Plesk 12.x / Linux :: Disable Root Account For Panel
Feb 8, 2015Is it possible to disable to root login to the panel? I do not mean the SSH login.
View 4 RepliesIs it possible to disable to root login to the panel? I do not mean the SSH login.
View 4 RepliesI have several clients still using WinXP. How do I disable SNI for SSL certificates ( and just use old IP way )?
View 18 Replies View RelatedI found that in the Autoinstaller that there is an option to remove the Plesk Panel as a component. One of my customers ended up selecting this option and nuked all the psa functions. As you can imagine this was a nightmare for them since Plesk went away on them.
Is there a way to disable this feature either pre or post Plesk installation (or both) so future customers don't have this option? If there is a way to do this (and of course enabling it again if necessary)....
I am trying to change color of directories. I can do that for root by editing .bashrc under /root. How can I do that for other users created under parallels? Their home directories are /var/www/vhosts/domain.com Using root account, I created .bashrc under those directory and chown to the user. But colors are not changing. I also adding the color in /etc/bashrc system wide file and it does not work either.
View 2 Replies View RelatedMeaning you can't use the user root to login to WHM.
Is that possible?
I tried to disable direct root login but had to struggle to find step-by-step instructions and have written the steps one needs to follow to disable direct root login.
This is an additional security measure where we prevent direct root logins and instead create a user to login and then use a command ‘su –‘ to gain root privileges.
The only risk in this procedure is that you may prevent root login but forget to add the user to the wheel group - effectively locking yourself out of the system.
Follow the steps below and you will not face a problem.
STEP 1: Let us create a user and add it to the wheel group.
For e.g. we want to create a user neonix and give him root privileges.
SSH into your server as root and follow the below commands to create a user.
groupadd neonix
useradd neonix –gneonix
passwd neonix
enteryouruserpasswordhere
verifyyouruserpasswordhere
// Please note -g in the second line
// You can replace neonix with any username of your choice.
STEP 2: Add user to wheel group.
Use your browser to Login to your WHM panel and click on Manage Wheel Group Users.
You will see the user you just added (neonix). Select the user and click ‘Add to group’.
You will see that the user has been added –
Users Currently in the wheel group root,neonix
You have successfully added a user to the 'wheel' group who will be able to 'su -' to root.
LOGOUT OF SSH
Before we disable root login, let us check if the user can login and su – to gain root privileges.
SSH into your server as 'neonix'
Login as: neonix
Password : enteryouruserpasswordhere
su –
password: enter root password here
You have successfully logged in and have root privileges. Now let us disable root login.
STEP 3: Disable Direct Root Login
(The below steps are from webhostgear.com)
1. Copy and paste this line to edit the file for SSH logins
pico -w /etc/ssh/sshd_config
2. Find the line
Protocol 2, 1
3. Uncomment it (Remove #) and change it to look like
Protocol 2
4. Next, find the line
PermitRootLogin yes
5. Uncomment it (Remove #) and make it look like PermitRootLogin no
6. Save the file Ctrl+X then Y then enter
7. Now you can restart SSH
/etc/rc.d/init.d/sshd restart
Now, no one will be able to login to root with out first logging in as 'neonix' and 'su -' to root, and you will be forcing the use of a more secure protocol.
Just make sure you remember both passwords!
Nginx is listening on port 7080 with ipv6 protocol only.ipv6 isn't use on the server (ipv4 only).If I disable ipv6 support on the server, is this stopping nginx to use ipv6 ? (and some other process)How can I disable IPv6 on Plesk 12 ?
View 3 Replies View RelatedI already posted this as a bug report and now wanted to inform other users.
Starting with Plesk 11.5, the file "/opt/psa/var/modules/firewall/firewall-emergency.sh" contains the following line:
Code:
rm -f /opt/psa/var/modules/firewall/active.flag
That line stems from updating
Code:
Preparing to replace psa-firewall 11.0.9-debian6.0.build110120608.16 (using .../psa-firewall_11.5.30-debian6.0.build115130819.13_amd64.deb) ...
Unpacking replacement psa-firewall ...
Now, when you stop the firewall, you cannot start it again, cause deleting the active.flag disables the firewall:
Code:
# ll /opt/psa/var/modules/firewall/active.flag
-rw-r--r-- 1 root root 0 2013-11-26 09:22 /opt/psa/var/modules/firewall/active.flag
# /etc/init.d/psa-firewall stop
psa-firewall: firewall successfully disabled
# ll /opt/psa/var/modules/firewall/active.flag
ls: cannot access /opt/psa/var/modules/firewall/active.flag: No such file or directory
# /etc/init.d/psa-firewall start
psa-firewall: service is disabled
You then have to manually "touch" the active.flag to be able to start the firewall again. A workaround is to remove the line:
Code:
sed -i 's:rm -f /opt/psa/var/modules/firewall/active.flag::' /opt/psa/var/modules/firewall/firewall-emergency.sh'
I really hope that Parallels fixes this asap, as normally you won't notice that the firewall is not active when every works fine (nothing is blocked) and Plesk still shows all the rules.
I setup and enable fail2ban by Plesk 12 (tools and settings). What happens is, few days after i am unable to access this option again. I got time out
I've tried to disable by ssh "fail2ban-client stop" and nothing... the command become loading and never conclude,
how to remove or stop fail2ban ?
I have 2 server with CENTOS 7 and PLESK 12. In 1 server yum repository atomic is enabled, in the other is disabled. It should be enabled?
View 12 Replies View RelatedI would like my clients only to be able to access Plesk Panels from a certain domain, instead all from or with all the domains hosted on our server, is there a way to accomplish that?
View 1 Replies View RelatedI recently upgraded phones and forgot that my google authenticator keys were on my old phone. I am now unable to log in to the Plesk admin panel. I of course still have SSH access. How can I disable the Google Authenticator so I can regain access?
View 6 Replies View RelatedAre some days that in the root of my server there is a folder without a name. I think it is fail2ban to create this folder? Only I have access to the server.
View 11 Replies View RelatedThe premium antivirus when enabled it automatically sends notifications to both sender and server admin. I wish to disable the the notification to the sender and also only send a summary email weekly to the admin.
View 3 Replies View RelatedI'm just wondering whether it is possible to only offer POP and disable IMAP for a particular service plan?
View 2 Replies View RelatedIs it possible disable or uninstall 'WordPress Toolkit' for Plesk 12.x?
View 2 Replies View RelatedI need to disable apache access logs. I commented out the access log path in /etc/httpd/conf/httpd.conf and restarted the server but it's still logging access.
View 3 Replies View RelatedIs it possible to control if nginx is active on a per domain basis? If so, how do we configure this. If not, how do we disable nginx completely?
View 3 Replies View RelatedSometimes my clients install untrusted scripts to their account what causes spamming, because these scripts sending high number of spam emails. Is there an automatically way to disable php mail function, or disable the account temporary?
[URL]
is there any way to disable automatic updates completely ? Because the lowest option in the panel is:
"Notify me about available updates but do not automatically install them" (Critical security updates will still be installed automatically.)
And while I can't figure out, which files are going to be updated even on this minmalistic setting, I have to disable it completely.
I have migrated User from Confixx 3.3.9 to Plesk and now it works fine.
In the Subscriptions i have disable the Feature Backup for the Costumers, but it dosent take an effect.
So i Turn it on and off again. But there was also no effect.
We run a high traffic server and the access logs get filled up very quick. I know we could implement rotation, but I would also like to prevent performance loss by having an access log, doesnt matter how marginal that would be.
View 6 Replies View RelatedI am trying to secure my VPS and one thing noted in a recent scan was SSL v2 and v3 being supported for SMTP, POP3 and IMAP. So a check of ‘Disabling SSLv3 Support on Servers’ and the Postfix configuration settings suggest:
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
# Preferred syntax with Postfix = 2.5:
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3​
This actually goes further than disabling SSLv2 and v3 and also excludes the use of NULL and MD5 ciphers.
The Postfix conf file, main.cf exists in two places on my VPS:
# find / -name main.cf
/usr/libexec/postfix/main.cf
/etc/postfix/main.cf​
Examining both only the copy in /etc/postfix/ is configured and at the end of this file I can find all the Plesk settings, including some RBLs I’ve defined via the UI. Hence I know this is the working config as of the two, it’s the only one actually configured. Hence I add the required commands to the config:
...
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
[Code] ....
I then go to the Plesk Tools & Settings > Services Management and restart:
SMTP Server (Postfix)
And for good measure:
Plesk milter (Postfix)
I then test whether SSLv2 is enabled:
# openssl s_client -connect x.x.x.x:25 -starttls smtp -ssl2​
Now what I should get back is an error as the attempt to connect with SSLv2 should fail as it's an excluded protocol, but instead what I get back is the Plesk cert and a connection:
# openssl s_client -connect x.x.x.x:25 -starttls smtp -ssl2
CONNECTED(00000003)
depth=0 C = US, ST = Virginia, L = Herndon, O = Parallels, OU = Parallels Panel, CN = Parallels Panel, emailAddress = info@parallels.com
verify error:num=18:self signed certificate
...​
Why? What do I need to do to have Postfix use the updated config and refuse an SSL2 connection?
I seem to have the same issue with Courier having made similar changes to the /etc/courier-imap/pop3d-ssl file:
# Iain 2014-12-12
# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
TLS_CIPHER_LIST="TLSv1:HIGH:MEDIUM:!LOW:!EXP:!NULL:!aNULL@STRENGTH"​
And /etc/courier-imap/imapd-ssl file:
# Iain 2014-12-12
# TLS_PROTOCOL=SSL23
TLS_PROTOCOL=TLS1​
actually, this should probably read:
# Iain 2014-12-12
# TLS_PROTOCOL=SSL23
TLS_PROTOCOL=TLS1, TLS1.1, TLD1.2​
Why am I unable to disable SSL v2 and v3 for SMTP/POP3/IMAP with Postfix and Courier?
We have tested one of our CentOS 6.6 Plesk 12 servers to see if it was vulnerable to the poodle attack using the poodle.sh script from [URL] .... and found it was.
Then downloaded the special script from the same article run the script and re tested and everything was no longer vulnerable. But then started getting complaints from customers that they could not send email anymore and looking at it found errors like:
qmail: 1436280789.522657 delivery 768: deferral: TLS_connect_failed:_error:14082174:SSL_routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh_key_too_small;_connected_to
After looking in the forum found an extended cyphers list, which when used starts to allow email to be sent as normal. But then checking with the vulnerability script agian find that it has also allowed connections to ports 587 and 465 agian via SSL3v
Webmail used is Roundcube and Horde.
I have a client using a very old email client ( Eudora on Mac OS 9 ) and he cannot send email using our Plesk server.
The error reads...
I said: RSET
And then the SMTP server said: 530 5.7.0 Must issue a STARTTLS command firstClick to expand...
Are that possible to change root password on plesk?
I have a man so work for me on my server and install double php version on my server and maybe it`s best and change password to root!
So no one have access to my root more.
I tried to setup a cronjob to run a php script. Something simple like this:
php /var/www/vhosts/onlinehome-server.info/mydomain.co.uk/script.php
didn't worked. So I used the terminal as root and I noticed that php is not running script not even as root.
not even commands like php -v works. I don't get any error back.
Plesk version 12.0
My root partition has been growing slowly but steadily over the last weeks, which makes me uncomfortable being now at 60%.
We are running V 12.0.18
Looking into possible causes found in /root/parallels/ all these packages:
4 drwxr-xr-x 2 root root 4096 Sep 20 04:03 APACHE_2.2.27
4 drwxr-xr-x 2 root root 4096 Sep 20 04:03 BILLING_12.0.18
4 drwxr-xr-x 2 root root 4096 Sep 20 04:03 MYSQL_5.5.37
4 drwxr-xr-x 2 root root 4096 Sep 20 04:03 NGINX_1.6.0
[Code] ....
i have installed phpMyAdmin becouse I don't like the limitation of db management of Plesk, but I can't find the root password to access in it. I read that Plesk rename "root" user in "admin", but I can't find the password. Where is it?
View 4 Replies View RelatedI think it is possible, but just to be sure...
Default document root is:
var/www/vhosts/www.mysite.com/httpdocs/
Can I change it to:
var/www/vhosts/www.mysite.com/web/
A simple "yes" or "no" will do...
I have 2 IPs for my vServer. Plesk automatically add both addresses to the Plesk Panel. One of the ip address I want to use for another service (openvpn). The Problem is, that i can't delete the IP from the Plesk panel.
I got the message: Fehler: String was provided for unescaped parameter host.
There are no reseller or customers who use this IP. So how can i solve this problem and delete the IP from the Panel?
Using Plesk 12.0.18