Messages

16

Kloxo-MR Technical Helps / Re: Enable SUPH return ERROR 500

« on: 2013-08-18, 22:34:46 »

So what you are saying is that you forgot to change the min_uid=500 to min_uid=48 in the /etc/suphp.conf file, when we select to use suphp in the Kloxo-MR Webserver Config.

Therefore the file /etc/suphp.conf should look like this:

Code: [Select]

[global]
logfile=/var/log/httpd/suphp_log
loglevel=info
webserver_user=apache
docroot=/
env_path=/bin:/usr/bin
umask=0022
; by prgs1971
; fix bug http://forum.mratwork.com/posting.php?mode=reply&f=5&t=19267
;min_uid=500
min_uid=48
min_gid=48

; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=false

;Send minor error messages to browser
errors_to_browser=false

[handlers]
;Handler for php-scripts
x-httpd-php="php:/usr/bin/php-cgi"
x-httpd-php52="/opt/php52s/etc/php52s-cgi.sh"

;Handler for CGI-scripts
x-suphp-cgi="execute:!self"

;;; MR -- for using php52 just enough add 'AddHandler x-httpd-php52 .php' on .htaccess.
;;; it's make possible running 'dual php' on server!


17

Kloxo-MR Technical Helps / Re: Enable SUPH return ERROR 500

« on: 2013-08-18, 22:21:37 »

It's because I am forgot when change ownership for /home/kloxo/httpd from lxlabs to apache.

Sorry i don't understand well what you are trying to say.

Maybe you are trying to say that the ownership of /home/kloxo/httpd should be lxlabs ?

Recursevely ?

18

Kloxo-MR Technical Helps / Re: Enable SUPH return ERROR 500

« on: 2013-08-18, 22:12:52 »

All php-type already secure because unsecure php-type (mod_php) already remove from panel!.

According what is stated in the second page of this pdf http://www.worldhostingdays.com/downloa ... tag2c1.pdf, you have to concern about the security of some of the options available in Kloxo-MR.

19

Kloxo-MR Technical Helps / Re: Enable SUPH return ERROR 500

« on: 2013-08-18, 22:08:13 »

Or you can modified /etc/suphp.conf where change 'min_uid=500' to 'min_uid=48'

In Official kloxo that i use in my production server is not  necessary to change the above  suggestion.

/etc/suphp.conf file in production server

Code: [Select]

[global]
logfile=/var/log/httpd/suphp_log
loglevel=info
webserver_user=apache
docroot=/
env_path=/bin:/usr/bin
umask=0022
min_uid=500
min_gid=48

; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=false

;Send minor error messages to browser
errors_to_browser=false

[handlers]
;Handler for php-scripts
x-httpd-php="php:/usr/bin/php-cgi"

;Handler for CGI-scripts
x-suphp-cgi="execute:!self"
/etc/suphp.conf file in test server

Code: [Select]

[global]
logfile=/var/log/httpd/suphp_log
loglevel=info
webserver_user=apache
docroot=/
env_path=/bin:/usr/bin
umask=0022
min_uid=500
min_gid=48

; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=false

;Send minor error messages to browser
errors_to_browser=false

[handlers]
;Handler for php-scripts
x-httpd-php="php:/usr/bin/php-cgi"
x-httpd-php52="/opt/php52s/etc/php52s-cgi.sh"

;Handler for CGI-scripts
x-suphp-cgi="execute:!self"

;;; MR -- for using php52 just enough add 'AddHandler x-httpd-php52 .php' on .htaccess.
;;; it's make possible running 'dual php' on server!

Can the problem be related with the other differences between the 2 files?

20

Kloxo-MR Technical Helps / Re: Enable SUPH return ERROR 500

« on: 2013-08-18, 22:01:49 »

I don't use secondary PHP.

What will the best to use, regarding security in first place and performance/stability in second place?

21

Kloxo-MR Technical Helps / Re: Mysql Security in Kloxo-MR

« on: 2013-08-18, 22:00:08 »

Remember, someone try access to your vps via ssh/ftp/panel will banned if fail until 20 (depend on your setting)

I have it enabled, but without a firewall you can exceed the max attempts you have configured.

Lxguard read from a log file the failed attempts and then blocks the ip...

I prefer to use Iptables or CSF to have real time blocking.

Also, sql-injection bug on Kloxo official already fixed in Kloxo-MR.

I was not aware of this one

22

Kloxo-MR Technical Helps / Enable SUPH return ERROR 500

« on: 2013-08-18, 21:40:15 »

In Webserver Config i have done:

PHP Branch:
-selected php54_(as_5.4.17)
- hit update

Php Type
- selected suphp
- hit update

Fix 'ownership' And 'permissions'
- selected fix-All

After all this i have rebooted the server.

Now i am able to reach exanple.com, but get error 500 when try to reach cp.example.com

My suphp log show:

Code: [Select]

[Sun Aug 18 16:33:23 2013] [warn] UID of script "/home/kloxo/httpd/cp/index.php" is smaller than min_uid
Did i miss anything?

How to fix this?

23

Kloxo-MR Technical Helps / Re: Mysql Security in Kloxo-MR

« on: 2013-08-18, 21:20:38 »

If you not select 'mod_php' (already remove from Kloxo-MR) and only you (as root/admin) able access to ssh, no reason to worry other people able access to bash history (because impossible).

I think that only with ssh access as root/admin, as you say, will be possible to see that file, but i will take this caution anyway.

Thank you very much for your help and advice's

24

Kloxo-MR Technical Helps / Re: Mysql Security in Kloxo-MR

« on: 2013-08-18, 21:17:03 »

With a increase of 1600%(one thousand and six hundred percent) in Hackers attacks in 2013 i start to get very concerned about security in my VPS.

Now i look for every detail that can compromise security

I will try to learn the language used in that script and i will change it my self.

I hope that will not be to hard to prompt the user for a input in this language.

I will post that when done

25

Kloxo-MR Technical Helps / Re: Mysql Security in Kloxo-MR

« on: 2013-08-18, 20:53:52 »

To access command history you just need to use your up and down arrow keys or look for the content of the file ~/.bash_history

i run

Code: [Select]

[root@server]# mysql_secure_installation
and after i run

Code: [Select]

[root@server]# reset-mysql-root-password YOURPASSWORDHERE

now i am able to see the password by access to the last inputs in the command line, using the arrow key "up"

to see the password in the file ~/.bash_history i need to exit from root and login again.

Code: [Select]

[root@server]# exit
[root@server]# su -
[root@server]# vim ~/.bash_history
Now i can confirm that the password is visible in this file and i erase this line from the file

After i close and save the file i have to exit from root and login again to confirm that reset-mysql-root-password YOURPASSWORDHERE is not accessible anymore from the command line history by using the arrow key "up" to walk in the last inputs we have done in the command line.

OK.. I confess, I am paranoid about security  8-)

26

Kloxo-MR Technical Helps / Re: Optimize Mysql for performance

« on: 2013-08-18, 19:54:27 »

Tanks for your advice

27

Kloxo-MR Technical Helps / Re: Mysql Security in Kloxo-MR

« on: 2013-08-18, 19:53:28 »

I say this because that command will be saved in the history of command line.

i will look for that file and erase the entry after i run this command.

28

Kloxo-MR Technical Helps / Re: Optimize Mysql for performance

« on: 2013-08-18, 19:17:42 »

Thanks for the tip

First i will try to see what are the advantages of using Mariadb.

29

Kloxo-MR Technical Helps / Re: Mysql Security in Kloxo-MR

« on: 2013-08-18, 19:16:09 »

Input password in plaint text means that the the password is visible(you can read the password) in the command line.

Code: [Select]

[root@server]# sh /script/reset-mysql-root-password YOURPASSWORDHERE
the secure mode will something like this:

Code: [Select]

[root@server]# sh /script/reset-mysql-root-password
Enter password:     // when you type the password here you will not see what you are typing
....
script execution
....
[root@server]#


30

Kloxo-MR Technical Helps / Re: Optimize Mysql for performance

« on: 2013-08-18, 18:54:07 »

I don't know Aria ....

Mariadb is not enabled by default?

What is the advantage of using Mariadb?

I am thinking in give a try to Perconna Mysql server