Blog

Updates — KB: 24032014-001: Dealing with TIME WAIT exhaustion (no more TCP connections)

The KB http://www.core-admin.com/portal/kb-24032014-001-dealing-with-time-wait-exhaustion-no-more-tcp-connections about managing time wait configuration problems reported by time wait checker has been updated to allow configuring TCP TIME WAIT recycle option (/proc/sys/net/ipv4/tcp_tw_recycle). The article also includes additional infomation about how this option relates (and may cause problems) with devices behind NATing firewalls when the server running this option is accessed from there.

The article also includes a reference to Troy Davis’ article http://troy.yort.com/improve-linux-tcp-tw-recycle-man-page-entry/ which explains in more detail how this happens.

Posted in: Administration, Firewall, KB, Security

Leave a Comment (0) →

PHP 7.0 support for Core-Admin Web Edition

PHP releaseStarting from release 1.0.46 (revision 4644), now Core-Admin supports PHP 7.0 engines for your webhosting applications, configurable at domain level (so the rest of your hosting domains can run with different PHP engines). This new engine allows to support latest PHP release, along with previous releases, including deprecated ones for legacy applications (5.6, 5.4, 5.3, 5.2).

Check out our Core-Admin Web Edition to see how it works: http://www.core-admin.com/portal/get-it/web-edition

Posted in: Core-Admin Web Edition, PHP, Web hosting

Leave a Comment (0) →

Raspbian support for Core-Admin

Raspbian logoWe have been working on Raspberry Pi platform, preparing all
the elements needed to be able to have official support for this
platform as new releases appears.

Finally, we now support Raspberry Pi through Raspbian wheezy and working on
Raspbian Jessie. That way now it is possible to join these devices
to your Core-admin plataform and deploy all services provided by it.

For any additional information, please contact us: info@core-admin.com
(contact page)

We hope this will help you to better deploy and control your raspberry devices!

Posted in: Raspberry

Leave a Comment (0) →

Let’s encrypt: trusted SSL/TLS certificates for everyone

letsencrypt-128x128Let’s encrypt (http://letsencrypt.org) now is making it possible for everyone to have access to trusted certificates for free. It does it by using a client that implements the ACME protocol (https://github.com/ietf-wg-acme/acme/), which allows you to get access to the Let’s encrypt infrastructure to request and issue a certificate for your domains.

This is a very important step to secure even more the internet by making possible that, at least, all administration panels can get secured with it. We are talking about “at least administration panels” because it is still possible that you might be interested in legacy SSL/TLS certificates where it can include your contact information or, for legal or techical reasons, you might need a certificate signed by a particular vendor.

In any case, this new technology, promoted by important vendors involved in promoting the web, will provide a secure and trusted solution for many of our devices (routers, IoT “things”, appliances, etc) to have them secured with a https:// page running a SSL/TLS certificate…for free!

So, there’s no excuse anymore to protect your sensitive web pages, especially those running critical services with http:// administration panels.

Core-Admin and Let’s encrypt management application

Core-Admin now support Let’s encrypt by fully integrating it with an easy to use graphical interface that allows to easily locate web pages running at your servers, and request a certificate for them.

This new application is available from Core-Admin revision 4615. Check the following Let’s encrypt for Core-Admin manual to know more details about it: http://www.core-admin.com/portal/applications/lets-encrypt

Posted in: Administration, Certificates, Security

Leave a Comment (0) →

Core-admin updating

Core-admin software updating will allow us to get last updates in our applications already installed, moreover new funcionality is added to those applications. Furthemore, new applications will be installed, getting more funcionality in our platform, to have more control in our machines.

To update core-admin software, follow next steps,

1 We click in the top menu, in Core-admin update option

System –> Core-admin update

_core-admin-updating-1_en

It is important to close other applications running. Core-admin will inform you in case you will need to do it.

2 We click on Search for core-admin updates

core-admin-updating-2_en

3 Core-admin will search for updates. Next step is to apply them. It is needed to log again in the panel in order to get updates.

Posted in: Releases

Leave a Comment (0) →

Configuring default web site to show when accessing with unknown addresses

In the case you want to show a default web page with a customized “unknown webpage” when accesing to your server with an unknown web page that is not supported or maybe it is supported by in a different address (like accessing with https:// on a web page that is only supported on http://), then, you can do it by following next steps:

1. First, access to the Webhosting management and click on “Options”, then click on “Configure server”:

options-configure

2. After that, click on “Configure default site” and inside, setup the content and save it:

place-content-and-save

Posted in: Core-Admin, Core-Admin Web Edition, Web hosting

Leave a Comment (0) →

KB: 07072014-001: Disabling ptrace() syscall

Keyword index

Introduction

The following article explains how to disable system call ptrace() in various platforms (see list of supported platforms). By disabling this system call you can remove a large source of security problems and a linux kernel feature that is used by many attacks to implement hard to detect modifications like in-flight memory process modification.

The article proposes disabling the ptrace syscall by installing a kernel module that disables it.

Supported platforms

  • Debian Squeeze amd64
  • Debian Squeeze i686
  • Debian Wheezy amd64
  • Ubuntu Precise LTS 12.04 amd64
  • Linux Mint 13 Maya amd64

Installing the module

To have the module installed, you have to update your /etc/apt/sources.list file to include the right apt sources. See in the following link the right one for your distribution:

https://dolphin.aspl.es/svn/publico/noptrace2/README

After that, you only have to update references and install it by running:

apt-get update
apt-get install noptrace2

After that, the module will be compiled using your current server/system settings and will be loaded if no problem is found.

How do I check if the module is actually blocking ptrace() calls?

Run the following command. You should get a “No child processes”:

strace -p 1
Process 1 attached - interrupt to quit
detach: ptrace(PTRACE_DETACH, ...): No child processes
Process 1 detached

How do I enable/disable it temporally?

You can use the following command to stop/unload the module causing ptrace() blocking to be removed:

service noptrace2 stop

At the same time, you can use the following command to reenable the module that blocks ptrace():

service noptrace2 start

Do this generates any operation log I can inspect?

Sure, take a look at your /var/log/syslog. You should get logs like this:

Jul 7 11:14:40 vulcan kernel: [4721108.617232] [noptrace2] ptrace syscall disabled
Jul 7 11:14:54 vulcan kernel: [4721122.990270] [noptrace2] ptrace() invoked against process 1 by process 20675
Jul 7 11:14:54 vulcan kernel: [4721122.990304] [noptrace2] ptrace() invoked against process 1 by process 20675
Jul 7 11:15:02 vulcan kernel: [4721130.689160] [noptrace2] ptrace() invoked against process 29912 by process 20746
Jul 7 11:15:02 vulcan kernel: [4721130.689188] [noptrace2] ptrace() invoked against process 29912 by process 20746
Jul 7 11:15:22 vulcan kernel: [4721150.219577] [noptrace2] ptrace syscall restored
Jul 7 11:15:44 vulcan kernel: [4721172.921028] [noptrace2] ptrace syscall disabled
Jul 7 18:11:15 vulcan kernel: [4746103.948870] [noptrace2] ptrace() invoked against process 1 by process 9821
Jul 7 18:11:15 vulcan kernel: [4746103.948897] [noptrace2] ptrace() invoked against process 1 by process 9821

Did you like the article, found it useful or something to comment?

That’s good. Please,  contact us at http://www.core-admin.com/portal/about-us/contact or follow use at https://twitter.com/core_adm or https://twitter.com/aspl_es

Posted in: Administration, Debian, Debian Squeeze, Debian Wheezy, Linux Mint, Security, Ubuntu, Ubuntu Precise LTS

Leave a Comment (0) →
Page 3 of 5 12345