Unable to upgrade Plesk from 11.5.x ?

When trying to run an upgrade from Plesk panel or via scripts from the back-end, does this process gets halt due to the error given below ?

Tpsa-proftpd-1.3.5-6.el5.art.x86_64.rpm | 1.7 MB 00:00 warning: xxxx: Header V3 RSA/SHA1 signature: NOKEY, key ID xxxxxx

Fatal error during packages installation: Public key for psa-proftpd-xinetd-1.3.5-6.el5.art.x86_64.rpm is not installed. YumBaseError: Public key for psa-proftpd-xinetd-1.3.5-6.el5.art.x86_64.rpm is not installed ERROR: Failed to run the Yum utility. The Yum utility failed to install the required packages.
Attention! Your software might be inoperable.
Please, contact product technical support.

The upgrade tool is not able to verify the public key for a package. This is mostly due to the outdated version of the repo which provides the package. In this case upgrading the atomic-release will do the job for you.

# yum upgrade atomic-release

Once this is done, re-run the upgrade !

 

EasyApache failing to rebuild ? -Part 1

Is EasyApache failing to rebuild Apache/PHP with the following error codes ?

ext/pcre/php_pcre.o: In function `pcre_get_compiled_regex':
php_pcre.c:(.text+0x31b): undefined reference to `pcre_info'
collect2: ld returned 1 exit status
make: *** [sapi/cli/php] Error 1
!! Step 6: make php for apache and cli !!
!! 'make -j2' failed with exit code '512' !!
!! Restoring original working apache !!
!! Executing '/usr/local/cpanel/scripts/initsslhttpd' !!

You can check if this is the case by tail’ng the last logs from /usr/local/cpanel/logs/easy/apache/

If the error relates to the above, it means that the pcre version installed isn’t compatible with the specific version of PHP, this can be very true if you have any custom mods like PHP 4.4.9 or so installed along with the 5.x versions.

To get around this error, remove the PHP 4.4.x support and recompile Apache/PHP via EasyApache, which should work fine.

 

Virtuozzo – Not able to start/stop a mounted VPS ?

There are many situations in which you may find a VPS in its mounted state. Usually a # vzctl start VEID, would attempt to start the container back. But there are situations in which this task would be hung in the system memory.

You may get something an error similar to this when attempting to start/stop the VE :

# vzctl stop VEID

Cannot lock container.

If you encounter this issue, check for the VE lock file, you can view the file and note the process which is being run :

# cat /vz/lock/VEID.lck

You can find a process id and the task name from the above command.  You can check what the process is by initiating :

# ps ax | grep PID

If this is some hung process waiting infinitely, try to kill the process, remove the lock file and attempt to start/stop the VE.

If the process is related to quota calculation, run the following command :

# veid=VE_ID; vzctl stop $veid; vzctl quotaoff $veid; vzctl quotainit $veid; vzctl start $veid; vzctl enter $veid

( just specify the VEID in the field VE_ID and run the above )

– Still, if you face this error, do the following on the mounted VE :

# vzctl --skiplock umount VEID

Now once the VE is unmounted, restart it.

 

Adding mod_proxy_fcgi module to httpd via EasyApache !

mod_proxy_fcgi is the FastCGI support module for mod_proxy. Using the module mod_proxy, Apache can be configured as both a forward and reverse proxy. mod_proxy_fcgi makes this possible via the protocol FastCGI. You can read more about mod_proxy from the official Apache docs given here.

To add mod_proxy_fcgi  to your Apache list of modules, do the following :

– Create a file /var/cpanel/easy/apache/rawopts/Apache2_4 ( if apache is 2.4 ) else for Apache  2.2 the file name will change to  /var/cpanel/easy/apache/rawopts/Apache2_2

– Add this line and save the file :

–with-proxy-fcgi=static

Using this custom configure flags ( rawopts) , we can pass the module mod_proxy_fcgi to be added during the next EasyApache build :

# /scripts/easyapache

How do I train SpamAssassin in a cPanel VPS ?

Getting incoming spam mails to your server can be very annoying, especially if you have already configured many settings to stop the rate of spams.

In this post, let us have a look through the SpamAssassin (SA) training which has been found very useful in cutting the rate of spam mails. SA comes with a feature in which it can learn itself over a given period of time and distinguish b/w spam mails and non-spam mails.  As a user, all you need to do is write a script to analyze the mails using this tool ‘sa-learn‘ and feed it with some examples of spam and ham mails.

The steps which will be followed are :

– Select the email account for which you wish to have this configured for and open it in webmail.

– Create two folders SA-spam and SA-ham in your mailbox

– Now SSH to your server and create a script sa-learn.sh in the document root of the domain for which you wish to have SA training enabled for.

vi /home/username/sa-learn.sh

#!/bin/sh
/usr/bin/sa-learn --no-sync --spam /home/username/mail/[domain]/[mailbox]/.SA-spam/cur

/usr/bin/sa-learn --no-sync --ham /home/username/mail/[domain]/[mailbox]/.SA-ham/cur

/usr/bin/sa-learn --sync
rm -f /home/username/mail/[domain]/[mailbox]/.SA-spam/cur
rm -f /home/username/mail/[domain]/[mailbox]/.SA-ham/cur

Replace ‘domain’ and ‘mailbox’ with your own values.

chmod 755 /home/username/sa-learn.sh

chown username.username /home/username/sa-learn.sh

– Now lets configure a cron to run this once a day,

# crontab -e -u username

and add this entry and save the cron.

0 0 * * */home/username/sa-learn.sh > /dev/null 2>&1

Once this much has been completed, you would need to feed SA with some sample mails. When the spam mails hit your mailbox, move it to SA-spam folder and also copy some of the good mails to SA-ham folder. You must keep in mind that if you move the good mails to SA-ham, after the SA processes the mails, it would delete the good mails as well. So either copy the good mails to SA-ham or make sure you do not need them in future.

Make sure your account is set as IMAP, when doing this from an email client.

Over the time, SA would train itself and it would efficiently differentiate b/w spam and non-spam mails.

 

Finding .lesshts/kthread processes? – Shellshock bug !

Are you seeing weird kthread processes being executed from user’s home directory ?

For example, if you are on cPanel, are you seeing something like the file /home/user/.lesshts/kthread running and consuming the server resources ?

This looks suspicious as a kthread running with the home directory for a long time with the CPU load shooting up !

This is due to an exploitation of the ShellShock vulnerability and you should consider patching your server’s against this bug.

You check if your server is vulnerable to ShellShock by initiating the following command via SSH :

# env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If you see the o/p as vulnerable hello, you would need to patch it.

On latest versions of CentOS/Redhat/Fedora, you might try with

# yum upgrade bash , to update the bash.

If you are running an older version of these, you would want to manually download the RPM and upgrade.

For CentOS/RHEL 4, you might use this RPM which i have attached here and then initiate a

# rpm -Uvh bash-3.0-27.0.3.el4.i386.rpm

Get relived from the Shell-Shock !

Assigning a dedicated IP to a subdomain or an addon domain !

Under normal situations, when you add a sub-domain or an addon domain, it uses the shared IP or the dedicated IP of the main domain. This post will cover on how to use a dedicated IP for an addon domain or even a sub-domain. This can be for a scenario when you require the sub-domain to have an SSL certificate.

# login to your server via SSH and edit the file  /var/cpanel/useradata/user/addondomain.maindoman.com, replace the current IP shown with the dedicated IP which you intend to.

# Run /usr/local/cpanel/bin/build_apache_conf

# Login into WHM and navigate to Main >> DNS Functions >> Edit DNS Zone >> select the desired domain for editing and update the A records now to the new IP address and click save.

#  In WHM go to  Main >> IP Functions >> Show/Edit Reserved IPs

# Reserve the IP you just used so that no new accounts can use this IP address in the future.

# Restart httpd and DNS services.

This is all about assigning a sub-domain or an add-domain with a dedicated IP.