Core-Admin
Core-Admin
Server admin easy

Blog

HomeAdministration

Archive for Administration

How to activate ssh access for a hosting with Core-Admin

Posted by on November 10, 2017

[extoc]

Introduction to activate ssh access for a hosting with Core-Admin

By default, all hostings created with Core-Admin will have an individual user to ensure each hosting runs with isolated permissions.
This hosting user has no way to access through ssh, even it if opened ssh port and a password is configured.

This article, explain how to enable or disable ssh access for a given hosting using Core-Admin.

Prerequisites

Be sure you have a firewall controlling SSH port (usually 22/tcp) to avoid leaving it open for everyone. It should be limited.
If you don’t have a firewall installed, use #Firewall manager. See the following manual to know how to configure it.

How to activate ssh access to a hosting for Core-Admin

Use the following steps. You will need Administrator rights to complete these steps.
First, open #WebHostingManagement application like this:

Selección_347

Then, open available option to manage SSH access:

Selección_348

After that, select the right hosting to configure and if you want to enable or disable SSH access like this:

Selección_349

Once the process is completed, the system will present you a set of configuration notes ready to use:

Selección_350

How to disable SSH access for particular hosting with Core-Admin

In the case you want to disable SSH access, just follow same steps as described before but selecting “disable” inside “Ssh access”.

How to list hostings with SSH access with Core-Admin

Use available option located at the top level tree:

Selección_351

Pin It

Posted in: #WebhostingManagement, Administration, Core-Admin, Core-Admin Web Edition, SSH, Web hosting

Leave a Comment (0) →

Configuring Let’s encrypt for Core-Admin panel’s certificate

Posted by on September 12, 2016

Configuring Let’s encrypt for Core-Admin panel’s certificate

The following short guide will give you tips on how to configure let’s encrypt certificate for your Core-Admin web administration panel. That is, the certificate used by the panel to secure all comunication between your web browser and the Core-Admin server.

These indications depends on the current status of your Core-Admin installation and your preference about doing it from console or using the web panel.

Having a working Core-Admin server: upgrade to let’s encrypt certificate

If you have a working Core-Admin with web access, you can install “Let’s encrypt Management” application and then use the specific option to request and configure a Let’s encrypt certificate for your local server. Here is how:

After you have installed the tool (or if you already have it), open the tool, and follow these steps:

Let's encrypt management -> Actions -> Certificate for Core-Admin server  (follow instructions from there)

Having a working Core-Admin server with let’s encrypt already deployed: console command

In the case you are already using Core-Admin with let’s encrypt tool, you can use the following command to request, install and reconfigure your core-admin server with a let’s encrypt certificate:

>> crad-lets-encrypt.pyc -s <your-contact-email>

Configuring let’s encrypt certificate just after finishing Core-Admin installation using core-admin-installer.py

In the case you have just installed core-admin, you can use the following command to install Let’s encrypt application, Certificate manager and request the certificate for your core-admin server:

>> cd /root
>> wget http://www.core-admin.com/downloads/core-admin-installer.py
>> chmod +x core-admin-installer.py
>> ./core-admin-installer.py --core-admin-le-cert=<your-contact-email>

The difference between this command and crad-lets-encrypt.pyc is that the later is only available when you already have Let’s encrypt management tool installed. Otherwise crad-lets-encrypt.pyc will not be available.

Pin It

Posted in: Administration, Certificates, Core-Admin, Let's Encrypt, Security, SSL/TLS

Leave a Comment (0) →

Updating notification time for mailbox quota exceeded

Posted by on August 23, 2016

Inside Core-Admin, with the Mail admin app, you configure a notification that is sent when mailboxes are overquota (admin notification) but also you can make the system to send a quota notification to the end user directly.

For that, open Mail Admin app and go to the quota notification options as shown in the following video:

However, in the case you want to change when are those quota notified and the frequency, you will have to:

  1. Update cron specification locateYOUTUBE URLd at the following file /etc/cron.d/crad-mail-quotas to adjust it to your needs. Remenber to just update those lines running the following command: “crad-mail-admin-mgr.pyc -k -f”
  2. To avoid having the file updated by the system due to a package upgrade, add immutable flag with the following command: 
    chattr +i /etc/cron/crad-mail-quotas

 

Pin It

Posted in: Administrador de Correo, Administration, Core-Admin, Mail Admin

Leave a Comment (0) →

KB 02082016-001 : failed to map segment from shared object: Cannot allocate memory

Posted by on August 2, 2016

Article keyword index

Sympton

If you get the following error while starting core-admin agent or core-admin server (turbulence process), or something similar:

ImportError: /usr/lib64/python2.6/lib-dynload/_hashlib.so: failed to map segment from shared object: Cannot allocate memory

If you already have checked your system have enough memory available, then possible there’s a ulimit configuration problem.

Affected releases

All releases may suffer this problem. It’s not a bug but a system resource configuration problem.

Background

The problem is caused by a system ulimit configuration that is limiting the amount of memory that can be used by the core-admin agent or the core-admin server (turbulence).

Solution

You can run the following commands to see if it solves the problem:

ulimit -m unlimited; ulimit -v unlimited

After that, try to restart the agent to see if the problem is solved.

Long term solution

Upgrade your core-admin packages. Since release rev5010, it is already included a fix to automatically correct this setting when starting the software.

Pin It

Posted in: Administration, KB, Resource limits

Leave a Comment (0) →

Updates — KB: 24032014-001: Dealing with TIME WAIT exhaustion (no more TCP connections)

Posted by on May 24, 2016

The KB http://www.core-admin.com/portal/kb-24032014-001-dealing-with-time-wait-exhaustion-no-more-tcp-connections about managing time wait configuration problems reported by time wait checker has been updated to allow configuring TCP TIME WAIT recycle option (/proc/sys/net/ipv4/tcp_tw_recycle). The article also includes additional infomation about how this option relates (and may cause problems) with devices behind NATing firewalls when the server running this option is accessed from there.

The article also includes a reference to Troy Davis’ article http://troy.yort.com/improve-linux-tcp-tw-recycle-man-page-entry/ which explains in more detail how this happens.

Pin It

Posted in: Administration, Firewall, KB, Security

Leave a Comment (0) →

Let’s encrypt: trusted SSL/TLS certificates for everyone

Posted by on April 13, 2016

letsencrypt-128x128Let’s encrypt (http://letsencrypt.org) now is making it possible for everyone to have access to trusted certificates for free. It does it by using a client that implements the ACME protocol (https://github.com/ietf-wg-acme/acme/), which allows you to get access to the Let’s encrypt infrastructure to request and issue a certificate for your domains.

This is a very important step to secure even more the internet by making possible that, at least, all administration panels can get secured with it. We are talking about “at least administration panels” because it is still possible that you might be interested in legacy SSL/TLS certificates where it can include your contact information or, for legal or techical reasons, you might need a certificate signed by a particular vendor.

In any case, this new technology, promoted by important vendors involved in promoting the web, will provide a secure and trusted solution for many of our devices (routers, IoT “things”, appliances, etc) to have them secured with a https:// page running a SSL/TLS certificate…for free!

So, there’s no excuse anymore to protect your sensitive web pages, especially those running critical services with http:// administration panels.

Core-Admin and Let’s encrypt management application

Core-Admin now support Let’s encrypt by fully integrating it with an easy to use graphical interface that allows to easily locate web pages running at your servers, and request a certificate for them.

This new application is available from Core-Admin revision 4615. Check the following Let’s encrypt for Core-Admin manual to know more details about it: http://www.core-admin.com/portal/applications/lets-encrypt

Pin It

Posted in: Administration, Certificates, Security

Leave a Comment (0) →

KB: 07072014-001: Disabling ptrace() syscall

Posted by on July 7, 2014

Keyword index

Introduction

The following article explains how to disable system call ptrace() in various platforms (see list of supported platforms). By disabling this system call you can remove a large source of security problems and a linux kernel feature that is used by many attacks to implement hard to detect modifications like in-flight memory process modification.

The article proposes disabling the ptrace syscall by installing a kernel module that disables it.

Supported platforms

  • Debian Squeeze amd64
  • Debian Squeeze i686
  • Debian Wheezy amd64
  • Ubuntu Precise LTS 12.04 amd64
  • Linux Mint 13 Maya amd64

Installing the module

To have the module installed, you have to update your /etc/apt/sources.list file to include the right apt sources. See in the following link the right one for your distribution:

https://dolphin.aspl.es/svn/publico/noptrace2/README

After that, you only have to update references and install it by running:

apt-get update
apt-get install noptrace2

After that, the module will be compiled using your current server/system settings and will be loaded if no problem is found.

How do I check if the module is actually blocking ptrace() calls?

Run the following command. You should get a “No child processes”:

strace -p 1
Process 1 attached - interrupt to quit
detach: ptrace(PTRACE_DETACH, ...): No child processes
Process 1 detached

How do I enable/disable it temporally?

You can use the following command to stop/unload the module causing ptrace() blocking to be removed:

service noptrace2 stop

At the same time, you can use the following command to reenable the module that blocks ptrace():

service noptrace2 start

Do this generates any operation log I can inspect?

Sure, take a look at your /var/log/syslog. You should get logs like this:

Jul 7 11:14:40 vulcan kernel: [4721108.617232] [noptrace2] ptrace syscall disabled
Jul 7 11:14:54 vulcan kernel: [4721122.990270] [noptrace2] ptrace() invoked against process 1 by process 20675
Jul 7 11:14:54 vulcan kernel: [4721122.990304] [noptrace2] ptrace() invoked against process 1 by process 20675
Jul 7 11:15:02 vulcan kernel: [4721130.689160] [noptrace2] ptrace() invoked against process 29912 by process 20746
Jul 7 11:15:02 vulcan kernel: [4721130.689188] [noptrace2] ptrace() invoked against process 29912 by process 20746
Jul 7 11:15:22 vulcan kernel: [4721150.219577] [noptrace2] ptrace syscall restored
Jul 7 11:15:44 vulcan kernel: [4721172.921028] [noptrace2] ptrace syscall disabled
Jul 7 18:11:15 vulcan kernel: [4746103.948870] [noptrace2] ptrace() invoked against process 1 by process 9821
Jul 7 18:11:15 vulcan kernel: [4746103.948897] [noptrace2] ptrace() invoked against process 1 by process 9821

Did you like the article, found it useful or something to comment?

That’s good. Please,  contact us at http://www.core-admin.com/portal/about-us/contact or follow use at https://twitter.com/core_adm or https://twitter.com/aspl_es

Pin It

Posted in: Administration, Debian, Debian Squeeze, Debian Wheezy, Linux Mint, Security, Ubuntu, Ubuntu Precise LTS

Leave a Comment (0) →

KB: 16052014-001: Fixing /usr/sbin/grub-probe: error: no such disk. for device /dev/md0 error

Posted by on May 16, 2014

So, you are running a Debian like system, and you are upgrading your kernel and during the process you the the following error:

update-initramfs: Generating /boot/initrd.img-2.6.32-5-amd64
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 2.6.32-5-amd64 /boot/vmlinuz-2.6.32-5-amd64
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 2.6.32-5-amd64 /boot/vmlinuz-2.6.32-5-amd64
Generating grub.cfg ...
/usr/sbin/grub-probe: error: no such disk.
run-parts: /etc/kernel/postinst.d/zz-update-grub exited with return code 1
Failed to process /etc/kernel/postinst.d at /var/lib/dpkg/info/linux-image-2.6.32-5-amd64.postinst line 799.

Possibly you are googling it out and you’ve found various solutions like the following links but none of them works:

http://www.linuxexpert.ro/Troubleshooting/grub-error-no-such-disk.html

https://lists.debian.org/debian-user/2011/06/msg00359.html

http://www.linuxquestions.org/questions/debian-26/usr-sbin-grub-probe-error-no-such-disk-922118/

The curious thing is that your system is running perfectly, there is no error at /proc/mdstat (please do a cat over that file just to be sure) and if you run a simple “ls -la ” over /dev/md0 and the disks components that made that disks you find out that everything is right. No error.

At some point, you find that you have to run the following command to “check” what’s grub-probe idea about your hardisks:

/usr/sbin/grub-probe --device-map=/boot/grub/device.map --target=fs -v /boot/grub

However, it is reporting at the end:

/usr/sbin/grub-probe: info: opening md0.
/usr/sbin/grub-probe: error: no such disk.

If you have all this elements in common, please, just be sure you have mdadm command available. It is possible that you have removed it by mistake. Because grub-probe uses mdadm –examine /dev/md0, it is confusing an error from that command with a command not found error.

Please, try the following to see if it works:

>> apt-get install mdadm
>> apt-get install -f

Note well for Core-Admin users

If you are running Core-Admin’s mdadm checker, it will ensure you have mdadm available apart from checking your hard disks and the details inside /proc/mdstat.

Please, be sure you have mdadm checker to ensure this error do not reach your system.

Pin It

Posted in: Administration, Debian, Debian Squeeze, KB

Leave a Comment (0) →

Get Core-Admin now!

Check out current Core-Admin editions available to see the one that fits your needs!

Get Core-Admin Now!