Plesk 7.5.4 on RHEL 3

October 29th, 2005

When I upgraded my Plesk 7.5.3 intallation to Plesk 7.5.4, I ran into a problem. The error was:

./packagemng: error while loading shared libraries: libstdc++_plesk.so.6: cannot open shared object file: No such file or directory

After going through all the documentation and finding nothing, I finally found a few obscure RPMs that needs to be installed. They are all in the Third_Party.RHel3/ directory.

The list that fixed the problems were:

binutils-2.15-1.i586.rpm
plesk-cpp-3_4-3.4.3-2.i586.rpm
plesk-gcc-3_4-3.4.3-2.i586.rpm
plesk-gcc-c++-3_4-3.4.3-2.i586.rpm
plesk-libgcc-3_4-3.4.3-2.i586.rpm
plesk-libstdc++-3_4-3.4.3-2.i586.rpm
plesk-libstdc++-devel-3_4-3.4.3-2.i586.rpm

Which bootloader am I using?

August 29th, 2005

Some of you have propably wondered many times, which bootloader you are using.

I prefer grub but sometimes systems come pre-installed with lilo.

On RHEL and clones, you may use the following command for information:

grubby --bootloader-probe

If you want to swap to grub, the following command may be of help:

grub-install /dev/hda

File Manager cant access httpdocs

August 17th, 2005

You receive the following error when accesing httpdocs through the control panel,

Unable to change directory to /httpdocs/: Invalid file name.

The problem is caused by invalid charachters in the files names uploaded, so fat it seems that the following could
cause the problem,

“&”, “`”, “‘ “, ” [ and ]”

The solution is to change the filenames.

Unable to remove sub domains from Plesk for windows

August 15th, 2005

The normal cause of this is that IIS lost the sub domain entry.

Without this entry you won’t be able to manage the sub domain in your Plesk Control Panel.

The entry must be re-created in IIS.

When creating the sub domain in IIS, the default path for the sub domain to use,
C:\Inetpub\vhosts\domain.co.za\subdomains\test\httpdocs

Once added log into the control panel and remove or edit the sub domain.

Moving tomcat4 logging on Plesk

August 8th, 2005

To add logging on a Plesk-Tomcat 4 server, to a domain name, add the following code to the server.xml file.

<logger className="org.apache.catalina.logger.FileLogger" directory="/home/httpd/vhosts/mydomain.com/tomcat4" suffix=".log" timestamp="true"/>

Make sure that the /home/httpd/vhosts/mydomain.com/tomcat4 directory have the following permissions:

drwxrwxr-x 2 root tomcat4 4096 Aug 8 17:35 tomcat4

Opensource Control Panels

August 5th, 2005

http://www.ispconfig.org/

http://www.web-cp.net/

http://www.gplhost.com/

http://openisp.net/magazine.cgi

http://www.marlow.dk/site.php/tech/ispworks

http://www.ispdb.co.uk/

http://www.oav.net/projects/openvisp-admin/

http://www.webmin.com/

http://www.ispman.net/

http://www.vhcs.net/

(24) Too many open files (errno: 24)

June 13th, 2005

When attempting to start apache, I received some errors indicating that I hav reached the maximum number of open files.

[error] System: Too many open files (errno: 24)

This is caused by apache and RedHat setting their open file limits too low. Be forwarned, an older system could see a serious degredation in performance by setting these limits too high. To correct this you will need to do the following:

Edit /etc/sysctl.conf. Add a new line with: fs.file-max = 8192 (The default is 1024) The change to the /etc/sysctl.conf will make the setting persistant over reboots.

To immediately increase the number of open files, use ulimit -n 8192.

To view all the current ulimit‘s. you my run: ulimit -a.

Advanced Policy Firewall (APF)

June 3rd, 2005

APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux.

Download APF

Grub Single Boot

May 27th, 2005

Grub allows you to boot into a new kernel only once. If you reboot the previous kernel will loaded. This is the safest way to do remote kernel updates.

Step 1: Once the new kernel is installed, determine which position the kernel has been installed too, example:
[root@rh9 root]# vi /etc/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda2
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=10
splashimage=(hd0,0)/grub/splash.xpm.gz
title Red Hat Linux (2.4.28-1)
root (hd0,0)
kernel /vmlinuz-2.4.28-1 ro root=LABEL=/ hda=ide-scsi
initrd /initrd-2.4.28-1.img
title Red Hat Linux (2.4.20-37.9.legacy)
root (hd0,0)
kernel /vmlinuz-2.4.20-37.9.legacy ro root=LABEL=/ hda=ide-scsi
initrd /initrd-2.4.20-37.9.legacy.img

Replace default=0, with the number of the kernel you want the system to boot by default (starting with 0 for the first position). In this example, the kernel 2.4.20-37.9.legacy will be the default, in position 1, as its reliability is known.
change the line: default=0 to default=1
Save the file and exit.

Step 2: type grub

Step 3: At the grub prompt type the following:

savedefault --default=N --once

where N is the number of the kernel being tested, again, starting with 0 in our example, the new kernel is in position 0, so –default=0

Step 4: type quit

Step 5: Reboot the system, it will now boot into the new kernel. If for some reason the system does not work with the new kernel, or is otherwise non-responsive, powercycling the system will restore it to the known working kernel selected in Step 1.

If you are happy with the new kernel edit the /etc/grub.conf and set the system to boot into the new kernel permanently.

Tomcat 4 & Graphics

April 18th, 2005

It you are trying to use graphics on a server, that does not run X, you may run into all sorts of problems with the AWT toolkit. When the AWT toolkit is initialised it expects to find an X server, regardless of whether its needed for actual display.

If you are running JDK 1.4 or later, you should add -Djava.awt.headless=true to your Tomcat startup.

I achieved this by editing the /usr/bin/dtomcat4 file.

Below is a downloadable patch file. Tomcat 4 Patch

Securing /tmp directory

April 9th, 2005

If you are renting a server then chances are everything is lumped in / and a small amount partitioned for /boot and some for swap. With this current setup, you have no room for making more partitions unless you have a second hard-drive. Following the method descriped below, you will learn how to create a secure /tmp partition even while your server is already up and running.

Recently, I found out it would be worthwhile to give /tmp it’s own partition and mount it using noexec. This would protect your system from MANY local and remote exploits of rootkits being run from your /tmp folder.

What we are doing it creating a file that we will use to mount at /tmp. So log into ssh and su to root so we may begin!

In your /dev directory create an empty 250MB file. You may need more space on a busier system. To increase the size of the empty file make the count parameter larger.

cd /dev
dd if=/dev/zero of=tmppart bs=1024 count=250000

We will now create an ext3 filesystem for in our tmppart file. If it asks you if you want to proceed, since the destination is not a block device, say yes (y).

/sbin/mkfs.ext3 /dev/tmppart

Backup your /tmp diretory since you may have files in there that is needed by certain programs. Some programs may use it to store cache files or other temporary information.

cd /
cp -R /tmp /tmp_backup

Now, mount the new /tmp filesystem with noexec, nosuid and rw options, and set the correct permissions on the new partition:

mount -o loop,noexec,nosuid,rw /dev/tmppart /tmp
chmod 1777 /tmp

Restore the old /tmp data and remove backup directory:

cp -R /tmp_backup/* /tmp/
rm -rf /tmp_backup

We now need to add this to /etc/fstab so it mounts automatically on reboots. Add the following line to your /etc/fstab file.

/dev/tmppart /tmp ext3 loop,noexec,nosuid,rw 0 0

You are done! /tmp is now mounted as noexec, nosuid and rw. You can sleep a little bit safer tonight.

To test the setup, you may copy an executable to the /tmp directory and then try and execute it. It should fail with a Permission denied error message.

Running Plesk on Port 443

March 5th, 2005

By default Plesk is installed to run on port 8443. Some companies have very restrictive firewalls, which might lead to clients not being able to access the Plesk control panel. I have found that most companies will happily allow a connection on port 443, the standard port for SSL connection. Luckily you can configure Plesk to listen on a second IP address for connections to port 443.

This method describled below has been tested on Plesk for Linux version 6.0.x, 7.1.x and Plesk for Windows version 7.5.x.

Step 1: Add a secondary IP address to your server. The way to do this depends on the OS and is left as an excercise to the reader. We assume that our secondary IP address is: 10.0.0.1
Step 2: Edit the httpsd.conf file. In this file add the following entry: Listen 10.0.0.1:443.
Step 3: If on Linux, edit the ssl.conf file, to only Listen on the the main IP address’s SSL port.
Step 4: Restart the Plesk control panel
Step 5: Test the setup, by connecting to: https://10.0.0.1/

If everything was done properly the Plesk control panel will now be running on port 443.

Speeding UP SMTP on Plesk 7.1.7

March 5th, 2005

Some clients might experience a very slow SMTP connection on a Plesk 7.1.7 server running qmail. The main reason for the delay is cuased by a Reverse DNS lookup performed on each IP address connection to the SMTP server on port 25. If your server does not have good DNS connectivity or the owner of the IP address’s DNS servers are overloaded, you may notice a delay of up to 60 seconds (the default) to be able to send mail.

I suggest that you update your /etc/xinetd.d/smtp_psa and /etc/xinetd.d/smtps_psa files.

Update the server_args key in both files, as suggested below:
server_args = -Rt0 /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org -r bl.spamcop.net ......

You may want to replace sbl-xbl.spamhaus.org and/or bl.spamcop.net with your favourite RBL list. You may also add additional RBL entries by specifying additional -r parameters.

Upgrading phpMyAdmin on Plesk 7.1.7

March 5th, 2005

Thanks to G.L. DATA it is now possible to upgrade the default phpMyAdmin installed in the Plesk control panel under the DB WebAdmin icon. According to G.L. DATA the upgrade will work on version 7.1.x and 7.5.x of Plesk for Linux. We have been able to confirm that it definitely does run on Plesk 7.1.7 for Linux.

For more information see G.L. DATA Plesk page

qmHandle 1.2.0 for Qmail

March 5th, 2005

qmHandle is a very useful utility to manage Qmail based mail installations.

Get it from the qmHandle Homepage

Connecting to MySQL 4.1.x from MySQL 4.0.x

March 3rd, 2005

If you attempt to connect to a MySQL 4.1.x server from a MySQL 4.0.x client you may receive the following error:

#1251 - Client does not support authentication protocol requested by server; consider upgrading MySQL client

To fix the problem, first make sure that you have no usernames that are longer than 16 characters:

SELECT Host, User, Password FROM mysql.user WHERE LENGTH(Password) > 16

Now you may update the password for the user to the old style passwords:

SET PASSWORD FOR 'root'@'localhost' = OLD_PASSWORD('newpasswd');

For more information see: Password Hashing in MySQL 4.1

Plesk for Windows 7.5.0 & MySQL

February 27th, 2005

There are two instances of MySQL running, one on port 3306 (default) and one on port 8306. The instance running on port 8306 is the intstance that is used by the Plesk contol panel.

Use the -P option of the mysql.exe client tool to specify the port:

mysql -u admin -p -P 8306

SpinRite 6.0

February 20th, 2005

SpinRite now brings its legendary data recovery and drive maintenance magic to the latest file systems, operating systems, and hard drives. It runs MUCH faster than ever before, can help maintain all of your drives in tip top shape, can warn of impending disaster, and wrestle data from dying and nearly dead drives . . . before it’s too late.

This industry-standard data recovery tool is operating system independent, so it can be applied by users of Windows XP, 2000, Linux, and all other Intel/AMD PC‑platform hard drives and file systems.

SpinRite 6.0 home page ….

Anti-Virus Testing Tool

February 20th, 2005

Test your email account’s anti-virus protection by sending a harmless “EICAR” virus attachment to your mail server. The EICAR test virus is completely safe and contains no viral code. For more information, please visit www.eicar.org.

Anti-Virus Testing Tool

Plesk 7.1.6’s psadump and MySQL version

February 12th, 2005

The psadump utility that is shipped with Plesk 7.1.6, expect the version number of the MySQL server to always be in the format x.x.x, where x is a digit. We have however had cases where the MySQL version was x.x.xX, where x is a digit and X is a letter. Below is a hack on the regex to make psadump work properly again.

In the {PSA_BASE_DIRECTORY}/lib/perl5/BU/PSA/Const.pm file, change:

$mysql_version_str =~ m/[Vv][Ee][Rr]\s+[0-9\.]+\s+Distrib\s+([0-9\.]+)[\s,]/;

to:

$mysql_version_str =~ m/[Vv][Ee][Rr]\s+[0-9\.]+\s+Distrib\s+([0-9\.\w]+)[\s,]/;

UPDATE:
This problem has been resolved in Plesk for Linux version 7.1.7.