Plesk 12.x / Linux :: Unable To Disable Or Modify Firewall Configuration
Jul 8, 2014
I am unable to disable or modify the firewall by using the plesk firewall extention. Plesk throw the two errors below:
Code:
Error: Could not disable firewall:
util_exec(.., 'proc_open') failed: file does not exist or is not executable: /opt/psa/admin/bin/modules/firewall/register_service
Code:
Error: Could not activate firewall configuration:
util_exec(.., 'proc_open') failed: file does not exist or is not executable: /opt/psa/admin/bin/modules/firewall/safeact
I checked the symlinks, they point to the same location: /opt/psa/admin/bin/modules/firewall/mod_wrapper
-r-s--x--- 1 root root 18896 Jun 6 10:37 mod_wrapper
Applying Plesk firewall changes? I make my change, apply and get to:
Status: Applying in progress. If your browser shows connection error messages, or if this screen does not disappear in more than 30 seconds, go to previous page.
And there things stay. Going back to look at the firewall I can see the change haven't been applied, and going to apply just results in the same. No error, just no anything. It also took numerous attempts to get firewall modification to be swtich on although finally at about the eighth attempt changes were enabled. Only now I can't apply them ...
# ll /opt/psa/var/modules/firewall/active.flag ls: cannot access /opt/psa/var/modules/firewall/active.flag: No such file or directory
# /etc/init.d/psa-firewall start psa-firewall: service is disabled
You then have to manually "touch" the active.flag to be able to start the firewall again. A workaround is to remove the line:
Code: sed -i 's:rm -f /opt/psa/var/modules/firewall/active.flag::' /opt/psa/var/modules/firewall/firewall-emergency.sh'
I really hope that Parallels fixes this asap, as normally you won't notice that the firewall is not active when every works fine (nothing is blocked) and Plesk still shows all the rules.
I am trying to secure my VPS and one thing noted in a recent scan was SSL v2 and v3 being supported for SMTP, POP3 and IMAP. So a check of ‘Disabling SSLv3 Support on Servers’ and the Postfix configuration settings suggest:
Examining both only the copy in /etc/postfix/ is configured and at the end of this file I can find all the Plesk settings, including some RBLs I’ve defined via the UI. Hence I know this is the working config as of the two, it’s the only one actually configured. Hence I add the required commands to the config:
... smtpd_tls_key_file = $smtpd_tls_cert_file smtpd_tls_security_level = may smtpd_use_tls = yes smtp_tls_security_level = may
[Code] ....
I then go to the Plesk Tools & Settings > Services Management and restart:
Now what I should get back is an error as the attempt to connect with SSLv2 should fail as it's an excluded protocol, but instead what I get back is the Plesk cert and a connection:
# openssl s_client -connect x.x.x.x:25 -starttls smtp -ssl2 CONNECTED(00000003) depth=0 C = US, ST = Virginia, L = Herndon, O = Parallels, OU = Parallels Panel, CN = Parallels Panel, emailAddress = info@parallels.com verify error:num=18:self signed certificate ...
Why? What do I need to do to have Postfix use the updated config and refuse an SSL2 connection?
I seem to have the same issue with Courier having made similar changes to the /etc/courier-imap/pop3d-ssl file:
On Plesk 11.5.30 I have just patched with SSLfix.sh. [URL] ......
When I run an ssl check I get - Certificate name mismatch
I am also getting the following message
Unable to generate the web server configuration file on the host because of the following errors: Template_Exception: apache2: Syntax error on line 211 of /etc/apache2/apache2.conf: Syntax error on line 73 of /etc/apache2/mods-enabled/ssl.conf: </IfModule>SSLHonorCipherOrder without matching <IfModule>SSLHonorCipherOrder section
I recently received this messsage from in my mailbox "Unable to generate the web server configuration file on the host <nsxxxxxxx.ovh.net>" which is coming now every hour for 4 days now.
I first tried to regenerate an apache conf file with the magic on my Centos 6:
I just installed the Health Monitor add-on in a brand new Plesk 11.5.30 on CentOS 6.4 but all that it's area in Plesk displays is this funky looking error:
{"status":"error","statusMessages":[{"status":"error","class":"","content":"Unable to load configuration file.Click to expand...
I have a one problem in my server . I use in Parallels Plesk v12.0.18_build1200140606.15 os_CentOS 6 I vps in systemOS CentOS6.6 Final Minimal and installing plesk health monitor show error in :
{"status":"error","statusMessages":[{"status":"error","class":"","content":"Unable to load configuration file.
I can not log into to plesk right now. It's display message " Unable to read Control Panel configuration file: date_default_timezone_get() [function.date-default-timezone-get]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_ timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier.We selected 'Asia/Krasnoyarsk' for '7.0/no DST' instead".
I'm unable to access my plesk control panel .its giving this error "Unable to read Control Panel configuration file";tried all available solution for permissions but the problem remains.
Nginx is listening on port 7080 with ipv6 protocol only.ipv6 isn't use on the server (ipv4 only).If I disable ipv6 support on the server, is this stopping nginx to use ipv6 ? (and some other process)How can I disable IPv6 on Plesk 12 ?
I have almost everything setup for my VPS except for the firewall.
Someone told me that you can screw up your VPS if you configure your firewall incorrectly.
Can someone please guide me through? Which firewall should I use? and what all configurations should I make?
My VPS is on Debian 4 and I already have webmin configured on it. It does shows me an option to install a firewall but I just dont have enough courage to do so.
I would like my clients only to be able to access Plesk Panels from a certain domain, instead all from or with all the domains hosted on our server, is there a way to accomplish that?
I recently upgraded phones and forgot that my google authenticator keys were on my old phone. I am now unable to log in to the Plesk admin panel. I of course still have SSH access. How can I disable the Google Authenticator so I can regain access?
I already get a new firewall for my server cisco ASA and I don't know how to config it is there any rules to get protection from shell and virus trojan as example
I want to run a firewall on my LAMP server. I'm using Ubuntu 6.10 server. Previously I used firehol to achieve this but the new version of the kernel I'm using doesn't seem to be compatible. So I went to try ipkungfu instead and that didn't work saying "my kernel doesn't support LOGS". So basically I'm going to need to play around with iptables myself. I've been reading up on TCP/IP in order to learn how to do this but, well, it's really not very much fun. SoDoes anybody have a bunch of iptables commands I can use to set up a basic firewall to block all requests except certain ones (I don't need anything complex like forwarding)?
The premium antivirus when enabled it automatically sends notifications to both sender and server admin. I wish to disable the the notification to the sender and also only send a summary email weekly to the admin.
I need to disable apache access logs. I commented out the access log path in /etc/httpd/conf/httpd.conf and restarted the server but it's still logging access.
