DirectAdmin: Adding a DMARC record to help lower your spam score

What is DMARC?

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.

Who Can Use DMARC?

DMARC policies are published in the public Domain Name System (DNS), and available to everyone. Because the specification is available with no licensing or similar restriction, any interested party is free to implement it.

Continue reading “DirectAdmin: Adding a DMARC record to help lower your spam score”

Failed to start Apply Kernel Variables

Hello

I’m running Debian 8 (Jessie).

Last week I updated the server and got an error:

● systemd-sysctl.service - Apply Kernel Variables
   Loaded: loaded (/lib/systemd/system/systemd-sysctl.service; static)
   Active: failed (Result: exit-code) since Thu 2018-06-07 17:47:02 EEST; 2min 1s ago
     Docs: man:systemd-sysctl.service(8)
           man:sysctl.d(5)
  Process: 1907 ExecStart=/lib/systemd/systemd-sysctl (code=exited, status=1/FAILURE)
 Main PID: 1907 (code=exited, status=1/FAILURE)

Jun 07 17:47:02 kvm1.prado.lt systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE
Jun 07 17:47:02 kvm1.prado.lt systemd[1]: Failed to start Apply Kernel Variables.
Jun 07 17:47:02 kvm1.prado.lt systemd[1]: Unit systemd-sysctl.service entered failed state.

then, I checked that the journald daemon has collected by using the journalctl command

journalctl -xn
-- Logs begin at Thu 2018-04-19 01:13:40 EEST, end at Thu 2018-06-07 17:52:19 EEST. --
Jun 07 17:52:12 kvm1.prado.lt systemd-sysctl[2467]: Failed to write '262144' to '/proc/sys/vm/max_map_count': Permission denied
Jun 07 17:52:12 kvm1.prado.lt systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE
Jun 07 17:52:12 kvm1.prado.lt systemd[1]: Failed to start Apply Kernel Variables.
-- Subject: Unit systemd-sysctl.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit systemd-sysctl.service has failed.
-- 
-- The result is failed.
Jun 07 17:52:12 kvm1.prado.lt systemd[1]: Unit systemd-sysctl.service entered failed state.
Jun 07 17:52:19 kvm1.prado.lt systemd[1]: Starting Apply Kernel Variables...
-- Subject: Unit systemd-sysctl.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit systemd-sysctl.service has begun starting up.
Jun 07 17:52:19 kvm1.prado.lt systemd[1]: Failed to reset devices.list on /system.slice/systemd-sysctl.service: No such file or directory
Jun 07 17:52:19 kvm1.prado.lt systemd-sysctl[2506]: Failed to write '262144' to '/proc/sys/vm/max_map_count': Permission denied
Jun 07 17:52:19 kvm1.prado.lt systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE
Jun 07 17:52:19 kvm1.prado.lt systemd[1]: Failed to start Apply Kernel Variables.
-- Subject: Unit systemd-sysctl.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit systemd-sysctl.service has failed.
-- 
-- The result is failed.
Jun 07 17:52:19 kvm1.prado.lt systemd[1]: Unit systemd-sysctl.service entered failed state.

To load all configuration files manually, execute

sysctl --system

Once the command has been successfully executed, I found where the problem is.

* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /usr/lib/sysctl.d/elasticsearch.conf ...
sysctl: permission denied on key 'vm.max_map_count'
* Applying /etc/sysctl.conf ...

Now it’s time to open the file /usr/lib/sysctl.d/elasticsearch.conf where we will need to comment one line and problem should be solved.

We should change one line from

vm.max_map_count=262144

to

#vm.max_map_count=262144

Now we should to restart a service using the command

systemctl restart systemd-sysctl.service

And now we can make sure the service is up and running properly using the command

status systemd-sysctl.service
● systemd-sysctl.service - Apply Kernel Variables
   Loaded: loaded (/lib/systemd/system/systemd-sysctl.service; static)
   Active: active (exited) since Wed 2018-06-13 22:29:05 EEST; 5s ago
     Docs: man:systemd-sysctl.service(8)
           man:sysctl.d(5)
  Process: 31532 ExecStart=/lib/systemd/systemd-sysctl (code=exited, status=0/SUCCESS)
 Main PID: 31532 (code=exited, status=0/SUCCESS)

Enabling DNSSSEC on your DirectAdmin server

DNSSEC is a tool used to verify the validity of a dns lookup.
You can enable this feature in DirectAdmin 1.44.1 and newer by typing:

cd /usr/local/directadmin/scripts
./dnssec.sh install

After the command has been successfully executed. Please add the following to the ‘options { …. }’ section of your /etc/bind/named.conf.options:

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/bind/named.iscdlv.key";

which should confirm if your named.conf is set, and will enable the dnssec=1 in the directadmin.conf automatically. If the script thinks you’re missing anything from your named.conf, it will tell you what to add.

To enable DNSSEC on a domain, go to:
Admin Level -> DNS Admin -> prado.lt

1. Click “Generate Keys”
2. then click “Sign”

3. You should now see values at the bottom of the zone. Copy the 2 DS records, and paste them into your domain registrar’s website.

If you have any subdomains created as full domains, you’ll need to follow extra steps to continue the chain of trust up the line into the main domain’s zone. For normal subdomains created under a domain, no extra action is required, as they’re part of the domain’s normal zone.

Configure Fail2Ban for permanent and persistent bans

If you’re running server, you probably know its exposed services are constantly being probed and attacks are being attempted against it. Fortunately, an extremely useful, nice and nifty tool is here to help: Fail2Ban.

Fail2Ban scans service’s log files for patterns defined as regular expressions and, if an offending pattern is found a certain number of times within a given time frame, the corresponding source IP is banned for a configurable time, using local firewall rules such as iptables.

Continue reading “Configure Fail2Ban for permanent and persistent bans”

Security & bug fix releases PHP 7.1.18, 7.2.6

Security & bug fix releases

http://php.net/ChangeLog-7.php#7.1.18

http://php.net/ChangeLog-7.php#7.2.6

The PHP development team announces the immediate availability of PHP 7.2.6. This is a primarily a bugfix release which includes a memory corruption fix for EXIF.

PHP 7.2 users are encouraged to upgrade to this version.
The PHP development team announces the immediate availability of PHP 7.1.18. All PHP 7.1 users are encouraged to upgrade to this version.

Security & bug fix releases PHP 5.6.36, 7.0.30, 7.1.17, 7.2.5

Security & bug fix releases

http://php.net/ChangeLog-5.php#5.6.36

http://php.net/ChangeLog-7.php#7.0.30

http://php.net/ChangeLog-7.php#7.1.17

http://php.net/ChangeLog-7.php#7.2.5

The PHP development team announces the immediate availability of PHP 7.2.5. This is a security release which also contains several minor bug fixes.

All PHP 7.2 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.0.30. This is a security release. Several security bugs have been fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

DirectAdmin announced that all DirectAdmin and CustomBuild 2.0 now support MySQL 5.7

Hello,

DirectAdmin announced that all DirectAdmin and CustomBuild 2.0 now support MySQL 5.7.

Related changes done to DirectAdmin to support it:
https://www.directadmin.com/features.php?id=1840

It was actually added back in DA 1.52.0 (October 2017), while DA 1.53.0 is the current version, but wasn’t announced right away to give time for proper testing, which seems to all check out now.

MAKE SQL BACKUPS BEFORE UPGRADING see below.

CustomBuild 2.0 should automatically set the mysql_milestone_16=1 directadmin.conf value for you, so as long as CB2 does the upgrade, you should be fine.

To do the upgrade from an older MySQL version to MySQL 5.7, run:

Code:
cd /usr/local/directadmin/custombuild
./build set mysql 5.7
./build set mysql_inst mysql
./build set mysql_backup yes
./build update

#make a backup that wont be overwritten, rename the folder
./build mysql_backup
mv mysql_backups mysql_backups.`date +%F`

./build mysql
./build php n
service httpd restart

Related guide:
https://help.directadmin.com/item.php?id=240

If you’re running MariaDB, then switching to MySQL might not be 100% straightforward, as higher versions of MariaDB cannot be directly switched over. But (for example), if you’re running a working MariaDB 5.5, then switch to MySQL 5.5, then switch to MySQL 5.7.

[DirectAdmin] How to upgrade MariaDB 10.2.14 with custombuild 2.0

The MariaDB project is pleased to announce the availability of MariaDB 10.2.14 and MariaDB 10.1.32, both stable releases, as well as MariaDB Connector/J 2.2.3, the latest stable release in the MariaDB Connector/J 2.2 series, and MariaDB Connector/J 1.7.3, the latest stable release in the MariaDB Connector/J 1.7 series. See the release notes and changelogs for details.

wget https://downloads.mariadb.org/f/mariadb-10.2.14/bintar-linux-x86_64/mariadb-10.2.14-linux-x86_64.tar.gz/from/http%3A//mariadb.mirror.serveriai.lt/?serve -O mariadb-10.2.14-linux-x86_64.tar.gz
perl -pi -e "s#mariadb10.2:.*#mariadb10.2:10.2.14:fd03510308c0387497416d63ebfe8fb9#" versions.txt
./build mariadb