Category Archives: Uncategorized

05Jan/18

Critical Intel CPU Bug – Meltdown and Spectre Vulnerabilities

Critical Intel CPU Bug – Meltdown and Spectre Vulnerabilities

CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre.Earlier this week, serious security problem – CPU Bug has been found in the Intel/AMD/ARM CPUs. According to various teams including Google Project Zero, CPU data cache timing can be abused efficiently to leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. These vulnerabilities are known by name ‘Meltdown’ and ‘Spectre’.

You can read more about attack from this link

There are 3 known variants for this CPU Bug: Continue reading

Stop using custom php.ini in ntPHPselector.

I am writing this post to give an idea about how to use custom php.ini and stop using custom php.ini in ntPHPselector. Since we got some request form some of the customers about the same, so I am adding this as blog for others to check.

How to use custom php.ini

There are several instances that may require you to modify a setting in the php.ini file for your website, such as increasing the PHP upload limit. The customer need to copy the default php.ini ( collect it from the php info page ) and alter the values based on the site requirements.

Some of the disadvantages of using custom php.ini

You lose the ability to select the php version via the control panel, if the version is not specific to the respective php version, it may cause errors.

Any changes we made on the global php.ini will not be reflected on your site

Changes you made to php.ini will not be applied instantly

Some of the web hosts will not allow to use custom php.ini. Since allowing this feature will cause resource usage abuse, which include performance issue with the server too. So they forced to disable this feature.

In ntPHPselector, you can disable the custom php.ini by un commenting the following entries under the section “phprc_paths”. By default, there is no commented entry for 5.3 in the suphp.conf. You need add the following entry manually, since it is compiled by you using ntPHPSelector interface.

[phprc_paths]
application/x-httpd-ea-php54=/opt/cpanel/ea-php54/root/etc
application/x-httpd-ea-php55=/opt/cpanel/ea-php55/root/etc
application/x-httpd-ea-php56=/opt/cpanel/ea-php56/root/etc
application/x-httpd-ea-php70=/opt/cpanel/ea-php70/root/etc
application/x-httpd-ea-php71=/opt/cpanel/ea-php71/root/etc

; entry related with PHP 5.3
application/x-httpd-php53=/opt/cpanel/nt-php53/root/etc

Restart the httpd service and check whether it is loading or not.

If you need further customization to the plugin, you can contact our support and we will help you. Also you can inform us the feature requests or bug reports

20Jun/17

Recompile PHP 5.3 in ntPHPselector version 4

ntPHPselector plugin allows user to select preferred PHP version per directory on the same domain. Our new ntPHPselector version 4  released for the cPanel servers with EasyApache 4 version, which support php versions 5.3, 5.4, 5.5, 5.6, 7.0 and 7.1. By default 5.3 is disabled. You need to recompile it after enabling it from “Settings” tab after the installation.

ntPHPselector manually recompile the php version 5.3, since it is removed from EasyApache 4. You need to recompile the php version 5.3 using from your end using the interface available inntPHPselector WHM module.  Continue reading

05Dec/16

Install and Configure Mod-Pagespeed on Linux servers

Mod-Pagespeed is an Apache/Nginx (web-server) module to speed up your website by applying certain filters that automatically optimize files to reducing number of times the browser has to make to grab web files, to reduce the size of those files and to optimize the length those files are cached. This article we will show you how to install and configure Google‘s mod-pagespeed module for Apache and Nginx web servers in RHEL/CentOS/Fedora and Debian/Ubuntu systems. Continue reading

27Oct/16

Secure and Fix dirty COW Linux Vulnerability

What is Dirty COW Vulnerability and why its called so ?

Dirty COW vulnerability allows attackers to gain root access to servers and take control over the whole system.A rare condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

What is the CVE-2016-5195 ?

CVE-2016-5195 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE.

Who found the Dirty COW vulnerability?

Phil Oester

How to check if vulnerability is affected on your server

Ubuntu/Debian

To find out if your server is affected, check your kernel version.

# uname -rv

You’ll see output like this:

Output
4.4.0-42-generic #62-Ubuntu SMP Wed Oct 26 22:10:20 IST 2016

If your version is earlier than the following, you are affected:
– 4.8.0-26.28 for Ubuntu 16.10
– 4.4.0-45.66 for Ubuntu 16.04 LTS
– 3.13.0-100.147 for Ubuntu 14.04 LTS
– 3.2.0-113.155 for Ubuntu 12.04 LTS
– 3.16.36-1+deb8u2 for Debian 8
– 3.2.82-1 for Debian 7
– 4.7.8-1 for Debian unstable

CentOS

Some versions of CentOS can use this script provided by RedHat for RHEL to test your server’s vulnerability. To try it, first download the script.

# wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh

Then run it with bash.

# sh rh-cve-2016-5195_1.sh

If you’re vulnerable, you’ll see output like this:

Output

Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .
Standard Resolution

The easiest way to protect your computers running Linux is to update your Linux distro to the latest version. You can use the following commands to update your Debian/Ubuntu/Centos and RHEL systems,also you need to reboot after updating it.

Debian/Ubuntu:
# sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade

RHEL:
# sudo yum update
# sudo reboot

CentOS:

To update your kernel on CentOS 7, run:
# sudo yum update

There is still no official update of the CentOS 5 and 6 kernel.we’re still waiting on a fix for CentOS 5 and 6. You can use this workaround from the Red Hat bug tracker.

You can find more technical details about the Dirty COW vulnerability and exploit on the bug’s official website dirtycowRedHat site and GitHub page.

 

20Oct/16

Configuring postfix to block all emails except one email accounts

Configuring postfix to block all emails except the specified email accounts.

If you need allow a emailing only from a particular from the postfix email server you can follow the below steps.

Use Transport Mapping

Here we can tell the postfix mail server to sent or disregard the emails. For this we need to edit the postfix configuration file.

Please make sure to take the backup of config files before editing. So that we can restore the original files if any errors occured while editing. You can take the backup like this

#cp -p /etc/postfix/main.cf /etc/postfix/main.cf.original
#vi /etc/postfix/main.cf

add the below line on the configuration

transport_maps = hash:/etc/postfix/transport

Now we need to edit the file /etc/postfix/transport

#vi /etc/postfix/transport

Here add the domain which we need to allow sending mail

example.com :
* discard;

This will simply discard messages to any email address not of the domain example.com. If you wanted to reject with an error you’d use (set the error text to suit your needs)

You can add like this

 
example.com:


* error: Not allowed for all domains

We can add additional domains after example.com (one line per domain).

Save the file.

Now we need to create a hash of the file (unless you used texthash in main.cf)

postmap /etc/postfix/transport

We need to reload postfix to get effect the changes.

/etc/init.d/postfix reload
10Oct/16

Removing and adding files to existing tar archive

1) How to remove a single file from tar file

We need to create a tar file, for that first we need to touch some files

# touch  textfile{1..4}.txt

Now we can create tar file using tar command

# tar -cvf nixtree.tar textfile{1..4}.txt

Which creates the tar file “nixtree.tar” with the files file1.txt to file4.txt
To test the files in a tar file you can use “-t” switch with tar command.

# tar -tf nixtree.tar
textfile1.txt
textfile2.txt
textfile3.txt
textfile4.txt

We can use the “–delete” switch with tar command to remove files from already created tar file.

# tar --delete -f nixtree.tar  textfile1.txt

This command will remove “textfile1.txt” from the tar archive “nixtree.tar”

now see that tar file again

# tar -tf nixtree.tar
textfile2.txt
textfile3.txt
textfile4.txt

Also we can remove file from tar file using pattern matching .see below

2) Pattern match – Removing files using “–wildcards” options

# tar --wildcards --delete -f nixtree.tar 'textfile*'

This will remove all files starting with textfile. Which means the above tar file will be empty

3) Adding a file or directory to the existing tar file

You can add a file to a existing tar file  with ‘r’ option

# tar -rvf nixtree.tar newfile.txt

4) Adding directory to the existing tar file also the same

# tar -rvf nixtree.tar /new-directory

5) Extracting specific files  and directory from tar file

You can now extract the file  ‘textfile4.txt’ from the archive file ‘nixtree.tar’ like this:

# tar --extract --file=nixtree.tar  textfile4.txt

6) Extract a directory  from nixtree.tar:

# tar --extract --file=nixtree.tar directoryname

7) Compressing a folder (tar) without its containing directory in the foldername

# tar -zcvf nixtree.tar.gz -C /path/to/foldername_tocompress

8) Untar tar file to specific location

# tar -xvf nixtree.tar -C /path/to/untar/files/to/specific/directory

Tar Usage and Options

c – create a archive file.
x – extract a archive file.
v – show the progress of archive file.
f – filename of archive file.
t – viewing content of archive file.
r – append or update files or directories to existing archive file.
wildcards – Specify pattern in unix tar command.