[CVE-2017-1000253] Linux kernel security bug fixed

How to report on zdnet on their article there is a serious bug with linux kernel identified as CVE-2017-1000253:

§ Centos6 con Kernel < 2.6.32-696.10.3
§ Centos7 con Kernel 7.4 kernels < 3.10.0-693

The bug how report zdnet:

This is a problem with how the Linux kernel loaded Executable and Linkable Format (ELF) executables. If an ELF application was built as Position Independent Executable (PIE), the loader could allow part of that application’s data segment to map over the memory area reserved for its stack. This could cause memory corruption. Then, an otherwise unprivileged local user with access to a Set owner User ID (SUID) or otherwise privileged flawed PIE binary, could gain higher-level user privileges.

The bug was fixed so you must to upgrade your kernel.

I used the guide on the site tecmint.com. It was very helpful and easy, consist to install a new kernel and then switch the boot on the new kernel. Suggest to take a snapshot or a backup of your machine / virtual machine.

 

 

How to reset mysql root password

Pratical and best guide that i have tried from many that i have found on web about to reset mysql root password on linux server.

When you have this error, on you Ubuntu or Centos server (I have tried on Centos, and the user in the original post tried on Ubuntu):

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

This is the guide to reset your mysql password:

$ sudo -s

# /etc/init.d/mysql stop

# mysqld_safe –skip-grant-tables &

# mysql -u root

mysql> use mysql;

mysql> update user set password=PASSWORD(’__NEW__PASSWORD__’) where User=’root’;

mysql> flush privileges;

mysql> \q

# /etc/init.d/mysql start

 

And then, remember take a backup!!

mysqldump -u root -p --all-databases > alldb.sql

Thank you to http://forum.ubuntu-it.org/viewtopic.php?t=293129

How to import big sql on Plesk 11 / 12

Do you need to import a big sql on your plesk and don’t know how to do?
It’s simple and very fast.
Connect throw ssh on your server and access to mysql console:

mysql -uadmin -p`cat /etc/psa/.psa.shadow`

Then is simple, just select the database and execute our sql file.
We must to upload on the server the .sql file that we want to import, if we can optimize the upload process we can upload a zipped sql so then on the server just execute:
unzip ourfile.sql.zip

Now select the database:
use name_database;

Execute the sql file:
source path_to_file.sql

In a few second the big sql is uploaded!

Plesk 12 Centos 6 install OpenDKIM

Plesk opendkim

Today i fought with Plesk 12 and Centos 6 to install OpenDKIM with DOMAIN KEY and SPF.

For domain key and spf is simple, just for each domain on plesk directly active it in the setting mail.

OpenDKIM is a service that must be installed on centos directly.
Let’s start!

Install opendkim and opendkim tools:

yum update
wget -P /tmp http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh /tmp/epel-release-6-8.noarch.rpm
rm -f /tmp/epel-release-6-8.noarch.rpm
yum install opendkim opendkim-tools

Now we must to create the directory that can be used than with opendkim for keys generation

mkdir -pv /etc/opendkim/keys
chown -Rv opendkim:opendkim /etc/opendkim
chmod go-rwx /etc/opendkim/*

touch /etc/opendkim/KeyTable
touch /etc/opendkim/SigningTable
touch /etc/opendkim/TrustedHosts

Then to simple generate the key and assign the domain to trusted host and signing table, create a simple script.

Create the file:

/opt/generatedkim.sh

and put in it:


#!/bin/bash
# /opt/generatedkim.sh
die () {
echo >&2 "$@"
exit 1
}

[ “$#” -eq 1 ] || die “1 argument required, $# provided, domain required, ex: ./script example.com”

cwd=`pwd`
opendkim=”/etc/opendkim”
location=”$opendkim/keys/$1″
[ -d “$location” ] && die “There is already a directory in the folder, delete folder if you want to create a new one”

mkdir -p “$location”
cd “$location”
opendkim-genkey -d $1 -s mail
chown opendkim:opendkim *
chown opendkim:opendkim “$location”
chmod u=rw,go-rwx *
echo “$1 $1:mail:$location/mail.private” >> “$opendkim/KeyTable”
echo “*@$1 $1” >> “$opendkim/SigningTable”
echo “$1” >> “$opendkim/TrustedHosts”
echo “mail.$1” >> “$opendkim/TrustedHosts”
echo
echo “Put this in the DNS ZONE for domain: $1”
echo
cat “$location/mail.txt”
echo
cd “$cwd”

Now we must use it to generate the domain keys and dns record:


/opt/generatedkim.sh test.de

Put this in the DNS ZONE for domain: test.de

mail._domainkey IN TXT “v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPzE0GmvFwAQsgcFzopy4zMNWUbL6JM5XIyjBy3bUnANI5axeb
/Lw/GBjUoSFLEiO80Tt8m3A5YrBKcodRQQURYiW6/
YtElhLupHyfcxQhfNLU4z9JUOJKPjcpMZCj0Xv873QgVOl+7U605JdBHSPOx4ybBZwDq68cw9YFYRPmEwIDAQAB” ; —– DKIM key mail for test.de

Create the record dns as the script put out on your domain dns zone.

Remember that if you restart the server you must go up the service of opendkim!!

Thank you to matoski.com