Howto: Disable MailMan

September 27, 2009    |   Posted by admin   |    Category: cPanel Management

To disable Mailman on a cPanel server, remove the execute permissions of the mailman wrapper

chmod -x /usr/local/cpanel/3rdparty/mailman/mail/wrapper

If you ever want to enable it:

chmod +x /usr/local/cpanel/3rdparty/mailman/mail/wrapper

Comments Off on Howto: Disable MailMan

Unable to fork: Cannot allocate memory

September 27, 2009    |   Posted by admin   |    Category: VPS Management

You see a message Unable to fork: Cannot allocate memory” while logging to a VPS from the host server. The reason is the VPS is running out of resources especially RAM. To temporary solve the issue, you may restart the VPS by executing

vzctl restart VEID

OR increase RAM for the VPS by increasing privvmpages and kmemsize for the VPS.

Edit the configuration file of the VPS

vi /etc/sysconfig/vz-scripts/veid.conf

increase the value of the above two parameters and restart the VPS.

2 Comments

To make a Plesk server PCI Compliance

September 27, 2009    |   Posted by admin   |    Category: PCI Compliance

How to make a Plesk server PCI Compliant?

Nowadays many of the Banks And Credit Card companies ask you to implement security standards on your server for client data protection which is known as PCI Compliance. Follow the below steps to achieve security standards on your server.

1 ) To turn off SSLv2 for port 8443 (Plesk port), create a file /usr/local/psa/admin/conf/httpsd.custom.include and insert the following lines:

SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!NULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:+SSLv3:+TLSv1:-SSLv2:+EXP:+eNULL

Once you insert the above lines, restart the ‘psa’ service and run the ‘openssl’ command to test:

service psa stopall
service psa start all
openssl s_client -connect localhost:8443 -ssl2

2) To turn off SSLv2 for port 443 (Apache SSL port), edit the file /etc/httpd/conf.d/ssl.conf and insert the following lines:

SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!NULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:+SSLv3:+TLSv1:-SSLv2:+EXP:+eNULL

Once you insert the lines, restart the ‘httpd’ service and run the ‘openssl’ command to test:

service httpd restart
openssl s_client -connect localhost:443 -ssl2

3) To turn off SSLv2 for 995 (POP3) and 993 (IMAP) ports, edit the following files

vi /etc/courier-imap/imapd-ssl
vi /etc/courier-imap/pop3d-ssl

comment the line which starts with “TLS_CIPHER_LIST” and insert the following line:

TLS_CIPHER_LIST=”ALL:!ADH:RC4+RSA:!SSLv2:!LOW:@STRENGTH”

restart the ‘courier-imap’ service and execute the ‘openssl’ command to test:

service courier-imap restart
openssl s_client -connect localhost:995 -ssl2
openssl s_client -connect localhost:993 -ssl2

4) To turn off SSLv2 for port 465(SMTPS), create the following files:

vi /var/qmail/control/tlsserverciphers
vi /var/qmail/control/tlsclientciphers

and insert the following code:

ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

Once done, restart the ‘qmail’ service and test the connection on SSLv2:

service qmail restart
openssl s_client -connect localhost:465 -ssl2

This will disable SSLv2 for all the SSL ports of your server.

5) To disable TRACE and TRACE for Apache, place the following lines in the Apache configuration file + in the VirtualHost of each domain:

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE|TRACK
RewriteRule .* – [F]

TraceEnable off

Save the file and restart the ‘httpd’ service.

6) I would recommend to use the secure port 8443 to access Plesk and block the non-secure one 8880.

iptables -A INPUT -p tcp -s 0/0 -–dport 8880 -j DROP
service iptables save
service iptables restart

7) In order to upgrade the PHP version, refer the post:

https://linuxhostingsupport.net/blog/?p=218

8 ) To turn off recursion for the bind service, edit the named configuration file:

vi /etc/named.conf

add the following line in the “options” section:

recursion no;

Save the file and restart the ‘named’ service.

12 Comments

Sending emails using a different IP address

September 26, 2009    |   Posted by admin   |    Category: Linux Administration

You can send emails of your server from an additional IP of your server instead of the main IP using iptables. Here is the iptable command:

iptables -t nat -A POSTROUTING -o eth0 -p tcp -j SNAT –dport 25 –to-source IPAddress

where, “IPAddress” is the additional IP of your server. To save the rule, execute

service iptables save

This will make the settings permanent and you can check the rule using

iptables -L -t nat

Comments Off on Sending emails using a different IP address

additional RAM on Xen VPS

September 22, 2009    |   Posted by admin   |    Category: VPS Management

If you wish to add additional RAM on a Xen based VPS, you need to follow the below steps:

#Search the VM name:

xm list

#Edit the VM’s configuration file. Update the required value and save the file:

vi /home/xen/vmname/vmname.cfg

#To stop and start the VPS, follow the below steps:

xm destroy vmname
xm create /home/xen/vmname/vmname.cfg

#Once the VM is rebooted, login to the console of the VPS and check the allotted RAM:

xm console vmname.vm
free -m

Hope this helps.

Comments Off on additional RAM on Xen VPS
« Previous Entries
Next Entries »