[CVE-2017-1000253] Linux kernel security bug fixed

How to report on zdnet on their article there is a serious bug with linux kernel identified as CVE-2017-1000253:

§ Centos6 con Kernel < 2.6.32-696.10.3
§ Centos7 con Kernel 7.4 kernels < 3.10.0-693

The bug how report zdnet:

This is a problem with how the Linux kernel loaded Executable and Linkable Format (ELF) executables. If an ELF application was built as Position Independent Executable (PIE), the loader could allow part of that application’s data segment to map over the memory area reserved for its stack. This could cause memory corruption. Then, an otherwise unprivileged local user with access to a Set owner User ID (SUID) or otherwise privileged flawed PIE binary, could gain higher-level user privileges.

The bug was fixed so you must to upgrade your kernel.

I used the guide on the site tecmint.com. It was very helpful and easy, consist to install a new kernel and then switch the boot on the new kernel. Suggest to take a snapshot or a backup of your machine / virtual machine.



How to reset mysql root password

Pratical and best guide that i have tried from many that i have found on web about to reset mysql root password on linux server.

When you have this error, on you Ubuntu or Centos server (I have tried on Centos, and the user in the original post tried on Ubuntu):

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

This is the guide to reset your mysql password:

$ sudo -s

# /etc/init.d/mysql stop

# mysqld_safe –skip-grant-tables &

# mysql -u root

mysql> use mysql;

mysql> update user set password=PASSWORD(’__NEW__PASSWORD__’) where User=’root’;

mysql> flush privileges;

mysql> \q

# /etc/init.d/mysql start


And then, remember take a backup!!

mysqldump -u root -p --all-databases > alldb.sql

Thank you to http://forum.ubuntu-it.org/viewtopic.php?t=293129

VestaCP upgrade PHP 5 to PHP 7 on CentOS 6

Hi guys,
today i will show to you how to upgrade on VestaCP PHP 5.x to a 2x faster PHP 7!

At start will upgrade EPEL, remember that we use the Centos 6, so EPEL must to be the 6 version.
# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
# wget http://rpms.remirepo.net/enterprise/remi-release-6.rpm
# rpm -Uvh remi-release-6.rpm epel-release-latest-6.noarch.rpm

See what PHP version will have:
# yum list installed php*
Installed Packages
php55w.x86_64 5.5.38-1.w6
php55w-cli.x86_64 5.5.38-1.w6

See what PHP version will be available in our package:
# yum list available php* | grep php7
php70w.x86_64 7.0.11-1.w6 webtatic
php70w-bcmath.x86_64 7.0.11-1.w6 webtatic
php70w-cli.x86_64 7.0.11-1.w6 webtatic

remove the actual php 5 version:
# yum remove php*

Install the new php 7 version:
# yum install php70w php70w-cli php70w-common php70w-gd php70w-mbstring php70w-mysql php70w-pdo php70w-xml

Verify that all is good:
# php -v
PHP 7.0.11 (cli) (built: Sep 17 2016 12:52:22) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies

Restart the web server:
# service httpd restart

Thank you to Shay Anderson for his guide.

How to import big sql on Plesk 11 / 12

Do you need to import a big sql on your plesk and don’t know how to do?
It’s simple and very fast.
Connect throw ssh on your server and access to mysql console:

mysql -uadmin -p`cat /etc/psa/.psa.shadow`

Then is simple, just select the database and execute our sql file.
We must to upload on the server the .sql file that we want to import, if we can optimize the upload process we can upload a zipped sql so then on the server just execute:
unzip ourfile.sql.zip

Now select the database:
use name_database;

Execute the sql file:
source path_to_file.sql

In a few second the big sql is uploaded!

Plesk 12 Centos 6 install OpenDKIM

Plesk opendkim

Today i fought with Plesk 12 and Centos 6 to install OpenDKIM with DOMAIN KEY and SPF.

For domain key and spf is simple, just for each domain on plesk directly active it in the setting mail.

OpenDKIM is a service that must be installed on centos directly.
Let’s start!

Install opendkim and opendkim tools:

yum update
wget -P /tmp http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh /tmp/epel-release-6-8.noarch.rpm
rm -f /tmp/epel-release-6-8.noarch.rpm
yum install opendkim opendkim-tools

Now we must to create the directory that can be used than with opendkim for keys generation

mkdir -pv /etc/opendkim/keys
chown -Rv opendkim:opendkim /etc/opendkim
chmod go-rwx /etc/opendkim/*

touch /etc/opendkim/KeyTable
touch /etc/opendkim/SigningTable
touch /etc/opendkim/TrustedHosts

Then to simple generate the key and assign the domain to trusted host and signing table, create a simple script.

Create the file:


and put in it:

# /opt/generatedkim.sh
die () {
echo >&2 "$@"
exit 1

[ “$#” -eq 1 ] || die “1 argument required, $# provided, domain required, ex: ./script example.com”

[ -d “$location” ] && die “There is already a directory in the folder, delete folder if you want to create a new one”

mkdir -p “$location”
cd “$location”
opendkim-genkey -d $1 -s mail
chown opendkim:opendkim *
chown opendkim:opendkim “$location”
chmod u=rw,go-rwx *
echo “$1 $1:mail:$location/mail.private” >> “$opendkim/KeyTable”
echo “*@$1 $1” >> “$opendkim/SigningTable”
echo “$1” >> “$opendkim/TrustedHosts”
echo “mail.$1” >> “$opendkim/TrustedHosts”
echo “Put this in the DNS ZONE for domain: $1”
cat “$location/mail.txt”
cd “$cwd”

Now we must use it to generate the domain keys and dns record:

/opt/generatedkim.sh test.de

Put this in the DNS ZONE for domain: test.de

mail._domainkey IN TXT “v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPzE0GmvFwAQsgcFzopy4zMNWUbL6JM5XIyjBy3bUnANI5axeb
YtElhLupHyfcxQhfNLU4z9JUOJKPjcpMZCj0Xv873QgVOl+7U605JdBHSPOx4ybBZwDq68cw9YFYRPmEwIDAQAB” ; —– DKIM key mail for test.de

Create the record dns as the script put out on your domain dns zone.

Remember that if you restart the server you must go up the service of opendkim!!

Thank you to matoski.com

Nodejs 5.5 installed on Plesk 12 with Centos 6

This morning i change my vps on OVH taken other of series VPS Cloud 2016.
I’have installed plesk 12.5 the latest version, but when i try to install nodejs 5.5 on centos it say:

WARNING: C++ compiler too old, need g++ 4.8 or clang++ 3.4 (CXX=g++)

when i try to ./configure it.

I have searched how to install the newer compiler tools on centos

sudo curl http://linuxsoft.cern.ch/cern/scl/slc6-scl.repo > /etc/yum.repos.d/slc6-scl.repo
sudo rpm –import http://ftp.mirrorservice.org/sites/ftp.scientificlinux.org/linux/scientific/51/i386/RPM-GPG-KEYs/RPM-GPG-KEY-cern
sudo yum install -y devtoolset-3

And if you want to utilize it without set environment variables:

scl enable devtoolset-3 bash

And then you can continue with the install of nodejs with the operation of:

wget http://nodejs.org/dist/node-latest.tar.gz
tar zxvf node-latest.tar.gz
cd node-v5.5.0/   //it may change version.
sudo make install