libssh2 is a client-side C library implementing the SSH2 protocol.
Continue reading “Install libssh2 for curl on DirectAdmin server”
Install mcrypt for PHP 7.2 / 7.3 on DirectAdmin server
The mcrypt extension is included in PHP 5.4 through PHP 7.1. It was removed from PHP 7.2 and moved to an unofficial PECL extension because the mcrypt library is no longer maintained.
Continue reading “Install mcrypt for PHP 7.2 / 7.3 on DirectAdmin server”
DirectAdmin 1.57.3 has been released
Hello,
DirectAdmin pleased to announce the release of DirectAdmin 1.57.3.
All Changes:
directadmin.com/versions.php?version=1.573
New Features:
- Additional User notice at 100% disk usage. https://www.directadmin.com/features.php?id=2394
- One-Click compess & download on folders in FileManager. https://www.directadmin.com/features.php?id=2396
- Cpanel-to-DirectAdmin automatic conversion. https://www.directadmin.com/features.php?id=2398
- Ability to hide CPU info in Server Information https://www.directadmin.com/features.php?id=2403
- JSON Options to save skin-specific settings. https://www.directadmin.com/features.php?id=2399
Bugs / Security:
- Lower php-fpm max_children limit for new installs. https://www.directadmin.com/features.php?id=2402
- Various security improvements. https://www.directadmin.com/features.php?id=2404
- SSH Keys: Unable to Edit. https://www.directadmin.com/features.php?id=2400
- Tally log rotation to use USR1. https://www.directadmin.com/features.php?id=2395
Source: DirectAdmin
Critical root vulnerability on server [CVE-2019-10149 Exim <4.92]
Today I received an email from Linux Malware Detect Software on the vulnerability of my server and would like to share with you how to resolve this issue. Below is the content an email.
Important security notice, The Linux Malware Detect installation running on server has detected that you may be vulnerable to a critical remote code execution vulnerability. The currently installed version of Exim MTA v4 improperly validates recipient addresses and can allow malicious code execution to take place. This may provide a path for malicious actors to gain root access, remotely, to this system. This vulnerability currently has known exploits circulating with both targeted and automated compromises taking place against vulnerable systems. Please upgrade Exim to version 4.92 or a known patched earlier version immediately. Alternatively, if upgrading is not an immediate option, consider disabling the Exim MTA service as soon as possible.
Disable Exim:
touch /etc/eximdisable service exim stop systemctl disable exim chkconfig exim off
Upgrade Exim:
1. DirectAdmin:
cd /usr/local/directadmin/custombuild ./build update ./build set exim yes ./build set eximconf yes ./build update ./build exim ./build exim_conf
2. cPanel https://documentation.cpanel.net/display/CKB/CVE-2019-10149+Exim
RedHat / CentOS
https://pkgs.org/download/exim
Further reading:
https://blog.cpanel.com/exim-cve-2019-10149-protect-yourself/
https://documentation.cpanel.net/display/CKB/CVE-2019-10149+Exim
https://www.exim.org/static/doc/security/CVE-2019-10149.txt
https://access.redhat.com/security/cve/cve-2019-10149
How to disable Let’s Encrypt for the hostname
If you want to replace the certificate for your hostname with a custom certificate but you had enabled Let’s Encrypt, you will need to disable Let’s Encrypt for the hostname first. The following command let’s DirectAdmin know that it does not need to renew the Let’s Encrypt certificate. This is required as DirectAdmin will renew the certificate +/- 60 days after the last renewal, even when the Let’s Encrypt certificate is not installed.
rm -rf /usr/local/directadmin/data/users/user_name/domains/domain_name.lt.san_config rm -rf /usr/local/directadmin/data/users/user_name/domains/domain_name.lt.cert.creation_time
ERROR: version of exim_conf_46 not found in versions.txt!
Hi,
I get the following error when running
cd /usr/local/directadmin/custombuild ./build clean ./build update ./build versions ./build update_versions
Try to execute these commands and the problem should be resolved.
cd /usr/local/directadmin/custombuild ./build update ./build set exim yes ./build set eximconf yes ./build set eximconf_release 4.5 ./build set spamassassin yes ./build update ./build exim ./build exim_conf
DirectAdmin 1.55.0 has been released
Hello,
DirectAdmin pleased to announce the release of DirectAdmin 1.55.0.
This is a major release with many new features and many bugfixes.
The full list of changes can be found here:
https://www.directadmin.com/versions.php?version=1.550
Some of notable items:
Changes
- mail_sni=1 enabled by default for new installs
- Disable cron MAILTO by default for new accounts
- Maintain Cron order via zero padding 001, 002, etc.
- Default proftpd.conf ciphers update
Features
- Current DirectAdmin version now in DNS, to save requests/loads
- SSH Keys including global keys for accounts below Resellers/Admins.
- Services Monitor backup PID method based on boot script instead of exact name match.
- Rename Package so it doesn’t copy (optional)
- named_service_override=bind9 in case you cannot use “named”.
- Domain Setup: Force SSL redirect
- LetsEncrypt: Allow 5 renewal failures before sending any failure notice
- Any debug mode ending in 7 includes date/time
- Pointers: optional redirect to www.domain.com or domain.com
- Pointers: can be “Local Mail” or remote mail
Bug-fixes
- JSON: can add httpd “X-Json: yes” header to ensure json output for errors before parsing
- JSON: incorrect newline encoding
- Tables: major search speed improvement
- DNS: ensure no zone write race condition
- Login Keys now enabled for Admins by default as they should have been
- Backup: create full path, instead of just single directory when append/has/multiple/dirs
- Pointers https redirect for nginx now redirect to https on main domain
- LetsEncrypt: basic locking for background requests
- Domain Rename: ensure all cust_httpd.## files are renamed
Enjoy!
John
Source: DirectAdmin
YUM: undefined symbol: CRYPTO_set_locking_callback
There was a problem importing one of the Python modules
required to run yum. The error leading to this problem was:
/usr/lib64/python2.6/site-packages/pycurl.so: undefined symbol: CRYPTO_set_locking_callback
Please install a package which provides this module, or
verify that the module is installed correctly.
It’s possible that the above module doesn’t match the
current version of Python, which is:
2.6.6 (r266:84292, Aug 18 2016, 15:13:37)
[GCC 4.4.7 20120313 (Red Hat 4.4.7-17)]
If you cannot solve this problem yourself, please go to
the yum faq at:
http://yum.baseurl.org/wiki/Faq
Continue reading “YUM: undefined symbol: CRYPTO_set_locking_callback”
Error building curl 7.62.0 on Directadmin server against OpenSSL 1.0.1
If you have a custom installation of cURL to support of HTTP/2 and the recent version 7.62.0 fails to built with the error:
vtls/openssl.c: In function 'Curl_ossl_seed':
vtls/openssl.c:454:5: error: implicit declaration of function 'RAND_egd' [-Werror=implicit-function-declaration]
int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]?
^
cc1: some warnings being treated as errors
Makefile:2425: recipe for target 'vtls/libcurl_la-openssl.lo' failed
make[2]: *** [vtls/libcurl_la-openssl.lo] Error 1
make[2]: Leaving directory '/usr/local/directadmin/custombuild/curl-7.62.0/lib'
Makefile:1028: recipe for target 'all' failed
make[1]: *** [all] Error 2
make[1]: Leaving directory '/usr/local/directadmin/custombuild/curl-7.62.0/lib'
Makefile:929: recipe for target 'all-recursive' failed
make: *** [all-recursive] Error 1
*** The make has failed, would you like to try to make again? (y,n):
we’ve got a solution for you.
Continue reading “Error building curl 7.62.0 on Directadmin server against OpenSSL 1.0.1”
Security & bug fix releases PHP 5.6.37, 7.0.31, 7.1.20, 7.2.8
The PHP development team announces the immediate availability of PHP 5.6.37. This is a security release. Several security bugs have been fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.
The PHP development team announces the immediate availability of PHP 7.0.31. This is a security release. Several security bugs have been fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.
The PHP development team announces the immediate availability of PHP 7.1.20. This is a security release. Several security bugs have been fixed in this release. All PHP 7.1 users are encouraged to upgrade to this version.
The PHP development team announces the immediate availability of PHP 7.2.8. This is a security release which also contains several minor bug fixes.
All PHP 7.2 users are encouraged to upgrade to this version.