Change compression type for Plesk backups

/in , , , , , , , /by

As a new feature,Plesk picked up zstd compression method for backups.If you want to create backup files with classic method you can edit the panel.ini file in two way

1. Go to Extensions ->Install and activate panel editor extension and open the editor in my extensions section

Select the editor and add these;

[pmm]
compressionMethod = deflate

2.Login to shell.Open /usr/local/psa/admin/conf/panel.ini file with your favorite editor like nano or vi.Add theses line to the appropriate place

[pmm]
compressionMethod = deflate

Note.You may already see [pmm] section.In this case you just add compressionMethod = deflate

below the [pmm] section.

PwnKit Local Privilege Escalation Vulnerability polkit’s pkexec (CVE-2021-4034)

/in , , , , , , , , , , , /by

A memory corruption vulnerability (CVE-2021-4034) in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by local unprivileged users to gain full root privileges.

PolKit vulnerability can give attackers root on many Linux distros (CVE-2021-4034)

https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

Patch for Ubuntu is Available

https://ubuntu.com/security/notices/USN-5252-1

If you don’t have any patch please remove suid bit from pxexec tool with this command

chmod 0755 /usr/bin/pkexec

Extending / resizing lvm disk to free space

/in , , , , , , , /by

When you use lvm and still have free space on a virtual or physical disk,you can extend your lvm partition to use all free space.

Firstly you should be sure it exists.

Type “vgdisplay” command in root shell.You should see some free space in “Free  PE Size”

After that you should type this command “lvextend -l +100%FREE /dev/volgroup/logvol

After it finishes type resize command according to your file system.

For XFS : xfs_growfs /dev/centos/logvol

For EXT4: resize2fs /dev/centos/logvol

Attention : “logvol” word represents your logical volume.You can see its name in vgdisplay command output.

Install and activate quota on Linux

/in , , , , , , , , /by

Install the quota tools on your server.(debian – ubuntu)

sudo apt install quota

Edit your fstab file under etc folder:

/dev/sda1 / ext4 usrquota,grpquota 0 0

and remount it to take effect immediately:

sudo mount -o remount / (or whereever you want to enable)

Enable quota.This command will create two files on file system like /aquota.user and /aquota.group :

sudo quotacheck -ugm /

Activate the quota

sudo quotaon -v /

 

 

 

Mount remote ftp to your server

/in , , , , , , , , /by

If you use debian or ubuntu,you should install the package first.

apt-get install curlftpfs

After the installation,create a folder where will you mount to.for example /mnt/rftp

sudo mkdir /mnt/rftp

curlftp’s format and its parameters are simple.for example,we have an ftp account like olriss and password: 123x4P at 192.168.1.199

in local server,mount remote ftp with using this command

curlftpfs olriss:123x4P@192.168.1.199 /mnt/rftp/

curlftps is similar to nfs tools so you can review the mounted ftp area in your mounted drive list.so check it with “mount -a” command.

after your work is finished,you can unmount it with similar way as nfs unmounting.You won’t need all parameters to unmount,You just unmount the folder like below,

umount /mnt/rftp

 

Extending lvm disk by adding space

/in , , , , , , , , , , /by

On Vmware Esx server,You can increase size of your virtual hard disk easily.If you use lvm for your guest os,you will need to add new virtual hard disk or just increase the size of your current disk.This guide will help you to extend size of the disk after you resize of your virtual disk by using vsphere

After increased the size on ESX ,In Linux Terminal;

rescanning the device.host id can change and it depents to your system.you must do that if you dont want to restart your guest;

echo “- – -” > /sys/class/scsi_host/host0/scan

see your disk and partitions;
fdisk -l

lets add new partitions.after you create the partition,you will need to set type of disk to 8e (LVM)
cfdisk /dev/sda (please note your new partition name sample :sda3

see your disk&partitions status again;
fdisk -l

check for available space;
df -h

scan for new partition
partprobe

create physical volume by using new partitions.(disk name may differ.)
pvcreate /dev/sda3

see your volume group and check and confirm
vgdisplay

extend your volume group
vgextend centos /dev/sda3

recheck;
pvscan

extend your logical volume with using the new part
lvextend /dev/centos/root /dev/sda3

in this point,last step may change according to your file system.if you use xfs ;
xfs_growfs /dev/centos/root

for ext4

resize2fs /dev/centos/root

finally see your new available space

df -h

Failed to load SELinux policy. Freezing. Centos 7

/in , , /by

If the Linux server fails on boot with a message like this,You should add a parameter in grub boot editor which appears on boot.

When your server opens kernel list will appear on your screen.You use the arrow keys a kernel line like “Centos Linux 7 (Core) with Linux….” and type “e” button to edit.

After that,find the line which starts with linux add “selinux=0” like this below and type Ctrl button+x.Your server will open normally.After your server boots,fix the main problem about selinux that you have previously changed

Prevent your server from bad bot attacks

/in , , , , , /by

We need some iptables rules and a file that includes ip addresses.These addresses are belong to bad bots

I use a shell script that reads ip addresses one by one from afile and block it by using iptables.

Firstly,You have to create a file.for example under root folder and it’s name is bad_bot.txt

nano /root/bad_bot.txt.Write it ip addresses that you want to block into this file.You can use my own list bad_bot.txt file

If you want it run at every system boot,please write it in rc.local file.

iptables -F

for x in $(cat /root/bad_bot.txt)
do
iptables -A INPUT -p tcp -s $x –dport 80 -j DROP
iptables -A INPUT -p tcp -s $x –dport 443 -j DROP
done

 

Fix Apache SSL vulnerabilites

/in , , , , , , , , , , , /by

For Centos Servers;

Please add these lines to the end of /etc/httpd/conf.d/ssl.conf file and restart httpd service

<IfModule mod_ssl.c>
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 -SSLv2 -SSLv3
</IfModule>
<IfModule mod_ssl.c>
#SSLCipherSuite HIGH:!aNULL:!MD5:!RC4-SHA:!RC4
#SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RS
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5::!RC4
</IfModule>

How to Install Maxmind module for Apache

/in , , , , , /by

We explain how to install maxmind apache module for geoip url filtering on Centos/Cloudlinux and Ubuntu/Debian Servers.

First install this module for Centos/Cloudlinux distro.You should install the maxmind library on your server first.After than you should install the apache extension tool (apxs) on your server too.If you don’t know how to install any software on your centos server,you can choose the easy way.I prepared a shell script which includes all requirement steps.These are below.This is the content of  “https://www.linux-destek.com/maxmind/maxmind.sh” file.Notice that it already has a compiled maxmind library which one is “.so” file.It work with newer version of Centos and Clodlinux.So you don’t have to compile it yourself.Choose is yours.

#!/bin/bash
yum -y install libmaxminddb.x86_64 libmaxminddb-devel.x86_64
wget https://www.linux-destek.com/maxmind/modmaxmind.tar.gz
tar zxvf modmaxmind.tar.gz
cd modmaxmind/
cp mod_maxminddb.so /usr/lib64/httpd/modules/
mkdir /usr/local/share/GeoIP/
cp GeoLite2-Country.mmdb /usr/local/share/GeoIP/
cp apache.conf /etc/httpd/conf.d/maxmind.conf
service httpd restart

For Centos / Cloudlinux Users download it by using wget into your server and run it.After it is downloaded.You should review the file’s content.It must be includes same lines above.

wget https://www.linux-destek.com/maxmind/maxmind.sh

Then run it as root.

/bin/bash maxmind.sh

That’s it.