MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: neo76 on 2017-03-23, 13:29:27
-
Hy,
Today complecley reinstall centos 6.8 and install kloxo from this instruction
https://github.com/mustafaramadhan/kloxo/blob/dev/how-to-install.txt (i not installed first time..)
but after all cleanup and reboot not work kloxo panel!
Installed in local pc (point due to the sharp admit this is a server upgrade)
http://192.168.1.20:7778
but after that I do not dare any more to upgrade/update
-
What's happen if you run 'sh /script/restart-all'?.
-
Of all the possible sh /script variant i did it..
by then already I tried to install an older version in February
-
Are install Kloxo-MR in your local network (192.168.1.20 is local network) only?.
-
no if need for u send all data in Pm.
ip or and hostname and root passwd
if need i install fresh centos 6.8 (In order to have a clean dairy system)
-
# sh /script/sysinfo
A. Control Panel:
- Kloxo-MR: 7.0.0.c-2017032001
- Web: hiawatha-10.5.0-f.2.mr.el6.x86_64
- PHP: php56s-5.6.30-1.ius.centos6 (fpm mode)
B. Plateform:
- OS: CentOS release 6.8 (Final) x86_64
C. Services:
1. MySQL: MariaDB-server-10.0.30-1.el6.x86_64
2. PHP:
- Installed:
- Branch: php56u-cli-5.6.30-1.ius.centos6.x86_64
- Used: --PHP Branch--
- Multiple: disable
3. Web Used: apache
- Hiawatha: hiawatha-10.5.0-f.2.mr.el6.x86_64
- Lighttpd: lighttpd-1.4.45-1.el6.x86_64
- Nginx: nginx-1.11.11-1.el6.ngx.x86_64
- Apache: httpd24u-2.4.25-3.ius.centos6.x86_64
- PHP Type: php-fpm_event (default)
- Secondary PHP: off
4. WebCache: none
- ATS: --uninstalled--
- Squid: --uninstalled--
- Varnish: --uninstalled--
5. Dns: bind
- Bind: bind-9.9.9-1.mr.el6.x86_64
- DJBDns: --uninstalled--
- NSD: --uninstalled--
- PowerDNS: --uninstalled--
- Yadifa: --uninstalled--
6. Mail: qmail-toaster-1.03-1.3.55.mr.el6.x86_64
- pop3/imap4: courier-imap-toaster-4.1.2-1.3.20.mr.el6.x86_64
- smtp: qmail-toaster-1.03-1.3.55.mr.el6.x86_64
- spam: bogofilter-1.2.4-1.el6.x86_64
7. Stats: awstats
-
No weird info from sysinfo and then no reason you can't login to panel.
Yes, some vps provider have a new policy where only ssh port opened at default. Need open other port s in their panel.
-
this is no vps :) and curent all port is open for 192.168.1.20 ip (server ip added DMZ in router)
but this pc before used kloxo and working perfect added domain and subdomains , but yesterday i updated kloxo and after dead all!
Now you do not want a barrier combination gives kloxo work / start (apsolutley fresh install)
Possible downgrade? if yes how to?
Install a completely clean CentOS 6.8? You want to see? I send a private message to bring all contact information.. (ip/rootpwd)?
-
Inform here what's you see for 'sh /script/restart-all'.
-
i send pm..
system installed now pure centos 6.8 and only yum update -y
-
Didn't receipt your PM.
-
will not you give your private messages?
-
Did you click 'Personal Message' icon in my profile?. Or click 'Email'?.
-
ooh sorry :) klicked Email icon
-
but I also sent a private message to ssh access data
-
This problem already solved!
soon making him a description for those who will run into this problem! :)
Thanx for your all help Mustafa!
-
No more investigate. Maybe related to iptables. Using 'chkconfig iptables off; chkconfig --del iptables' is not enough. Need 'mv -f /etc/sysconfig/iptables /etc/sysconfig/iptables.kloxosave' to make sure no 'auto-restart' for iptables.
-
Firewall need and good but only to be given config..
I'll explain what to do if you else runs into this problem after clean installation
Develop a customized way to protect well-functioning
Stop iptables service:
/etc/init.d/iptables stop
Disable iptables service:
chkconfig iptables off
Copy this code to /etc/init.d/firewall
vi /etc/init.d/firewall
paste edited content: *(i recomanded before change in kloxo default ports... ssh/kloxo and edited their own unique ports paste)
#!/bin/sh
# firewall
# chkconfig: 3 21 91
# description: Starts, stops iptables firewall
case "$1" in
start)
# Clear rules
iptables -t filter -F
iptables -t filter -X
echo - Clear rules : [OK]
# SSH In
iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
echo - SSH : [OK]
# Don't break established connections
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
echo - established connections : [OK]
# Block all connections by default
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT DROP
echo - Block all connections : [OK]
# SYN-Flood Protection
iptables -N syn-flood
iptables -A syn-flood -m limit --limit 10/second --limit-burst 50 -j RETURN
iptables -A syn-flood -j LOG --log-prefix "SYN FLOOD: "
iptables -A syn-flood -j DROP
echo - SYN-Flood Protection : [OK]
# Loopback
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT
echo - Loopback : [OK]
# ICMP (Ping)
iptables -t filter -A INPUT -p icmp -j ACCEPT
iptables -t filter -A OUTPUT -p icmp -j ACCEPT
echo - PING : [OK]
# DNS In/Out
iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
echo - DNS : [OK]
# NTP Out
iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT
echo - NTP : [OK]
# WHOIS Out
iptables -t filter -A OUTPUT -p tcp --dport 43 -j ACCEPT
echo - WHOIS : [OK]
# FTP Out
iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 45000:65000 -j ACCEPT
# FTP In
iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 45000:65000 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
echo - FTP : [OK]
# HTTP + HTTPS Out
iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
# HTTP + HTTPS In
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
echo - HTTP/HTTPS : [OK]
# Mail SMTP:25
iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
echo - SMTP : [OK]
# Mail SMTP:465
iptables -t filter -A INPUT -p tcp --dport 465 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 465 -j ACCEPT
echo - SMTP : [OK]
# Mail SMTP:587
iptables -t filter -A INPUT -p tcp --dport 587 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 587 -j ACCEPT
echo - SMTP : [OK]
# Mail POP3:110
iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT
echo - POP : [OK]
# Mail IMAP:143
iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT
echo - IMAP : [OK]
# Kloxo
iptables -t filter -A INPUT -p tcp --dport 7777:7778 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 7777:7778 -j ACCEPT
echo - Kloxo : [OK]
echo - Firewall [OK]
exit 0
;;
stop)
echo "Stopping Firewall... "
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t filter -F
echo "Firewall Stopped!"
exit 0
;;
restart)
/etc/init.d/firewall stop
/etc/init.d/firewall start
;;
*)
echo "Usage: /etc/init.d/firewall {start|stop|restart}"
exit 1
;;
esac
:wq
After:
chmod 700 /etc/init.d/firewall
add firewall service:
chkconfig --add firewall
auto start firewall:
chkconfig --level 2345 firewall on
start/stop/restart firewall:
/etc/init.d/firewall start /etc/init.d/firewall stop /etc/init.d/firewall restart
Dear Mustafa, if you find a bug in your code please edit!
For my this working perfect!
In addition, I use the DDoS was also (if someone might be interested in this post I write separately to the installation and configuration) *It can be quite helpful when you are attacking someone's server..
-
Inform here 'yum list firewall*; which firewall'.
As I know, CentOS 5/6 use iptables as firewall service. CentOS 7 use firewalld as firewall service. It's why Kloxo-MR only detect iptables and firewalld. I will add firewall service also in next update.
-
]# yum list firewall*
Loaded plugins: fastestmirror, presto, priorities, protectbase, replace
Loading mirror speeds from cached hostfile
mratwork-epel/metalink | 21 kB 00:00
* base: ftp.freepark.org
* extras: ftp.freepark.org
* mratwork-epel: mirror.atomki.mta.hu
* mratwork-ius-archive: mirror.amsiohosting.net
* mratwork-ius-stable: mirror.amsiohosting.net
* mratwork-release-neutral-noarch: rpms.mratwork.com
* mratwork-release-version-arch: rpms.mratwork.com
* mratwork-webtatic: uk.repo.webtatic.com
* updates: ftp.freepark.org
base | 3.7 kB 00:00
extras | 3.4 kB 00:00
mratwork-epel | 4.3 kB 00:00
mratwork-epel/primary_db | 5.9 MB 00:00
mratwork-google-mod-pagespeed | 951 B 00:00
mratwork-ius-archive | 2.4 kB 00:00
mratwork-ius-archive/primary_db | 3.3 MB 00:00
mratwork-ius-stable | 2.3 kB 00:00
mratwork-ius-stable/primary_db | 209 kB 00:00
mratwork-mariadb | 2.9 kB 00:00
mratwork-nginx | 2.9 kB 00:00
mratwork-nginx/primary_db | 68 kB 00:00
mratwork-nginx-stable | 2.9 kB 00:00
mratwork-release-neutral-noarch | 1.3 kB 00:00
mratwork-release-version-arch | 1.2 kB 00:00
mratwork-varnish-3.0 | 951 B 00:00
mratwork-webtatic | 3.6 kB 00:00
updates | 3.4 kB 00:00
0 packages excluded due to repository protections
Error: No matching Packages to list
which firewall
/usr/bin/which: no firewall in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/s bin:/usr/bin:/root/bin)
-
::)
Now it Works with fresh 6.8 / 64 / Mr-Kloxo 7.0.0.c-2017032001.mr / Kloxo7 install.
Disable iptables service:
= chkconfig iptables off
+ Reboot
Thank you ;)
-
...moreover work whitout iptable disable command and whitout restart in CentOS Linux release 7.3.1611 (Core) ;D
-
In certain CentOS 5/6 template for VPS, run 'chkconfig iptables off' is not enough. Need rename iptables file in /etc/sysconfig. In CentOS 7, iptables running by firewalld and need disable them with 'chkconfig xxx off'.