftp area in your mounted drive list.so check it with “mount -a” command.

after your work is finished,you can unmount it with similar way as nfs unmounting.You won’t need all parameters to unmount,You just unmount the folder like below,

umount /mnt/rftp

 

Extending lvm disk by adding space

/in , , , , , , , , , , /by

On Vmware Esx server,You can increase size of your virtual hard disk easily.If you use lvm for your guest os,you will need to add new virtual hard disk or just increase the size of your current disk.This guide will help you to extend size of the disk after you resize of your virtual disk by using vsphere

After increased the size on ESX ,In Linux Terminal;

rescanning the device.host id can change and it depents to your system.you must do that if you dont want to restart your guest;

echo “- – -” > /sys/class/scsi_host/host0/scan

see your disk and partitions;
fdisk -l

lets add new partitions.after you create the partition,you will need to set type of disk to 8e (LVM)
cfdisk /dev/sda (please note your new partition name sample :sda3

see your disk&partitions status again;
fdisk -l

check for available space;
df -h

scan for new partition
partprobe

create physical volume by using new partitions.(disk name may differ.)
pvcreate /dev/sda3

see your volume group and check and confirm
vgdisplay

extend your volume group
vgextend centos /dev/sda3

recheck;
pvscan

extend your logical volume with using the new part
lvextend /dev/centos/root /dev/sda3

in this point,last step may change according to your file system.if you use xfs ;
xfs_growfs /dev/centos/root

for ext4

resize2fs /dev/centos/root

finally see your new available space

df -h

Failed to load SELinux policy. Freezing. Centos 7

/in , , /by

If the Linux server fails on boot with a message like this,You should add a parameter in grub boot editor which appears on boot.

When your server opens kernel list will appear on your screen.You use the arrow keys a kernel line like “Centos Linux 7 (Core) with Linux….” and type “e” button to edit.

After that,find the line which starts with linux add “selinux=0” like this below and type Ctrl button+x.Your server will open normally.After your server boots,fix the main problem about selinux that you have previously changed

Prevent your server from bad bot attacks

/in , , , , , /by

We need some iptables rules and a file that includes ip addresses.These addresses are belong to bad bots

I use a shell script that reads ip addresses one by one from afile and block it by using iptables.

Firstly,You have to create a file.for example under root folder and it’s name is bad_bot.txt

nano /root/bad_bot.txt.Write it ip addresses that you want to block into this file.You can use my own list bad_bot.txt file

If you want it run at every system boot,please write it in rc.local file.

iptables -F

for x in $(cat /root/bad_bot.txt)
do
iptables -A INPUT -p tcp -s $x –dport 80 -j DROP
iptables -A INPUT -p tcp -s $x –dport 443 -j DROP
done

 

Fix Apache SSL vulnerabilites

/in , , , , , , , , , , , /by

For Centos Servers;

Please add these lines to the end of /etc/httpd/conf.d/ssl.conf file and restart httpd service

<IfModule mod_ssl.c>
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 -SSLv2 -SSLv3
</IfModule>
<IfModule mod_ssl.c>
#SSLCipherSuite HIGH:!aNULL:!MD5:!RC4-SHA:!RC4
#SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RS
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5::!RC4
</IfModule>